e1fdb1416cbb7661a80e0f4aaa4868b121f3a3de20a7c3c7863d247cdfad5932

Analysis

max time kernel
135s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:41 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6092438fe4ac0ba162eababd8a9bcf60.html
Size

14KB
MD5

6092438fe4ac0ba162eababd8a9bcf60
SHA1

ef99335f8c617fb002f0e45ee4b79953ed7c95bd
SHA256

e1fdb1416cbb7661a80e0f4aaa4868b121f3a3de20a7c3c7863d247cdfad5932
SHA512

9dcf339496c65e3fff223eccf80f19e62f63da544804d5820507703ebf64b5c9d0fa2913afa724d518871d603cfe88ec66cea38aadb1a7a0f1c03c90c0a3adb6
SSDEEP

192:5qbLhw5jcLcOK8lCxU5hzqDESjsYqRdkfkGIRaRs1udkWEiB19jN/jI8dA8nd0Yv:5cwcLYM1udOIjtjIjk0JwOri9g2V

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 57 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1783959061"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080556"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080556"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080556"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1783959061"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411288676"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01b70916c40da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080556"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1848377204"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000b64d64ac95a9cdf4c84adc14943c943c16c9103c880f3d0194ecfe73f41b9136000000000e800000000200002000000063d12878f96ae7837f81e675c5056f61e03e2a964e3b3fd1133a5ff56cfb9d2b20000000b97a19fceb5c504565a7583133d173ec7c50cd00d56091627c8acc4cdcd129c840000000815f063b6036b03d805bf878858731195074313c2b8645f6fdd0296f7b6d4cac11612fa542f76ee4b1709dbcd1eb734c579f93eb80325de2f2398f16b989d0a6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1848336925"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000dae658ea0468340440aaec14e892b37033056806257c27c2d2bf53e6d83a3379000000000e8000000002000020000000e2b18098f29c2b4b9603fe1031147d1a84872556785821479b8969d3b388ae2f20000000624fa35e2c4c9ef9b91b23f9f2577abb174339db188e7f5d6e3e61df5bce0fe140000000ccfbbe0dc990636226acdd18920ec601e08fe2f96028309558c32c56f0d7047ea618e3122b0a0e2cabe5ee31bc25dedf45d3fbf169551b537e5e3b08d16ff39b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{934239C8-AC5F-11EE-8024-5A2E32B6DBC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2046d29d6c40da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1140	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1140	iexplore.exe
1140	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 2056	1140	iexplore.exe	88
PID 1140 wrote to memory of 2056	1140	iexplore.exe	88
PID 1140 wrote to memory of 2056	1140	iexplore.exe	88

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6092438fe4ac0ba162eababd8a9bcf60.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

DNS

1.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.181.190.20.in-addr.arpa

IN PTR

Response
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

sharegods.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sharegods.com

IN A

Response

sharegods.com

IN CNAME

traff-5.hugedomains.com

traff-5.hugedomains.com

IN CNAME

hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com

hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com

IN A

54.161.222.85

hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com

IN A

34.205.242.146
DNS

sharegods.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sharegods.com

IN A
DNS

www.freestats.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.freestats.net

IN A

Response

www.freestats.net

IN CNAME

freestats.net

freestats.net

IN A

5.135.162.57
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
GET

http://www.freestats.net/counter.php?i=669&r=&e=file%3A//C%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6092438fe4ac0ba162eababd8a9bcf60.html&n=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&p=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&g=file%3A///C%3A/Users/Admin/AppData/Local/Temp/6092438fe4ac0ba162eababd8a9bcf60.html&l=en-US&sd=24&sw=1280x720

IEXPLORE.EXE

Remote address:

5.135.162.57:80

Request

GET /counter.php?i=669&r=&e=file%3A//C%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6092438fe4ac0ba162eababd8a9bcf60.html&n=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&p=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&g=file%3A///C%3A/Users/Admin/AppData/Local/Temp/6092438fe4ac0ba162eababd8a9bcf60.html&l=en-US&sd=24&sw=1280x720 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.freestats.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 06:48:42 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Set-Cookie: CC_COUNTER_CHECK_669=1; expires=Sat, 06-Jan-2024 23:00:00 GMT
P3P: CP=\"NOI DSP COR NID ADMa SAMa BUS COM STA\"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/png
DNS

IEXPLORE.EXE

Remote address:

54.161.222.85:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

http://sharegods.com/promo-7.php?pin=101136&query=Download%20Gammadyne%20Mailer%20v4.0&domain=dlfiles.com

IEXPLORE.EXE

Remote address:

54.161.222.85:80

Request

GET /promo-7.php?pin=101136&query=Download%20Gammadyne%20Mailer%20v4.0&domain=dlfiles.com HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sharegods.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Sat, 06 Jan 2024 06:48:47 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
DNS

57.162.135.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.162.135.5.in-addr.arpa

