dd4f084fa39d626869858d4fdf19413d411ad31ef95ddcdc4bdc939823efd0c1

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 21:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9a737af51991e38293a5a82fb2025d6.html
Size

18KB
MD5

f9a737af51991e38293a5a82fb2025d6
SHA1

11584cbd53df398527a85620ba95f742bd49077f
SHA256

dd4f084fa39d626869858d4fdf19413d411ad31ef95ddcdc4bdc939823efd0c1
SHA512

da41602ad017ca80d0fcdfa3bda25d7dd5e06c547f257aef52713e912059a4a300bb698885cd29d9c4f3e74dc2057531acea6bcc514b490bd9d2eb6d75bfdec1
SSDEEP

384:uWiZc/X2BLfJmSOUlBv6ie+gUqN7aaA/WCPGQxr/ctt2V:Uc/XYDJmSOUXvm+2a7PtJ6G

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.hugedomains.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hugedomains.com\Total = "32"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2038171402"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hugedomains.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hugedomains.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "53"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080007"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411052908"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2031452689"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080007"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hugedomains.com\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2031452689"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080007"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2038171402"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A41A6553-AA3A-11EE-9963-7AA08ABF42A0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080007"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DOMStorage\hugedomains.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
3792	IEXPLORE.EXE
3792	IEXPLORE.EXE
3792	IEXPLORE.EXE
3792	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3792	2172	iexplore.exe	91
PID 2172 wrote to memory of 3792	2172	iexplore.exe	91
PID 2172 wrote to memory of 3792	2172	iexplore.exe	91

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9a737af51991e38293a5a82fb2025d6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3792

Network

DNS

sharegods.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sharegods.com

IN A

Response

sharegods.com

IN CNAME

traff-1.hugedomains.com

traff-1.hugedomains.com

IN CNAME

hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com

hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com

IN A

52.71.57.184

hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com

IN A

54.209.32.212
DNS

sharegods.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sharegods.com

IN A
DNS

www.freestats.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.freestats.net

IN A

Response
DNS

www.freestats.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.freestats.net

IN A
DNS

www.freestats.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.freestats.net

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

19.53.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.53.126.40.in-addr.arpa

IN PTR

Response
DNS

202.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.135.221.88.in-addr.arpa

IN PTR

Response

202.135.221.88.in-addr.arpa

IN PTR

a88-221-135-202deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
GET

http://sharegods.com/promo-7.php?pin=101136&query=Download%20EarthTime%20v2.2.0&domain=dlfiles.com

IEXPLORE.EXE

Remote address:

52.71.57.184:80

Request

GET /promo-7.php?pin=101136&query=Download%20EarthTime%20v2.2.0&domain=dlfiles.com HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sharegods.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Wed, 03 Jan 2024 13:18:57 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
DNS

IEXPLORE.EXE

Remote address:

52.71.57.184:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
DNS

www.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.hugedomains.com

IN A

Response

www.hugedomains.com

IN A

172.67.70.191

www.hugedomains.com

IN A

104.26.7.37

www.hugedomains.com

IN A

104.26.6.37
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1E15D2B7942662CB1B80C14C959D63C3; domain=.bing.com; expires=Mon, 27-Jan-2025 13:19:05 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D2DC472CDC64979B5B250C3FDCFEBB0 Ref B: LON04EDGE0816 Ref C: 2024-01-03T13:19:05Z
date: Wed, 03 Jan 2024 13:19:05 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1E15D2B7942662CB1B80C14C959D63C3

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=DlJl1MgWkK5GEoOA38WCHBFwYd6MACpYRHZTkP67pbo; domain=.bing.com; expires=Mon, 27-Jan-2025 13:19:05 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4EDD28B879C5450A897F4A804CDC6EF4 Ref B: LON04EDGE0816 Ref C: 2024-01-03T13:19:05Z
date: Wed, 03 Jan 2024 13:19:05 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1E15D2B7942662CB1B80C14C959D63C3; MSPTC=DlJl1MgWkK5GEoOA38WCHBFwYd6MACpYRHZTkP67pbo

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61F7E4E39801408BB01D0764E6EC8933 Ref B: LON04EDGE0816 Ref C: 2024-01-03T13:19:06Z
date: Wed, 03 Jan 2024 13:19:05 GMT
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR
DNS

184.57.71.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.57.71.52.in-addr.arpa

IN PTR

Response

184.57.71.52.in-addr.arpa

IN PTR

ec2-52-71-57-184 compute-1 amazonawscom
DNS

191.70.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.70.67.172.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

195.233.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.233.44.23.in-addr.arpa

