2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
18s
max time network
28s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 21:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1184	Process not Found
2636	XMouseButtonControl.exe

Loads dropped DLL 9 IoCs

pid	Process
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
2636	XMouseButtonControl.exe
2636	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000700000001624f-133.dat	nsis_installer_1
behavioral1/files/0x000700000001624f-133.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "319"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "319"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "319"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C224C831-CF6F-11EE-8646-6A1079A24C90} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "32"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
800	iexplore.exe
2636	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2636	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2636	XMouseButtonControl.exe
800	iexplore.exe
800	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
2636	XMouseButtonControl.exe
2636	XMouseButtonControl.exe
2636	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 3020	800	iexplore.exe	31
PID 800 wrote to memory of 3020	800	iexplore.exe	31
PID 800 wrote to memory of 3020	800	iexplore.exe	31
PID 800 wrote to memory of 3020	800	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:3056

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3020

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2636

Network

DNS

www.highrez.co.uk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.highrez.co.uk

IN A

Response

www.highrez.co.uk

IN A

188.74.78.172
DNS

repository.certum.pl

XMouseButtonControl.exe

Remote address:

8.8.8.8:53

Request

repository.certum.pl

IN A

Response

repository.certum.pl

IN CNAME

repository.akamai.certum.pl

repository.akamai.certum.pl

IN CNAME

repository.certum.pl.edgekey.net

repository.certum.pl.edgekey.net

IN CNAME

e99038.dscb.akamaiedge.net

e99038.dscb.akamaiedge.net

IN A

23.48.165.139

e99038.dscb.akamaiedge.net

IN A

23.48.165.155
GET

http://repository.certum.pl/ctnca.cer

XMouseButtonControl.exe

Remote address:

23.48.165.139:80

Request

GET /ctnca.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: repository.certum.pl

Response

HTTP/1.1 200 OK

Content-Type: application/pkix-cert
Content-Length: 959
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 06 Mar 2020 09:54:02 GMT
Accept-Ranges: bytes
Cache-Control: public, max-age=639
Date: Mon, 19 Feb 2024 21:42:23 GMT
Connection: keep-alive
GET

http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64

IEXPLORE.EXE

Remote address:

188.74.78.172:80

Request

GET /scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html; charset=UTF-8
Location: https://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
Server: Microsoft-IIS/10.0
X-Clacks-Overhead: GNU Terry Pratchett
X-Powered-By: ASP.NET
Date: Mon, 19 Feb 2024 21:42:23 GMT
Content-Length: 256
GET

https://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64

IEXPLORE.EXE

Remote address:

188.74.78.172:443

Request

GET /scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 302 Object moved

Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Expires: Mon, 19 Feb 2024 21:42:24 GMT
Location: //dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDSEACRCQD=AGKECHDBAHBGLDJFHKBBGMIF; secure; path=/
X-Clacks-Overhead: GNU Terry Pratchett
X-Powered-By: ASP.NET
Date: Mon, 19 Feb 2024 21:42:24 GMT
Content-Length: 201
DNS

dvps.highrez.co.uk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dvps.highrez.co.uk

IN A

Response

dvps.highrez.co.uk

IN A

208.87.103.217

dvps.highrez.co.uk

IN A

149.255.97.140
GET

https://dvps.highrez.co.uk/downloads/js/jquery-3.6.3-min.js

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/js/jquery-3.6.3-min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Date: Mon, 19 Feb 2024 21:42:25 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Length: 602
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET

https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/XMouse_installed.htm?Platform=x64?version=2200500 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:25 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Wed, 14 Feb 2024 23:24:15 GMT
ETag: "2986-6115fcf2ad8e5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3816
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
GET

https://dvps.highrez.co.uk/downloads/css/default.css

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/css/default.css HTTP/1.1
Accept: text/css, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:25 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Wed, 14 Feb 2024 23:25:53 GMT
ETag: "1669-6115fd50447c2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 1625
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
GET

https://dvps.highrez.co.uk/downloads/css/cryptodonate.css

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/css/cryptodonate.css HTTP/1.1
Accept: text/css, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:25 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Mon, 29 Jun 2020 09:14:22 GMT
ETag: "a7f-5a9357c07bb4f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 811
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
GET

https://dvps.highrez.co.uk/downloads/css/cryptodonate.dark.css

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/css/cryptodonate.dark.css HTTP/1.1
Accept: text/css, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:25 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Mon, 29 Jun 2020 09:14:22 GMT
ETag: "cd-5a9357c07af97-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 105
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
GET

https://dvps.highrez.co.uk/downloads/css/cryptodonate.pink.css

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/css/cryptodonate.pink.css HTTP/1.1
Accept: text/css, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Mon, 29 Jun 2020 09:14:22 GMT
ETag: "15d-5a9357c085f5f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 146
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
GET

https://dvps.highrez.co.uk/downloads/css/cryptodonate.green.css

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/css/cryptodonate.green.css HTTP/1.1
Accept: text/css, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Mon, 29 Jun 2020 09:14:22 GMT
ETag: "162-5a9357c085f5f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 148
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
GET

https://dvps.highrez.co.uk/downloads/css/magnific-popup.css

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/css/magnific-popup.css HTTP/1.1
Accept: text/css, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 26 Feb 2019 12:10:11 GMT
ETag: "1c86-582caf06441e8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 1830
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
GET

https://dvps.highrez.co.uk/downloads/js/widget.js

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/js/widget.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Length: 602
Connection: close
Content-Type: text/html; charset=iso-8859-1
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.184

a1952.dscq.akamai.net

IN A

96.17.179.205
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

96.17.179.184:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 19 Feb 2024 22:42:25 GMT
Date: Mon, 19 Feb 2024 21:42:25 GMT
Connection: keep-alive
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