IN PTR

Response

57.162.135.5.in-addr.arpa

IN PTR

ns3310665ip-5-135-162eu
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

85.222.161.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.222.161.54.in-addr.arpa

IN PTR

Response

85.222.161.54.in-addr.arpa

IN PTR

ec2-54-161-222-85 compute-1 amazonawscom
DNS

85.222.161.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.222.161.54.in-addr.arpa

IN PTR
DNS

85.222.161.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.222.161.54.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

www.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.hugedomains.com

IN A

Response

www.hugedomains.com

IN A

172.67.70.191

www.hugedomains.com

IN A

104.26.6.37

www.hugedomains.com

IN A

104.26.7.37
DNS

www.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.hugedomains.com

IN A
DNS

www.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.hugedomains.com

IN A
DNS

www.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.hugedomains.com

IN A
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
GET

https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /domain_profile.cfm?d=sharegods.com HTTP/2.0
host: www.hugedomains.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
set-cookie: site_version_phase=108; expires=Tue, 31-Dec-2024 06:48:52 GMT; path=/
set-cookie: site_version=HDv3; expires=Tue, 31-Dec-2024 06:48:52 GMT; path=/
set-cookie: captcha-tracker=; expires=Fri, 05-Jan-2024 06:48:52 GMT; path=/
x-powered-by: ASP.NET
lb: TclPrdLbHd3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MWp8csDQkhXkthAtL8hnI0lRl8X1YSVbfGZuccWw9tjdMmQjp5p4YSO0FAe1YKJNWpGJ0OMoysd99p%2F6Z67GLLLlEmBZtfwG2%2Fk5Z%2FcUJTyKI4jtghqGfsRcpl0Hv8Qw3a%2BgMbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8412048d0cb57723-LHR
content-encoding: gzip
GET

https://www.hugedomains.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.hugedomains.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: site_version_phase=108; site_version=HDv3; _ga_SK8LQSM564=GS1.1.1704523743.1.0.1704523744.59.0.0; _ga=GA1.2.1194709269.1704523744; _gid=GA1.2.618266645.1704523744; _gat_gtag_UA_7117339_4=1

Response

HTTP/2.0 302

date: Sat, 06 Jan 2024 06:49:44 GMT
content-encoding: gzip
vary: accept-encoding
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7aeRFFKoE%2B3s3SWnxZLbs1ztGYCYxcmCSOCa5Zf5Vz5skyqhYkRPVol%2BC3fsWfdsJwg6RUtK14YPODEhU8MZdq0KcbJFVS5kPXKQ2oYxaGdGVURIIRiIDlrqPdCB0EXFVbXsCM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841205d2ca0d7723-LHR
GET

https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js HTTP/2.0
host: www.hugedomains.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: site_version_phase=108; site_version=HDv3; _ga_SK8LQSM564=GS1.1.1704523743.1.0.1704523744.59.0.0; _ga=GA1.2.1194709269.1704523744; _gid=GA1.2.618266645.1704523744; _gat_gtag_UA_7117339_4=1

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:49:44 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iN60WP2NN4D23Twnj4c7EdUg%2BKi%2F4YLSBS2lejUyTUXlLcJ0WSAZzaJS3hJDMAWT8hgl52N7UFIj1lD4WLqaXDVNHbsvryaOXiAC0ACIpx5XaFjfxCZ4snUHP8lYKn3P8yZFSDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841205d31a527723-LHR
OPTIONS

https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/jsd/r/8412048d0cb57723

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

OPTIONS /cdn-cgi/challenge-platform/h/g/jsd/r/8412048d0cb57723 HTTP/2.0
host: www.hugedomains.com
accept: */*
origin: https://www.hugedomains.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 400

date: Sat, 06 Jan 2024 06:49:44 GMT
content-type: application/json
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out: U+C3C5irA0ytNpcebkyV5A==$eBZ6IfgXg21EoD3v25zC3A==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5n0MXAdqamkeKK0sRqmUeF7Z%2F0NbfIl2IeGZR5R1g1mcY5i9UgMvgXKo8fBVhFzb0u04Oko6PZJM87EZF2rnRh82nxAcktMqUoZsD27TtLtUnDNmz0V1FZN0GwHVwtSuOZcsE8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841205d3eae27723-LHR
DNS

cdn.jsdelivr.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.193.229
DNS

static.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.hugedomains.com

IN A

Response

static.hugedomains.com

IN A

104.26.7.37

static.hugedomains.com

IN A

104.26.6.37

static.hugedomains.com

IN A

172.67.70.191
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
GET

https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

IEXPLORE.EXE

Remote address:

151.101.1.229:443

Request

GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/2.0
host: cdn.jsdelivr.net
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 06 Jan 2024 06:48:53 GMT
age: 3291676
x-served-by: cache-fra-eddf8230072-FRA, cache-lcy-eglc8600026-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3096
GET

https://static.hugedomains.com/images/hdv3-img/care.png

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /images/hdv3-img/care.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: image/png
content-length: 708
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1906
etag: "a9c92cd6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 2174
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sm5KNb7JwdwyPYtS5P%2FT50aQJqEjS5SFocrYcA9aL6aU7zUC6e4gEb2bqx%2BPzff1Eecga9WAalwELJJvE3IAlLDwX5z3VPrnArZ5bTsKIeWL7xIi%2FjpeeuPwIu80iUJHWlD8wY1zTB4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 841204904e9f368f-LHR
GET

https://static.hugedomains.com/css/hdv3-css/reboot.min.css

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /css/hdv3-css/reboot.min.css HTTP/2.0
host: static.hugedomains.com
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: text/css
content-length: 1580
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 18:51:51 GMT
etag: "80fd745223f9d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5156
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69hyhrhTmARCfkebD%2Filo0W3TIjxpjngNnE1TT6e34DbXibjTpzAntCWQ6OCvvKfcu64nJlHPq2QhRDj%2FvEDh0JlIy%2B32sj7CAlqOOxu2wliMHwCIkZ%2BwL61pllA0%2BFLhUU%2BU0TY4PM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841204904ea0368f-LHR
GET

https://static.hugedomains.com/css/hdv3-css/style.css?r=20201105a

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /css/hdv3-css/style.css?r=20201105a HTTP/2.0
host: static.hugedomains.com
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: image/png
content-length: 4310
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6473
etag: "32f437d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:32 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 4458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BknAjlUJiA2RjVxVYVXcQBe88inOhQG9kPQVtpPQndWlkKes4cQjQKQfL53qW%2Bg1vWVN0W5a4xm%2FpkvCCjRPkNkJ8G41veRNdcUCAGPh3bucPCczFO328lFfnRDMxDccq%2FYdX%2F%2F4Nrw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 841204904ea4368f-LHR
GET

https://static.hugedomains.com/css/hdv3-css/responsive.css?r=20201105a

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /css/hdv3-css/responsive.css?r=20201105a HTTP/2.0
host: static.hugedomains.com
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: application/javascript
content-length: 30217
content-encoding: gzip
last-modified: Mon, 20 Jul 2020 17:04:33 GMT
etag: "8026d0d6b75ed61:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5445
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FfvDoKNdVBD%2FRXkCdLiDJ165bnp0uXcrvJutRRNSyfRGCICQneseIH4GV%2BoxpVdX0QXhog9IYMTFJQePjxw5D0qLy%2FOHq2WMjn6cRIfNcLhDw0fE1JbiwyNlGRbc07XMcFvCV20Nujo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841204904ea7368f-LHR
GET

https://static.hugedomains.com/images/hdv3-img/logo.png

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /images/hdv3-img/logo.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: image/png
content-length: 743
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2415
etag: "524238d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:32 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yinBvYz0fvrD4ggKwdEuCVOir%2BUhRKaduLMv6k4EoYP88F0a0UPQwX%2Bjl%2BOJMMJxxMpStYwosLKCWDDYFnQO9QAVa9xSrl1lbK40Fs2Q5cYKdJvZAtszbd28pf6R%2F3z53ANacdwxnL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 841204904ea6368f-LHR
GET

https://static.hugedomains.com/images/hdv3-img/phone-icon.png

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /images/hdv3-img/phone-icon.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: image/png
content-length: 1507
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=3413
etag: "8d4636d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 6524
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5y4jCH1MkfVzCzuQq1sb4j%2Fpxs9kAWF%2F7o3xXpCniCULNIpfimsm5%2BkDnB87DZb6YBXlkAinwEjXBXSUCGB632Ovtc2cdDqEGisIPOyEdPK%2F%2B%2FQWe6uKFAq150cY5%2BvKIKkSOBt55%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 841204904eab368f-LHR
GET

https://static.hugedomains.com/js/hdv3-js/jquery.min.js

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /js/hdv3-js/jquery.min.js HTTP/2.0
host: static.hugedomains.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: image/png
content-length: 2799
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5589
etag: "ece634d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 2248
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSXlyhf6WAYQiqagYXVUOTdoZcUhJrSR%2B5i5yHgX6T0%2Bl6RroYfMm0W6rsRMEJuNR71xBU5u2GirAHO8yjOwleMH%2FQpwBcEUvj5I%2FHWt%2FAZ67Yw%2FlrIIUgcNW8mtgjYYR9ziWZN8oJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 841204904eac368f-LHR
GET

https://static.hugedomains.com/js/hdv3-js/script.js

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /js/hdv3-js/script.js HTTP/2.0
host: static.hugedomains.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: text/css
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=94946
etag: W/"0d7c84c993eda1:0"
last-modified: Wed, 03 Jan 2024 23:05:10 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 1859
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBMuO8u0MkNdthx1XSQ1p9Lm1lgQXa7U%2FoNQ%2Bl3Fh7vwzeOB58r4d3nhWPWoK4Egvp32tCeaSN4oL7DJ7j%2B5%2FhoNV4iyoUIpHmknB%2Fb3j2Bqf0j5GoIs6IeL7T%2F5ZvfveBc9dvPSx9w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841204904ea3368f-LHR
content-encoding: gzip
GET