IN PTR

Response

195.233.44.23.in-addr.arpa

IN PTR

a23-44-233-195deploystaticakamaitechnologiescom
GET

https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /domain_profile.cfm?d=sharegods.com HTTP/2.0
host: www.hugedomains.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:15 GMT
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
set-cookie: site_version_phase=108; expires=Sat, 28-Dec-2024 13:19:15 GMT; path=/
set-cookie: site_version=HDv3; expires=Sat, 28-Dec-2024 13:19:15 GMT; path=/
set-cookie: captcha-tracker=; expires=Tue, 02-Jan-2024 13:19:15 GMT; path=/
x-powered-by: ASP.NET
lb: TclPrdLbHd3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDrRD26yKZ3jLf0Fs5RO6Z%2FfXSn4KB5bcjEG4VXeAx2IgrapI8U%2BVH9Nvj5CT3cLwxDJQgmK%2BKpPXNLpYwbLcqtkyY4JhAyy79rPTuFArNWeky17JzUsJqTV4%2B0UZ3qUsZy2Xlk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb8848d9f460dc-LHR
content-encoding: gzip
GET

https://www.hugedomains.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.hugedomains.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: site_version_phase=108; site_version=HDv3; _ga_SK8LQSM564=GS1.1.1704287962.1.0.1704287962.60.0.0; _ga=GA1.2.2041840903.1704287962; _gid=GA1.2.2034576876.1704287962; _gat_gtag_UA_7117339_4=1; sc_is_visitor_unique=rx5694535.1704287974.B551EAC856EF4F4C86196513BB403997.1.1.1.1.1.1.1.1.1

Response

HTTP/2.0 302

date: Wed, 03 Jan 2024 13:19:34 GMT
content-encoding: gzip
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Si2b3jpV4Q5CqRp1EwejbKbrC0KsAZIRBf5dE0DkW62NpCBvJaripvdWbPQIZrwzG8Pak7xodbIpQWb%2BR15MCBrEew9FMI%2FfSZE7EAWE9UvkXNWLS9XdtBWUI0WreCFXmFB0WKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88c108a060dc-LHR
GET

https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js HTTP/2.0
host: www.hugedomains.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: site_version_phase=108; site_version=HDv3; _ga_SK8LQSM564=GS1.1.1704287962.1.0.1704287962.60.0.0; _ga=GA1.2.2041840903.1704287962; _gid=GA1.2.2034576876.1704287962; _gat_gtag_UA_7117339_4=1; sc_is_visitor_unique=rx5694535.1704287974.B551EAC856EF4F4C86196513BB403997.1.1.1.1.1.1.1.1.1

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:35 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G7pzyeRZpctylFIvw3IpmtrSvUxFw7zaeffOnBLuJVwEzj5k%2FcraW%2BvVDUVRGaWIhWS1IFBYZ%2Bd9S60ikZ2kRVUidX1Yzi3%2F72HsRn89t9UilIulvJmmmOCAqcYLrg%2Fx%2FfGtTDA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88c8db8f60dc-LHR
OPTIONS

https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/jsd/r/83fb8848d9f460dc

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

OPTIONS /cdn-cgi/challenge-platform/h/g/jsd/r/83fb8848d9f460dc HTTP/2.0
host: www.hugedomains.com
accept: */*
origin: https://www.hugedomains.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 400

date: Wed, 03 Jan 2024 13:19:35 GMT
content-type: application/json
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out: udb4AthprdsC/5BBq5FhPA==$3/kQjdsBxyDazSIhFP42UQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=abTRMlX3oReDfc4HhowMUv9sqsSNNz%2Bwq%2BP7buSZHbl5HVgblz0htDlqTL26H9aZKtCfq7C9PSODTspqvDGeCZZrV4u0qv42mvR2qE%2FkwoxyWM3v4dXKCsIzxTMnqrQklxzL7tA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88c93c0760dc-LHR
DNS

cdn.jsdelivr.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.193.229
DNS

static.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.hugedomains.com

IN A

Response

static.hugedomains.com

IN A

172.67.70.191

static.hugedomains.com

IN A

104.26.6.37

static.hugedomains.com

IN A

104.26.7.37
DNS

static.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.hugedomains.com

IN A
DNS

static.hugedomains.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.hugedomains.com

IN A
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
GET

https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

IEXPLORE.EXE

Remote address:

151.101.1.229:443

Request

GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/2.0
host: cdn.jsdelivr.net
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 03 Jan 2024 13:19:18 GMT
age: 3055901
x-served-by: cache-fra-eddf8230072-FRA, cache-lhr7328-LHR
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3096
GET

https://www.google.com/recaptcha/api.js

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api.js HTTP/2.0
host: www.google.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
expires: Wed, 03 Jan 2024 13:19:16 GMT
date: Wed, 03 Jan 2024 13:19:16 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234 HTTP/2.0
host: www.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 03 Jan 2024 13:19:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=qg9nut1nklav

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=qg9nut1nklav HTTP/2.0
host: www.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 03 Jan 2024 13:19:34 GMT
content-security-policy: script-src 'nonce-WzLnLI4RM_EmCtW2-1Bw3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/js/bg/oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10.js

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /js/bg/oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10.js HTTP/2.0
host: www.google.com
accept: application/javascript, */*;q=0.8
referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=qg9nut1nklav
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 10441
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 02:18:08 GMT
expires: Wed, 01 Jan 2025 02:18:08 GMT
cache-control: public, max-age=31536000
age: 126086
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu HTTP/2.0
host: www.google.com
accept: application/javascript, */*;q=0.8
referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=qg9nut1nklav
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 03 Jan 2024 13:19:34 GMT
date: Wed, 03 Jan 2024 13:19:34 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh

IEXPLORE.EXE

Remote address:

142.250.200.4:443

Request

GET /recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh HTTP/2.0
host: www.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 03 Jan 2024 13:19:39 GMT
content-security-policy: script-src 'nonce-2D23gHcw_O0FA9kJjCXsVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR

Response

4.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f41e100net
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR

Response
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR
GET

https://static.hugedomains.com/css/hdv3-css/reboot.min.css

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /css/hdv3-css/reboot.min.css HTTP/2.0
host: static.hugedomains.com
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: text/css
content-length: 1580
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 18:51:51 GMT
etag: "80fd745223f9d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5899
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inQkcnmCU1L0bv%2FQpJxatgK%2F70xCjGua1NMHHjIj6KjHkHC2s2aE6bAclNIS73vAlJg5fOnx3cK6VtGN2l0I%2BdV5yBTgBgi6Unz0cf%2FOIoytOO6aTWyA4BKYgqOzpkg9i3UOhJZZ8H4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88589a212407-LHR
GET

https://static.hugedomains.com/css/hdv3-css/style.css?r=20201105a

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /css/hdv3-css/style.css?r=20201105a HTTP/2.0
host: static.hugedomains.com
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: image/png
content-length: 743
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2415
etag: "524238d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:32 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 6591
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu7KW0GCYaAiSg6UCTHCBsveftn5JON9sde3O84HDPEOImZBug2K3PDI4pfuRe%2B2KE34e4kHtMCpUmO5EjbnqQHKkYdp2qViHW1gdZN5ufFljdThz%2Fm5u4YjiaH8%2BxctpGDc2hvzk44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83fb88589a262407-LHR
GET

https://static.hugedomains.com/css/hdv3-css/responsive.css?r=20201105a

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /css/hdv3-css/responsive.css?r=20201105a HTTP/2.0
host: static.hugedomains.com
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: application/javascript
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=16782
etag: W/"04e7c371aebd81:0"
last-modified: Fri, 28 Oct 2022 22:11:24 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 1090
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XE8gvnFDeQNKWs%2FJLwg9juCjV4odYIhh9lJjZiK231XZqAn2q4Q9inOCp8NWbWo2uaxQrEyIRsPS1%2BvVWefMppKQN8MugaVXDs%2FYKifBg58X8t1hzFoBiQW10%2BF9zUfPhyGOenwVWj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88589a282407-LHR
content-encoding: gzip
GET

https://static.hugedomains.com/images/hdv3-img/logo.png

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /images/hdv3-img/logo.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: image/png
content-length: 2578
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5035
etag: "741f36d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 6951
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1OK1oVq28noUyA5llsRhUYw3t3gyKlAWp6chw8e28sNRQtCNSZKx9nccwtrypjYxoItrP98ZSMcgFZUbE1f8poXXjWpAbiAx6MVgGnnrkeQAmM4622wtjBBJky%2FeLTC9m2iTFravU0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83fb88589a2c2407-LHR
GET

https://static.hugedomains.com/images/hdv3-img/phone-icon.png

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /images/hdv3-img/phone-icon.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: image/png
content-length: 2799
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5589
etag: "ece634d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 1090
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVm%2By9NdfEuVPfdrffsD18JpKtsWpsAHX4cAlRzZyiVjMWRSqalBJnm%2B%2BC4uT7IPoVXNRULaD80dNU%2BOTXuDCu5XM9GOUfVW1dJagO2BuZZz%2FwCBR3J8qh5jItGyBUHCmK0pXGqRUu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83fb88589a2b2407-LHR
GET

https://static.hugedomains.com/images/hdv3-img/care.png

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /images/hdv3-img/care.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: image/png
content-length: 1507
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=3413
etag: "8d4636d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 1223
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2S2h30pBqupzWfkzMDEa2lerhUQoL1UX2VFJUF9W2NndyBEBOGCHAdQ2%2Ft14QArIEX16OTFhX4Zam3jBIxiA%2FQUJ846f6eEm%2B3rvjXuvxkaCKAj%2B5fDV4Jsq%2BoadBMEMJMyNTDeE5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83fb88589a292407-LHR
GET

https://static.hugedomains.com/js/hdv3-js/script.js

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /js/hdv3-js/script.js HTTP/2.0
host: static.hugedomains.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: text/css
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=231923
etag: W/"044c5e7b22fda1:0"
last-modified: Sat, 16 Dec 2023 00:00:40 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 1220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0PFKqw5ygsEGEuLGdxH%2BgNh9Alc%2BB8eTV2BOpBOTFKAUNoMQ9gcFk2pL1f462TMsyRTEvVTMeufg5kEShiVpJtR1%2BSYZXa75vQ7x8M89GoXpr6WNHbRLEqsRcImP8RUcFoUaNk9VQw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88589a232407-LHR
content-encoding: gzip
GET

https://static.hugedomains.com/images/hdv3-img/guarant-footer.png

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /images/hdv3-img/guarant-footer.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: image/png
content-length: 4310
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6473
etag: "32f437d6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:32 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 7038
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zv7BL%2B6z9ugo4pWktDe6D4Npx%2Bo3zWVvsKON5zCGSzvx0KuysfSJAPsFWjOfrDAni1C7a%2FOYAKxu%2Fxb4z%2Bbo1YQ9ze49BQvL2F7kPNHgEZE3FtcTcG7Y05NfoZRB2F%2FD%2Bchl%2BEoB%2BV0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83fb88589a252407-LHR
GET