https://static.hugedomains.com/images/hdv3-img/guarant-footer.png

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /images/hdv3-img/guarant-footer.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: image/png
content-length: 2578
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5035
etag: "741f36d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 5224
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qhxJtH3%2B2YVI8w5S12sKZCAQWRI09R8qwLqomj8gqYGFmaLLaJzk%2Bp%2FFq4kBRZEWnqfCt9IxINrl7ifZlffG7v1xFU34m6iUDwnCJq6BekTFQsxYCHQmMqeJxPKVgnBodpaXBK0htI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 841204904ead368f-LHR
GET

https://static.hugedomains.com/images/hdv3-img/escrow.png

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /images/hdv3-img/escrow.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=16782
etag: W/"04e7c371aebd81:0"
last-modified: Fri, 28 Oct 2022 22:11:24 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 5009
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgXEQvKBj%2BowT9Pgubm7%2FP2uldFZ6eNmVJJPTZrdVq%2F%2FuW%2BvJwjF82uRhFldr2NKo61fmFRL%2BoQQo6T47n80V36x9cUrXZgPoubKDnlzzAzbLaqJ4gw9UokHfjTCGf%2B6HM14Nenqmk8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841204904ea9368f-LHR
content-encoding: gzip
GET

https://static.hugedomains.com/images/hdv3-img/geo.png

IEXPLORE.EXE

Remote address:

104.26.7.37:443

Request

GET /images/hdv3-img/geo.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 06 Jan 2024 06:48:52 GMT
content-type: text/css
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=231923
etag: W/"044c5e7b22fda1:0"
last-modified: Sat, 16 Dec 2023 00:00:40 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 1859
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JjLPB2p8ZYzG7rCn8A16Fce4deZP3QNh0uWA2%2BDtvR2%2FVXzka3j38jijmSayCE2SYxJyC5Yw7Mqfp6D2iFtfB9eLR8nFUze6OK3%2ByCVdj1Q7pxU9Gx3HQ6b3nmM6HOIKu98X%2Beu0vhI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841204904ea2368f-LHR
content-encoding: gzip
GET

https://www.google.com/recaptcha/api.js

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api.js HTTP/2.0
host: www.google.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
expires: Sat, 06 Jan 2024 06:48:53 GMT
date: Sat, 06 Jan 2024 06:48:53 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=xsr7rdmvch26

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=xsr7rdmvch26 HTTP/2.0
host: www.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jan 2024 06:49:44 GMT
content-security-policy: script-src 'nonce-BQrqtGySlcVgQZaYbE6kQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/js/bg/oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10.js

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /js/bg/oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10.js HTTP/2.0
host: www.google.com
accept: application/javascript, */*;q=0.8
referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=xsr7rdmvch26
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 10441
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 02:18:08 GMT
expires: Wed, 01 Jan 2025 02:18:08 GMT
cache-control: public, max-age=31536000
age: 361898
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu HTTP/2.0
host: www.google.com
accept: application/javascript, */*;q=0.8
referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=xsr7rdmvch26
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 06 Jan 2024 06:49:47 GMT
date: Sat, 06 Jan 2024 06:49:47 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549 HTTP/2.0
host: www.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 06:49:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh HTTP/2.0
host: www.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jan 2024 06:49:52 GMT
content-security-policy: script-src 'nonce-EoIQAkmGs7-xKLz6jDqvKg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

191.70.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.70.67.172.in-addr.arpa

IN PTR

Response
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR

Response
DNS

use.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

use.typekit.net

IN A

Response

use.typekit.net

IN CNAME

use-stls.adobe.com.edgesuite.net

use-stls.adobe.com.edgesuite.net

IN CNAME

a1988.dscg1.akamai.net

a1988.dscg1.akamai.net

IN A

88.221.134.88

a1988.dscg1.akamai.net

IN A

88.221.134.115
GET

https://use.typekit.net/zyw6mds.css

IEXPLORE.EXE

Remote address:

88.221.134.88:443

Request

GET /zyw6mds.css HTTP/2.0
host: use.typekit.net
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 588
date: Sat, 06 Jan 2024 06:48:53 GMT
GET

https://use.typekit.net/af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

IEXPLORE.EXE

Remote address:

88.221.134.88:443

Request

GET /af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 HTTP/2.0
host: use.typekit.net
accept: */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.hugedomains.com
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/font-woff
content-length: 23772
etag: "98e73879b397d0b98b8a96538c3271fce677cf5c"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Sat, 06 Jan 2024 06:49:14 GMT
DNS

37.7.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.7.26.104.in-addr.arpa

IN PTR

Response
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR

Response

4.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f41e100net
DNS

232.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.187.250.142.in-addr.arpa

IN PTR

Response

232.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f81e100net
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

p.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

p.typekit.net

IN A

Response

p.typekit.net

IN CNAME

p.typekit.net-stls-v3.edgesuite.net

p.typekit.net-stls-v3.edgesuite.net

IN CNAME

a1874.dscg1.akamai.net

a1874.dscg1.akamai.net

IN A

88.221.135.104

a1874.dscg1.akamai.net

IN A

88.221.134.122
GET

https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css

IEXPLORE.EXE

Remote address:

88.221.135.104:443

Request

GET /p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css HTTP/2.0
host: p.typekit.net
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: text/css
content-length: 5
last-modified: Fri, 14 Jul 2023 12:46:57 GMT
etag: "64b143c1-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Sat, 06 Jan 2024 06:48:53 GMT
DNS

88.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.134.221.88.in-addr.arpa

IN PTR

Response

88.134.221.88.in-addr.arpa

IN PTR

a88-221-134-88deploystaticakamaitechnologiescom
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

104.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.135.221.88.in-addr.arpa

IN PTR

Response

104.135.221.88.in-addr.arpa

IN PTR

a88-221-135-104deploystaticakamaitechnologiescom
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR
DNS

secure.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

secure.statcounter.com

IN A

Response

secure.statcounter.com

IN A

104.20.95.138

secure.statcounter.com

IN A

104.20.94.138
DNS

secure.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

secure.statcounter.com

IN A
DNS

138.95.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.95.20.104.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

region1.analytics.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.32.36

region1.analytics.google.com

IN A

216.239.34.36
DNS

region1.analytics.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A
DNS

stats.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

142.251.173.155

stats.g.doubleclick.net

IN A

142.251.173.157

stats.g.doubleclick.net

IN A

142.251.173.154

stats.g.doubleclick.net

IN A

142.251.173.156
DNS

www.google.co.uk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.35
DNS

www.google.co.uk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.35
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SK8LQSM564&cid=1194709269.1704523744&gtm=45je4130v9126319911&aip=1&dma=0&gcd=11l1l1l1l1&z=905612064

IEXPLORE.EXE

Remote address:

172.217.169.35:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SK8LQSM564&cid=1194709269.1704523744&gtm=45je4130v9126319911&aip=1&dma=0&gcd=11l1l1l1l1&z=905612064 HTTP/2.0
host: www.google.co.uk
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 06:49:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549

IEXPLORE.EXE

Remote address:

172.217.169.35:443

Request

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549 HTTP/2.0
host: www.google.co.uk
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 06:49:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SK8LQSM564&cid=1194709269.1704523744&gtm=45je4130v9126319911&aip=1&dma=0&gcd=11l1l1l1l1

IEXPLORE.EXE

Remote address:

142.251.173.155:443

Request

GET /g/collect?v=2&tid=G-SK8LQSM564&cid=1194709269.1704523744&gtm=45je4130v9126319911&aip=1&dma=0&gcd=11l1l1l1l1 HTTP/2.0
host: stats.g.doubleclick.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Sat, 06 Jan 2024 06:49:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&gjid=431912532&_gid=618266645.1704523744&_u=4CDAAUAAAAAAACAAI~&z=1764787488

IEXPLORE.EXE

Remote address:

142.251.173.155:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&gjid=431912532&_gid=618266645.1704523744&_u=4CDAAUAAAAAAACAAI~&z=1764787488 HTTP/2.0
host: stats.g.doubleclick.net
accept: */*
content-type: text/plain
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
origin: https://www.hugedomains.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

access-control-allow-origin: https://www.hugedomains.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 06 Jan 2024 06:49:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 7
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=40957

IEXPLORE.EXE

Remote address:

216.239.32.36:443

Request

GET /g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=40957 HTTP/2.0
host: region1.analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Sat, 06 Jan 2024 06:49:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&_et=21&tfd=40987

IEXPLORE.EXE

Remote address:

216.239.32.36:443

Request

GET /g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&_et=21&tfd=40987 HTTP/2.0
host: region1.analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Sat, 06 Jan 2024 06:49:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
DNS

36.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.32.239.216.in-addr.arpa

IN PTR

Response
DNS

155.173.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.173.251.142.in-addr.arpa

IN PTR

Response

155.173.251.142.in-addr.arpa

IN PTR

wi-in-f1551e100net
DNS

35.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.169.217.172.in-addr.arpa

IN PTR

Response

35.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f31e100net
DNS

crl.usertrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

crl.usertrust.com

IN A

Response

crl.usertrust.com

IN CNAME

crl.comodoca.com.cdn.cloudflare.net

crl.comodoca.com.cdn.cloudflare.net

IN A

104.18.38.233

crl.comodoca.com.cdn.cloudflare.net

IN A

172.64.149.23
GET

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

IEXPLORE.EXE

Remote address:

104.18.38.233:80

Request

GET /USERTrustRSACertificationAuthority.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.usertrust.com