https://static.hugedomains.com/js/hdv3-js/jquery.min.js

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /js/hdv3-js/jquery.min.js HTTP/2.0
host: static.hugedomains.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: text/css
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=94945
etag: W/"053c1df2235da1:0"
last-modified: Fri, 22 Dec 2023 22:04:46 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 6460
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGrhLlQrvIPWWN3RNbW6KiN1hDVGL4GfgwGEDHQadLvmkeC%2FuKCHt2Gq%2FScMqfr05mUZkVR5fSvngdr7ZfSGK3j5%2BERSHhDYxU6G5zLFThspptDlETSgaQdmlXMAV7y7G3EaurM1vII%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88589a242407-LHR
content-encoding: gzip
GET

https://static.hugedomains.com/images/hdv3-img/escrow.png

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /images/hdv3-img/escrow.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: application/javascript
content-length: 30217
content-encoding: gzip
last-modified: Mon, 20 Jul 2020 17:04:33 GMT
etag: "8026d0d6b75ed61:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 4363
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PZZ%2Fv%2Fn32W4m7d71W3E3nPcbLfoRHEJ7mPLzjgmtIYVzdy972ARG9yiUR%2Fa5iH%2Bc%2BN3gQDi%2Fu9XFdz5%2BkyIeDDHrKCazwOFGFAVp%2FmqwT5YCzPeMEiG3Bl0fZCVjMcCj1rdvZUAgSUU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83fb88589a2a2407-LHR
GET

https://static.hugedomains.com/images/hdv3-img/geo.png

IEXPLORE.EXE

Remote address:

172.67.70.191:443

Request

GET /images/hdv3-img/geo.png HTTP/2.0
host: static.hugedomains.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:17 GMT
content-type: image/png
content-length: 708
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1906
etag: "a9c92cd6b75ed61:0"
last-modified: Mon, 20 Jul 2020 17:04:31 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
age: 4277
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrfKMx0aDXe2lg7srnE5LGnVB6AutxMOGXI5pb5YYTyJsMrXwC0AxXYl400L90EPOuFT6UNJRl9OgoK9WOKe8f%2FETbDiv1KXdjeS8pV5nFjZTxsX9piGjWMIoceI2PdzoSTQa9uGUE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83fb88589a272407-LHR
DNS

use.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

use.typekit.net

IN A

Response

use.typekit.net

IN CNAME

use-stls.adobe.com.edgesuite.net

use-stls.adobe.com.edgesuite.net

IN CNAME

a1988.dscg1.akamai.net

a1988.dscg1.akamai.net

IN A

88.221.134.88

a1988.dscg1.akamai.net

IN A

88.221.134.115
DNS

use.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

use.typekit.net

IN A
DNS

use.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

use.typekit.net

IN A
DNS

232.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.187.250.142.in-addr.arpa

IN PTR

Response

232.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f81e100net
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
GET

https://use.typekit.net/zyw6mds.css

IEXPLORE.EXE

Remote address:

88.221.134.88:443

Request

GET /zyw6mds.css HTTP/2.0
host: use.typekit.net
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 588
date: Wed, 03 Jan 2024 13:19:21 GMT
GET

https://use.typekit.net/af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

IEXPLORE.EXE

Remote address:

88.221.134.88:443

Request

GET /af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 HTTP/2.0
host: use.typekit.net
accept: */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.hugedomains.com
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/font-woff
content-length: 23772
etag: "98e73879b397d0b98b8a96538c3271fce677cf5c"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 03 Jan 2024 13:19:23 GMT
DNS

p.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

p.typekit.net

IN A

Response

p.typekit.net

IN CNAME

p.typekit.net-stls-v3.edgesuite.net

p.typekit.net-stls-v3.edgesuite.net

IN CNAME

a1874.dscg1.akamai.net

a1874.dscg1.akamai.net

IN A

104.97.14.227

a1874.dscg1.akamai.net

IN A

104.97.15.57
DNS

p.typekit.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

p.typekit.net

IN A
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

88.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.134.221.88.in-addr.arpa

IN PTR

Response

88.134.221.88.in-addr.arpa

IN PTR

a88-221-134-88deploystaticakamaitechnologiescom
GET

https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css

IEXPLORE.EXE

Remote address:

104.97.14.227:443

Request

GET /p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css HTTP/2.0
host: p.typekit.net
accept: text/css, */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: text/css
content-length: 5
last-modified: Fri, 14 Jul 2023 12:41:40 GMT
etag: "64b14284-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Wed, 03 Jan 2024 13:19:22 GMT
DNS

secure.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

secure.statcounter.com

IN A

Response

secure.statcounter.com

IN A

104.20.94.138

secure.statcounter.com

IN A

104.20.95.138
DNS

secure.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

secure.statcounter.com

IN A
GET

https://secure.statcounter.com/counter/counter.js

IEXPLORE.EXE

Remote address:

104.20.94.138:443

Request

GET /counter/counter.js HTTP/2.0
host: secure.statcounter.com
accept: application/javascript, */*;q=0.8
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 02 Jan 2024 17:20:24 GMT
etag: W/"659445d8-a313"
expires: Wed, 03 Jan 2024 17:13:13 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 29180
server: cloudflare
cf-ray: 83fb88becef4dc7f-LHR
DNS

region1.analytics.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

stats.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

74.125.206.157

stats.g.doubleclick.net

IN A

74.125.206.156

stats.g.doubleclick.net

IN A

74.125.206.155

stats.g.doubleclick.net

IN A

74.125.206.154
DNS

www.google.co.uk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.35
GET

https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&tfd=7222

IEXPLORE.EXE

Remote address:

216.239.34.36:443

Request

GET /g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&tfd=7222 HTTP/2.0
host: region1.analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 03 Jan 2024 13:19:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7216

IEXPLORE.EXE

Remote address:

216.239.34.36:443

Request

GET /g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7216 HTTP/2.0
host: region1.analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 03 Jan 2024 13:19:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1&z=373881776

IEXPLORE.EXE

Remote address:

172.217.169.35:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1&z=373881776 HTTP/2.0
host: www.google.co.uk
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 03 Jan 2024 13:19:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234

IEXPLORE.EXE

Remote address:

172.217.169.35:443

Request

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234 HTTP/2.0
host: www.google.co.uk
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 03 Jan 2024 13:19:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&gjid=41213971&_gid=2034576876.1704287962&_u=4CDAAUAAAAAAACAAI~&z=685403822

IEXPLORE.EXE

Remote address:

74.125.206.157:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&gjid=41213971&_gid=2034576876.1704287962&_u=4CDAAUAAAAAAACAAI~&z=685403822 HTTP/2.0
host: stats.g.doubleclick.net
accept: */*
content-type: text/plain
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
origin: https://www.hugedomains.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

access-control-allow-origin: https://www.hugedomains.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 Jan 2024 13:19:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 7
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1

IEXPLORE.EXE

Remote address:

74.125.206.157:443

Request

GET /g/collect?v=2&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1 HTTP/2.0
host: stats.g.doubleclick.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 03 Jan 2024 13:19:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

227.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.14.97.104.in-addr.arpa

IN PTR

Response

227.14.97.104.in-addr.arpa

IN PTR

a104-97-14-227deploystaticakamaitechnologiescom
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

138.94.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.94.20.104.in-addr.arpa

IN PTR

Response
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

35.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.169.217.172.in-addr.arpa

IN PTR

Response

35.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f31e100net
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

157.206.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.206.125.74.in-addr.arpa

IN PTR

Response

157.206.125.74.in-addr.arpa

IN PTR

wk-in-f1571e100net
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

crl.usertrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

crl.usertrust.com

IN A

Response

crl.usertrust.com

IN CNAME

crl.comodoca.com.cdn.cloudflare.net

crl.comodoca.com.cdn.cloudflare.net

IN A

104.18.38.233

crl.comodoca.com.cdn.cloudflare.net

IN A

172.64.149.23
DNS

crl.usertrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

crl.usertrust.com

IN A

Response

crl.usertrust.com

IN CNAME

crl.comodoca.com.cdn.cloudflare.net

crl.comodoca.com.cdn.cloudflare.net

IN A

172.64.149.23

crl.comodoca.com.cdn.cloudflare.net

IN A

104.18.38.233
GET

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

IEXPLORE.EXE

Remote address:

104.18.38.233:80

Request

GET /USERTrustRSACertificationAuthority.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.usertrust.com

Response

HTTP/1.1 200 OK

Date: Wed, 03 Jan 2024 13:19:34 GMT
Content-Type: application/pkix-crl
Content-Length: 1275
Connection: keep-alive
Last-Modified: Tue, 02 Jan 2024 14:24:44 GMT
ETag: "65941cac-4fb"
X-CCACDN-Mirror-ID: mscrl2
Cache-Control: max-age=14400, s-maxage=3600
Expires: Tue, 09 Jan 2024 14:24:44 GMT
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 2878
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 83fb88be2f764141-LHR
DNS

c.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.statcounter.com

IN A

Response

c.statcounter.com

IN A

104.20.94.138

c.statcounter.com

IN A

104.20.95.138
DNS

c.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.statcounter.com

IN A
GET

https://c.statcounter.com/t.php?sc_project=5694535&u1=B551EAC856EF4F4C86196513BB403997&java=1&security=91f91c19&sc_snum=1&sess=75b702&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=https%3A//www.hugedomains.com/domain_profile.cfm%3Fd%3Dsharegods.com&t=HugeDomains.com&invisible=1&sc_rum_e_s=18636&sc_rum_e_e=18647&sc_rum_f_s=0&sc_rum_f_e=18631&get_config=true

IEXPLORE.EXE

Remote address:

104.20.94.138:443

Request

GET /t.php?sc_project=5694535&u1=B551EAC856EF4F4C86196513BB403997&java=1&security=91f91c19&sc_snum=1&sess=75b702&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=https%3A//www.hugedomains.com/domain_profile.cfm%3Fd%3Dsharegods.com&t=HugeDomains.com&invisible=1&sc_rum_e_s=18636&sc_rum_e_e=18647&sc_rum_f_s=0&sc_rum_f_e=18631&get_config=true HTTP/2.0
host: c.statcounter.com
accept: */*
referer: https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com
accept-language: en-US
origin: https://www.hugedomains.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 03 Jan 2024 13:19:35 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc5694535.1704287975.0; SameSite=None; Secure; Expires=Monday, 01-Jan-2029 06:19:35 MST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://www.hugedomains.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83fb88c71b646395-LHR
content-encoding: gzip
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301712_1VAFFW2XLOWABA0CF&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301712_1VAFFW2XLOWABA0CF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 160252
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA2C8C51F4FA4F4D89FD0CC04DC39B81 Ref B: LON04EDGE0910 Ref C: 2024-01-03T13:20:34Z
date: Wed, 03 Jan 2024 13:20:34 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 483933
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6FAEEBEFEFE44CA0965C47E50D5FE4BB Ref B: LON04EDGE0910 Ref C: 2024-01-03T13:20:34Z
date: Wed, 03 Jan 2024 13:20:34 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 141161
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E046E63601E2411C996313E6B5CB45A0 Ref B: LON04EDGE0910 Ref C: 2024-01-03T13:20:34Z
date: Wed, 03 Jan 2024 13:20:34 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301303_1EAOJAYMFAD8YIR5A&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301303_1EAOJAYMFAD8YIR5A&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 393346
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E7FE2648C50241AD995760F5264A8361 Ref B: LON04EDGE0910 Ref C: 2024-01-03T13:20:34Z
date: Wed, 03 Jan 2024 13:20:34 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 434630
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 76DD3E1174D14305AFBA0B6A36CFB0FE Ref B: LON04EDGE0910 Ref C: 2024-01-03T13:20:34Z
date: Wed, 03 Jan 2024 13:20:34 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430642
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 743D77F9255F448CA447C47353EB705A Ref B: LON04EDGE0910 Ref C: 2024-01-03T13:20:35Z
date: Wed, 03 Jan 2024 13:20:35 GMT

23.44.234.16:80

276 B
6
138.91.171.81:80

208 B
4
52.71.57.184:80

http://sharegods.com/promo-7.php?pin=101136&query=Download%20EarthTime%20v2.2.0&domain=dlfiles.com

http

IEXPLORE.EXE

987 B
324 B
14
4

HTTP Request

GET http://sharegods.com/promo-7.php?pin=101136&query=Download%20EarthTime%20v2.2.0&domain=dlfiles.com

HTTP Response

302
52.71.57.184:80

sharegods.com

http

IEXPLORE.EXE

334 B
365 B
7
3

HTTP Response

408
172.67.70.191:443

www.hugedomains.com

tls, http2

IEXPLORE.EXE

832 B
3.2kB
10
9
172.67.70.191:443

www.hugedomains.com

tls, http2

IEXPLORE.EXE

832 B
3.2kB
10
9
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

tls, http2

2.6kB
11.7kB
26
21

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36e75d4b2ae74eef874b8b16e0183f5f&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204
172.67.70.191:443

https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/jsd/r/83fb8848d9f460dc

tls, http2

IEXPLORE.EXE

4.2kB
12.9kB
46
33

HTTP Request

GET https://www.hugedomains.com/domain_profile.cfm?d=sharegods.com

HTTP Response

200

HTTP Request

GET https://www.hugedomains.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

HTTP Response

200

HTTP Request

OPTIONS https://www.hugedomains.com/cdn-cgi/challenge-platform/h/g/jsd/r/83fb8848d9f460dc

HTTP Response

400
172.67.70.191:443

www.hugedomains.com

tls, http2

IEXPLORE.EXE

1.4kB
3.8kB
18
12
151.101.1.229:443

cdn.jsdelivr.net

tls, http2

IEXPLORE.EXE

1.4kB
5.6kB
18
14
151.101.1.229:443

https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

tls, http2

IEXPLORE.EXE

2.0kB
9.4kB
22
17

HTTP Request

GET https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

HTTP Response

200
142.250.200.4:443

www.google.com

tls, http2

IEXPLORE.EXE

1.3kB
5.1kB
19
12
142.250.200.4:443

https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh

tls, http2

IEXPLORE.EXE

5.2kB
50.7kB
77
69

HTTP Request

GET https://www.google.com/recaptcha/api.js

HTTP Response

200

HTTP Request

GET https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh&co=aHR0cHM6Ly93d3cuaHVnZWRvbWFpbnMuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=qg9nut1nklav

HTTP Response

200

HTTP Request

GET https://www.google.com/js/bg/oxWLEMHTm-PHlM2WIB4aObzPVh9OT9KDjPiSBgvqk10.js

HTTP Request

GET https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/bframe?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LdB69wUAAAAABYUZU_WrxJJxC4oLZd2TV5i9Lzh

HTTP Response

200
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.4kB
3.8kB
18
12
172.67.70.191:443

https://static.hugedomains.com/images/hdv3-img/geo.png

tls, http2

IEXPLORE.EXE

10.1kB
100.5kB
125
109

HTTP Request

GET https://static.hugedomains.com/css/hdv3-css/reboot.min.css

HTTP Request

GET https://static.hugedomains.com/css/hdv3-css/style.css?r=20201105a

HTTP Request

GET https://static.hugedomains.com/css/hdv3-css/responsive.css?r=20201105a

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/logo.png

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/phone-icon.png

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/care.png

HTTP Request

GET https://static.hugedomains.com/js/hdv3-js/script.js

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/guarant-footer.png

HTTP Request

GET https://static.hugedomains.com/js/hdv3-js/jquery.min.js

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/escrow.png

HTTP Request

GET https://static.hugedomains.com/images/hdv3-img/geo.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.5kB
3.8kB
19
13
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
16
11
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.4kB
3.8kB
18
12
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
16
11
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.4kB
3.8kB
18
12
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.1kB
3.7kB
16
11
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.4kB
3.8kB
18
12
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.2kB
3.7kB
17
12
172.67.70.191:443

static.hugedomains.com

tls, http2

IEXPLORE.EXE

1.3kB
3.7kB
18
12
88.221.134.88:443

use.typekit.net

tls, http2

IEXPLORE.EXE

1.7kB
4.7kB
18
12
88.221.134.88:443

https://use.typekit.net/af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

tls, http2

IEXPLORE.EXE

3.8kB
31.1kB
44
33

HTTP Request

GET https://use.typekit.net/zyw6mds.css

HTTP Response

200

HTTP Request

GET https://use.typekit.net/af/a91117/00000000000000003b9b257c/27/d?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

HTTP Response

200
104.97.14.227:443

https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css

tls, http2

IEXPLORE.EXE

1.6kB
5.2kB
21
18

HTTP Request

GET https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css

HTTP Response

200
104.97.14.227:443

p.typekit.net

tls, http2

IEXPLORE.EXE

1.2kB
4.9kB
16
15
104.20.94.138:443

https://secure.statcounter.com/counter/counter.js

tls, http2

IEXPLORE.EXE

2.3kB
24.0kB
36
30

HTTP Request

GET https://secure.statcounter.com/counter/counter.js

HTTP Response

200
104.20.94.138:443

secure.statcounter.com

tls, http2

IEXPLORE.EXE

1.3kB
8.0kB
20
15
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7216

tls, http2

IEXPLORE.EXE

2.7kB
6.2kB
28
18

HTTP Request

GET https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=2&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=pageLoad&_ee=1&epn.captcha=1&epn.captchafailed=0&ep.siteversion=HDv2&tfd=7222

HTTP Request

GET https://region1.analytics.google.com/g/collect?v=2&tid=G-SK8LQSM564&gtm=45je3bt0v9126319911&_p=1704287961902&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=2041840903.1704287962&ul=en-us&sr=1280x720&_eu=AAAI&_s=1&sid=1704287962&sct=1&seg=0&dl=https%3A%2F%2Fwww.hugedomains.com%2Fdomain_profile.cfm%3Fd%3Dsharegods.com&dt=HugeDomains.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7216

HTTP Response

204

HTTP Response

204
216.239.34.36:443

region1.analytics.google.com

tls, http2

IEXPLORE.EXE

1.6kB
5.6kB
21
13
172.217.169.35:443

www.google.co.uk

tls, http2

IEXPLORE.EXE

1.3kB
5.1kB
20
13
172.217.169.35:443

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234

tls, http2

IEXPLORE.EXE

2.4kB
6.4kB
32
24

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1&z=373881776

HTTP Response

200

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&_u=4CDAAUAAAAAAACAAI~&z=145863234

HTTP Response

200
74.125.206.157:443

stats.g.doubleclick.net

tls, http2

IEXPLORE.EXE

2.2kB
5.4kB
29
13
74.125.206.157:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1

tls, http2

IEXPLORE.EXE

2.7kB
6.4kB
32
22

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7117339-4&cid=2041840903.1704287962&jid=1057855003&gjid=41213971&_gid=2034576876.1704287962&_u=4CDAAUAAAAAAACAAI~&z=685403822

HTTP Request

GET https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SK8LQSM564&cid=2041840903.1704287962&gtm=45je3bt0v9126319911&aip=1&dma=0&gcd=11l1l1l1l1

HTTP Response

200

HTTP Response

204
104.18.38.233:80

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

http

IEXPLORE.EXE

524 B
2.0kB
8
7

HTTP Request

GET http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

HTTP Response

200
104.20.94.138:443

https://c.statcounter.com/t.php?sc_project=5694535&u1=B551EAC856EF4F4C86196513BB403997&java=1&security=91f91c19&sc_snum=1&sess=75b702&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=https%3A//www.hugedomains.com/domain_profile.cfm%3Fd%3Dsharegods.com&t=HugeDomains.com&invisible=1&sc_rum_e_s=18636&sc_rum_e_e=18647&sc_rum_f_s=0&sc_rum_f_e=18631&get_config=true

tls, http2

IEXPLORE.EXE

1.9kB
7.2kB
22
16

HTTP Request

GET https://c.statcounter.com/t.php?sc_project=5694535&u1=B551EAC856EF4F4C86196513BB403997&java=1&security=91f91c19&sc_snum=1&sess=75b702&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=https%3A//www.hugedomains.com/domain_profile.cfm%3Fd%3Dsharegods.com&t=HugeDomains.com&invisible=1&sc_rum_e_s=18636&sc_rum_e_e=18647&sc_rum_f_s=0&sc_rum_f_e=18631&get_config=true