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 06:49:31 GMT
Content-Type: application/pkix-crl
Content-Length: 1275
Connection: keep-alive
Last-Modified: Fri, 05 Jan 2024 11:24:44 GMT
ETag: "6597e6fc-4fb"
X-CCACDN-Mirror-ID: sscrl2
Cache-Control: max-age=14400, s-maxage=3600
Expires: Fri, 12 Jan 2024 11:24:44 GMT
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1796
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 84120585284b6395-LHR
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 679484
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CA3527B9F32D45A0AD9198C03BA392DE Ref B: LON04EDGE1006 Ref C: 2024-01-06T06:49:37Z
date: Sat, 06 Jan 2024 06:49:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 481315
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A6DE603100064D20BCA51268C5AC589D Ref B: LON04EDGE1006 Ref C: 2024-01-06T06:49:37Z
date: Sat, 06 Jan 2024 06:49:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301490_1LPSK7N2TS8HCTMAM&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301490_1LPSK7N2TS8HCTMAM&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 376372
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2EC0A257F3C64C2F8962F1E305A1A3B6 Ref B: LON04EDGE1006 Ref C: 2024-01-06T06:49:37Z
date: Sat, 06 Jan 2024 06:49:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 506566
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4224D0E2506D42ECB55EB9D6AC04E625 Ref B: LON04EDGE1006 Ref C: 2024-01-06T06:49:37Z
date: Sat, 06 Jan 2024 06:49:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301057_1JHF9NK2IDFKNUSZM&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301057_1JHF9NK2IDFKNUSZM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 401290
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7451569AE72B4F9DAB99691AF0AF1349 Ref B: LON04EDGE1006 Ref C: 2024-01-06T06:49:37Z
date: Sat, 06 Jan 2024 06:49:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 580828
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3494FE527034AED8ECA299AE0A8689D Ref B: LON04EDGE1006 Ref C: 2024-01-06T06:49:46Z
date: Sat, 06 Jan 2024 06:49:46 GMT
DNS

131.72.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.72.42.20.in-addr.arpa

IN PTR

Response
DNS

131.72.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.72.42.20.in-addr.arpa

IN PTR

20.231.121.79:80

260 B
5
5.135.162.57:80

http://www.freestats.net/counter.php?i=669&r=&e=file%3A//C%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6092438fe4ac0ba162eababd8a9bcf60.html&n=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&p=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&g=file%3A///C%3A/Users/Admin/AppData/Local/Temp/6092438fe4ac0ba162eababd8a9bcf60.html&l=en-US&sd=24&sw=1280x720

http

IEXPLORE.EXE

1.5kB
1.5kB
13
5

HTTP Request

GET http://www.freestats.net/counter.php?i=669&r=&e=file%3A//C%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6092438fe4ac0ba162eababd8a9bcf60.html&n=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&p=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20WOW64%3B%20Trident/7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0%29%20like%20Gecko&g=file%3A///C%3A/Users/Admin/AppData/Local/Temp/6092438fe4ac0ba162eababd8a9bcf60.html&l=en-US&sd=24&sw=1280x720

HTTP Response

200
5.135.162.57:80

www.freestats.net

IEXPLORE.EXE

340 B
236 B
7
5
54.161.222.85:80

sharegods.com

http

IEXPLORE.EXE

334 B
365 B
7
3

HTTP Response

408
54.161.222.85:80

http://sharegods.com/promo-7.php?pin=101136&query=Download%20Gammadyne%20Mailer%20v4.0&domain=dlfiles.com

http

IEXPLORE.EXE

1.3kB
668 B
13
5

HTTP Request

GET http://sharegods.com/promo-7.php?pin=101136&query=Download%20Gammadyne%20Mailer%20v4.0&domain=dlfiles.com

HTTP Response

302
172.67.70.191:443

https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/jsd/r/8412048d0cb57723

tls, http2

IEXPLORE.EXE

2.6kB
12.5kB
33
27

HTTP Request

GET https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com

HTTP Response

200

HTTP Request

GET https://www.hugedomains.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

HTTP Response

200

HTTP Request

OPTIONS https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/jsd/r/8412048d0cb57723

HTTP Response

400
172.67.70.191:443

www.hugedomains.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
15
9
151.101.1.229:443

https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

tls, http2

IEXPLORE.EXE

1.8kB
9.5kB
22
19

HTTP Request

GET https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

HTTP Response

200
151.101.1.229:443

cdn.jsdelivr.net

tls, http2

IEXPLORE.EXE

1.4kB
5.6kB
17
14
104.26.7.37:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.3kB
3.6kB
16
9
104.26.7.37:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.3kB
3.6kB
15
9
104.26.7.37:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.3kB
3.6kB
15
9
104.26.7.37:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
14
9
104.26.7.37:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.3kB
3.6kB
15
9
104.26.7.37:443

https://static.hugedomains.com/images/hdv3-img/geo.png

tls, http2

IEXPLORE.EXE

6.3kB
100.3kB
109
95

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/care.png

HTTP Request

GET https://static.hugedomains.com/css/hdv3-css/reboot.min.css

HTTP Request

GET https://static.hugedomains.com/css/hdv3-css/style.css?r=20201105a

HTTP Request

GET https://static.hugedomains.com/css/hdv3-css/responsive.css?r=20201105a

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/logo.png

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/phone-icon.png

HTTP Request

GET https://static.hugedomains.com/js/hdv3-js/jquery.min.js

HTTP Request

GET https://static.hugedomains.com/js/hdv3-js/script.js

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/guarant-footer.png

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/escrow.png

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/geo.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
142.250.200.4:443