HTTP Response

200
104.20.94.138:443

c.statcounter.com

tls, http2

IEXPLORE.EXE

1.3kB
6.5kB
19
13
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.4kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.3kB
17
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

tls, http2

76.8kB
2.1MB
1573
1569

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301712_1VAFFW2XLOWABA0CF&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301303_1EAOJAYMFAD8YIR5A&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.3kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.7kB
17
14

8.8.8.8:53

sharegods.com

dns

IEXPLORE.EXE

118 B
189 B
2
1

DNS Request

sharegods.com

DNS Request

sharegods.com

DNS Response

52.71.57.184

54.209.32.212
8.8.8.8:53

www.freestats.net

dns

IEXPLORE.EXE

189 B
63 B
3
1

DNS Request

www.freestats.net

DNS Request

www.freestats.net

DNS Request

www.freestats.net
8.8.8.8:53

g.bing.com

dns

168 B
158 B
3
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

19.53.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

19.53.126.40.in-addr.arpa
8.8.8.8:53

202.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

202.135.221.88.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

www.hugedomains.com

dns

IEXPLORE.EXE

65 B
113 B
1
1

DNS Request

www.hugedomains.com

DNS Response

172.67.70.191

104.26.7.37

104.26.6.37
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

184.57.71.52.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

184.57.71.52.in-addr.arpa
8.8.8.8:53

191.70.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

191.70.67.172.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

195.233.44.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

195.233.44.23.in-addr.arpa
8.8.8.8:53

cdn.jsdelivr.net

dns

IEXPLORE.EXE

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.1.229

151.101.65.229

151.101.129.229

151.101.193.229
8.8.8.8:53

static.hugedomains.com

dns

IEXPLORE.EXE

204 B
116 B
3
1

DNS Request

static.hugedomains.com

DNS Request

static.hugedomains.com

DNS Request

static.hugedomains.com

DNS Response

172.67.70.191

104.26.6.37

104.26.7.37
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.4
8.8.8.8:53

4.200.250.142.in-addr.arpa

dns

144 B
110 B
2
1

DNS Request

4.200.250.142.in-addr.arpa

DNS Request

4.200.250.142.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

144 B
110 B
2
1

DNS Request

3.200.250.142.in-addr.arpa

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

229.1.101.151.in-addr.arpa

dns

144 B
132 B
2
1

DNS Request

229.1.101.151.in-addr.arpa

DNS Request

229.1.101.151.in-addr.arpa
8.8.8.8:53

use.typekit.net

dns

IEXPLORE.EXE

183 B
169 B
3
1

DNS Request

use.typekit.net

DNS Request

use.typekit.net

DNS Request

use.typekit.net

DNS Response

88.221.134.88

88.221.134.115
8.8.8.8:53

232.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

232.187.250.142.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

p.typekit.net

dns

IEXPLORE.EXE

118 B
170 B
2
1

DNS Request

p.typekit.net

DNS Request

p.typekit.net

DNS Response

104.97.14.227

104.97.15.57
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

88.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

88.134.221.88.in-addr.arpa
8.8.8.8:53

secure.statcounter.com

dns

IEXPLORE.EXE

136 B
100 B
2
1

DNS Request

secure.statcounter.com

DNS Request

secure.statcounter.com

DNS Response

104.20.94.138

104.20.95.138
8.8.8.8:53

region1.analytics.google.com

dns

IEXPLORE.EXE

74 B
106 B
1
1

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

stats.g.doubleclick.net

dns

IEXPLORE.EXE

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

74.125.206.157

74.125.206.156

74.125.206.155

74.125.206.154
8.8.8.8:53

www.google.co.uk

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

www.google.co.uk

DNS Response

172.217.169.35
8.8.8.8:53

227.14.97.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

227.14.97.104.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

138.94.20.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

138.94.20.104.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

35.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.169.217.172.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

157.206.125.74.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

157.206.125.74.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

crl.usertrust.com

dns

IEXPLORE.EXE

126 B
288 B
2
2

DNS Request

crl.usertrust.com

DNS Request

crl.usertrust.com

DNS Response

104.18.38.233

172.64.149.23

DNS Response

172.64.149.23

104.18.38.233
8.8.8.8:53

c.statcounter.com

dns

IEXPLORE.EXE

126 B
95 B
2
1

DNS Request

c.statcounter.com

DNS Request

c.statcounter.com

DNS Response

104.20.94.138

104.20.95.138
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

144 B
134 B
2
1

DNS Request

233.38.18.104.in-addr.arpa

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

48.229.111.52.in-addr.arpa

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCAD2.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\recaptcha__en[1].js

Filesize
502KB

MD5
37c6af40dd48a63fcc1be84eaaf44f05

SHA1
1d708ace806d9e78a21f2a5f89424372e249f718

SHA256
daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24

SHA512
a159bf35fc7f6efdbe911b2f24019dca5907db8cf9ba516bf18e3a228009055bcd9b26a3486823d56eacc391a3e0cc4ae917607bd95a3ad2f02676430de03e07

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response