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh

tls, http2

IEXPLORE.EXE

6.3kB
50.7kB
81
72

HTTP Request

GET https://www.google.com/recaptcha/api.js

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=xsr7rdmvch26

HTTP Response

200

HTTP Request

GET https://www.google.com/js/bg/oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10.js

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

HTTP Response

200

HTTP Request

GET https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh

HTTP Response

200
142.250.200.4:443

www.google.com

tls, http2

IEXPLORE.EXE

1.4kB
5.1kB
17
11
88.221.134.88:443

use.typekit.net

tls, http2

IEXPLORE.EXE

1.2kB
4.9kB
16
15
88.221.134.88:443

https://use.typekit.net/af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

tls, http2

IEXPLORE.EXE

2.6kB
31.5kB
40
38

HTTP Request

GET https://use.typekit.net/zyw6mds.css

HTTP Response

200

HTTP Request

GET https://use.typekit.net/af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

HTTP Response

200
88.221.135.104:443

https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css

tls, http2

IEXPLORE.EXE

1.5kB
5.1kB
19
15

HTTP Request

GET https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css

HTTP Response

200
88.221.135.104:443

p.typekit.net

tls, http2

IEXPLORE.EXE

1.1kB
4.8kB
15
14
104.20.95.138:443

secure.statcounter.com

tls, http2

IEXPLORE.EXE

991 B
6.0kB
13
10
104.20.95.138:443

secure.statcounter.com

tls, http2

IEXPLORE.EXE

1.4kB
6.0kB
14
9
172.217.169.35:443

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549

tls, http2

IEXPLORE.EXE

2.4kB
6.3kB
27
22

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SK8LQSM564&cid=1194709269.1704523744&gtm=45je4130v9126319911&aip=1&dma=0&gcd=11l1l1l1l1&z=905612064

HTTP Response

200

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&_u=4CDAAUAAAAAAACAAI~&z=1352149549

HTTP Response

200
142.251.173.155:443

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&gjid=431912532&_gid=618266645.1704523744&_u=4CDAAUAAAAAAACAAI~&z=1764787488

tls, http2

IEXPLORE.EXE

2.7kB
6.7kB
28
20

HTTP Request

GET https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SK8LQSM564&cid=1194709269.1704523744&gtm=45je4130v9126319911&aip=1&dma=0&gcd=11l1l1l1l1

HTTP Response

204

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=1194709269.1704523744&jid=164122258&gjid=431912532&_gid=618266645.1704523744&_u=4CDAAUAAAAAAACAAI~&z=1764787488

HTTP Response

200
172.217.169.35:443

www.google.co.uk

tls, http2

IEXPLORE.EXE

1.4kB
5.1kB
18
12
142.251.173.155:443

stats.g.doubleclick.net

tls, http2

IEXPLORE.EXE

1.5kB
5.4kB
19
12
216.239.32.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&_et=21&tfd=40987

tls, http2

IEXPLORE.EXE

2.5kB
6.2kB
25
17

HTTP Request

GET https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=40957

HTTP Request

GET https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je4130v9126319911&_p=1704523725279&gcd=11l1l1l1l1&dma=0&cid=1194709269.1704523744&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704523743&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&_et=21&tfd=40987

HTTP Response

204

HTTP Response

204
216.239.32.36:443

region1.analytics.google.com

tls, http2

IEXPLORE.EXE

1.3kB
5.6kB
18
12
104.18.38.233:80

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

http

IEXPLORE.EXE

478 B
2.0kB
7
5

HTTP Request

GET http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4

tls, http2

110.9kB
3.2MB
2317
2309

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301490_1LPSK7N2TS8HCTMAM&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301057_1JHF9NK2IDFKNUSZM&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
11.1kB
18
16
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.3kB
8.7kB
17
14

8.8.8.8:53

1.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

1.181.190.20.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

sharegods.com

dns

IEXPLORE.EXE

118 B
189 B
2
1

DNS Request

sharegods.com

DNS Request

sharegods.com

DNS Response

54.161.222.85

34.205.242.146
8.8.8.8:53

www.freestats.net

dns

IEXPLORE.EXE

63 B
93 B
1
1

DNS Request

www.freestats.net

DNS Response

5.135.162.57
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

57.162.135.5.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

57.162.135.5.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

85.222.161.54.in-addr.arpa

dns

216 B
127 B
3
1

DNS Request

85.222.161.54.in-addr.arpa

DNS Request

85.222.161.54.in-addr.arpa

DNS Request

85.222.161.54.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

210 B
156 B
3
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

www.hugedomains.com

dns

IEXPLORE.EXE

260 B
113 B
4
1

DNS Request

www.hugedomains.com

DNS Request

www.hugedomains.com

DNS Request

www.hugedomains.com

DNS Request

www.hugedomains.com

DNS Response

172.67.70.191

104.26.6.37

104.26.7.37
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

288 B
146 B
4
1

DNS Request

26.165.165.52.in-addr.arpa

DNS Request

26.165.165.52.in-addr.arpa

DNS Request

26.165.165.52.in-addr.arpa

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

cdn.jsdelivr.net

dns

IEXPLORE.EXE

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.1.229

151.101.65.229

151.101.129.229

151.101.193.229
8.8.8.8:53

static.hugedomains.com

dns

IEXPLORE.EXE

68 B
116 B
1
1

DNS Request

static.hugedomains.com

DNS Response

104.26.7.37

104.26.6.37

172.67.70.191
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.4
8.8.8.8:53

191.70.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

191.70.67.172.in-addr.arpa
8.8.8.8:53

229.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

229.1.101.151.in-addr.arpa
8.8.8.8:53

use.typekit.net

dns

IEXPLORE.EXE

61 B
169 B
1
1

DNS Request

use.typekit.net

DNS Response

88.221.134.88

88.221.134.115
8.8.8.8:53

37.7.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

37.7.26.104.in-addr.arpa
8.8.8.8:53

4.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.200.250.142.in-addr.arpa
8.8.8.8:53

232.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

232.187.250.142.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

p.typekit.net

dns

IEXPLORE.EXE

59 B
170 B
1
1

DNS Request

p.typekit.net

DNS Response

88.221.135.104

88.221.134.122
8.8.8.8:53

88.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

88.134.221.88.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

104.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

104.135.221.88.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

144 B
110 B
2
1

DNS Request

3.180.250.142.in-addr.arpa

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

171.39.242.20.in-addr.arpa

DNS Request

171.39.242.20.in-addr.arpa

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

161.19.199.152.in-addr.arpa

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

secure.statcounter.com

dns

IEXPLORE.EXE

136 B
100 B
2
1

DNS Request

secure.statcounter.com

DNS Request

secure.statcounter.com

DNS Response

104.20.95.138

104.20.94.138
8.8.8.8:53

138.95.20.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

138.95.20.104.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

18.134.221.88.in-addr.arpa

DNS Request

18.134.221.88.in-addr.arpa

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

region1.analytics.google.com

dns

IEXPLORE.EXE

148 B
106 B
2
1

DNS Request

region1.analytics.google.com

DNS Request

region1.analytics.google.com

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

stats.g.doubleclick.net

dns

IEXPLORE.EXE

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

142.251.173.155

142.251.173.157

142.251.173.154

142.251.173.156
8.8.8.8:53

www.google.co.uk

dns

IEXPLORE.EXE

124 B
156 B
2
2

DNS Request

www.google.co.uk

DNS Request

www.google.co.uk

DNS Response

172.217.169.35

DNS Response

172.217.169.35
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

36.32.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.32.239.216.in-addr.arpa
8.8.8.8:53

155.173.251.142.in-addr.arpa

dns

74 B
108 B
1
1

DNS Request

155.173.251.142.in-addr.arpa
8.8.8.8:53

35.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.169.217.172.in-addr.arpa
8.8.8.8:53

crl.usertrust.com

dns

IEXPLORE.EXE

63 B
144 B
1
1

DNS Request

crl.usertrust.com

DNS Response

104.18.38.233

172.64.149.23
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

48.229.111.52.in-addr.arpa

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

131.72.42.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

131.72.42.20.in-addr.arpa

DNS Request

131.72.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver6210.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\recaptcha__en[1].js

Filesize
69KB

MD5
0ce2dd234aa04f3fb552e365fd48b7d9

SHA1
7036a770c6f33cfa25102b9b87716164d8952fe6

SHA256
9809d47569683de8d3566973f2724dd4b1da6fe086c00fa956ac482572d319ca

SHA512
c2301207d2316b2e99d1f875cf04fa0e432eb9cd0833d8c5ad49ce07931044cec0861d8e110f10bcd582a161705d79af358fe50f46675f362ea15b0498275887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\styles__ltr[1].css

Filesize
44KB

MD5
d61b4d44fa2c4f7005f57bab0aef7e44

SHA1
d8044ba7b8b76a05f7241595be39b5a8de220ec0

SHA256
e230c088964886d0650ed428c366fe92b9843df00fedc839eaa04ace91ed3898

SHA512
8e35bf77dc2439a7bd250f7745e3742082f90236b5317691366eab9368c6e0f7c0af01e08f82813654a303bbf90218c4ce8d7de40ce61790daf322d80c21770f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request