96.17.179.184:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 19 Feb 2024 22:42:25 GMT
Date: Mon, 19 Feb 2024 21:42:25 GMT
Connection: keep-alive
GET

https://dvps.highrez.co.uk/downloads/images/hdacharity.jpg

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/images/hdacharity.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Fri, 05 Jan 2024 18:19:45 GMT
ETag: "3d1a-60e36e48d169d"
Accept-Ranges: bytes
Content-Length: 15642
Cache-Control: max-age=3024000, public
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
GET

https://dvps.highrez.co.uk/downloads/js/cryptodonate.js

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/js/cryptodonate.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Length: 602
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET

https://dvps.highrez.co.uk/downloads/images/janey.jpg

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/images/janey.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 26 Feb 2019 12:10:11 GMT
ETag: "79e-582caf064bee8"
Accept-Ranges: bytes
Content-Length: 1950
Cache-Control: max-age=3024000, public
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
DNS

connect.facebook.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.147.23
DNS

www.paypalobjects.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.paypalobjects.com

IN A

Response

www.paypalobjects.com

IN CNAME

ppo.glb.paypal.com

ppo.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
GET

http://connect.facebook.net/en_US/all.js

IEXPLORE.EXE

Remote address:

163.70.147.23:80

Request

GET /en_US/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://connect.facebook.net/en_US/all.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 19 Feb 2024 21:42:25 GMT
Connection: keep-alive
Content-Length: 0
GET

https://www.paypalobjects.com/en_GB/i/scr/pixel.gif

IEXPLORE.EXE

Remote address:

192.229.221.25:443

Request

GET /en_GB/i/scr/pixel.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.paypalobjects.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: s-maxage=31536000, public,max-age=3600
Content-Type: image/gif
Date: Mon, 19 Feb 2024 21:42:26 GMT
DC: ccg11-origin-www-1.paypal.com
Etag: "642b3574-2b"
Expires: Mon, 19 Feb 2024 22:42:26 GMT
Last-Modified: Mon, 03 Apr 2023 20:22:12 GMT
Paypal-Debug-Id: a48f7a1cfcd1e
Server: ECAcc (lhd/3589)
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com
Traceparent: 00-0000000000000000000a48f7a1cfcd1e-de02806a15712039-01
X-Cache: HIT
X-Content-Type-Options: nosniff
Content-Length: 43
GET

https://www.paypalobjects.com/en_GB/i/btn/btn_donate_LG.gif

IEXPLORE.EXE

Remote address:

192.229.221.25:443

Request

GET /en_GB/i/btn/btn_donate_LG.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.paypalobjects.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: s-maxage=31536000, public,max-age=3600
Content-Type: image/gif
Date: Mon, 19 Feb 2024 21:42:26 GMT
DC: ccg11-origin-www-1.paypal.com
Etag: "642b3570-6b2"
Expires: Mon, 19 Feb 2024 22:42:26 GMT
Last-Modified: Mon, 03 Apr 2023 20:22:08 GMT
Paypal-Debug-Id: e0a5cf07bccb2
Server: ECAcc (lhd/35A5)
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com
Traceparent: 00-0000000000000000000e0a5cf07bccb2-8e351439263e10fa-01
X-Cache: HIT
X-Content-Type-Options: nosniff
Content-Length: 1714
GET

https://connect.facebook.net/en_US/all.js

IEXPLORE.EXE

Remote address:

163.70.147.23:443

Request

GET /en_US/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: a3677f3a27c2fdbe0454f631950d4fd6
ETag: "1929a4231d63ed593c1b0259c4f39a93"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Mon, 19 Feb 2024 22:01:09 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
document-policy: force-load-at-top
permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
X-Content-Type-Options: nosniff
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-Frame-Options: DENY
origin-agent-cluster: ?0
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
content-md5: zoXPAWj0YueQPFmEwD55Bg==
X-FB-Debug: mUDu+E6OGSN/K4nNw6aNeCOxJ5cgw28EXOZ82lll4Dgolzlf3ax6hsDAU4ijcIwMGrlMXRuZ8IGpnXqxmDwPGA==
Date: Mon, 19 Feb 2024 21:42:26 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1686
GET

https://dvps.highrez.co.uk/downloads/images/xmbcicon.png

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/images/xmbcicon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:26 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 26 Feb 2019 12:10:11 GMT
ETag: "ac8-582caf064bee8"
Accept-Ranges: bytes
Content-Length: 2760
Cache-Control: max-age=3024000, public
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
GET

https://dvps.highrez.co.uk/scripts/cookie-consent.js

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /scripts/cookie-consent.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:27 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Fri, 10 Mar 2023 12:54:56 GMT
ETag: "3e868-5f68b44ad99b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3024000, public
Content-Length: 59300
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
GET

https://dvps.highrez.co.uk/downloads/images/xmbc.ico

IEXPLORE.EXE

Remote address:

208.87.103.217:443

Request

GET /downloads/images/xmbc.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: dvps.highrez.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:28 GMT
Server: Apache/2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 26 Feb 2019 12:10:11 GMT
ETag: "e36-582caf064bb00"
Accept-Ranges: bytes
Content-Length: 3638
Cache-Control: max-age=3024000, public
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.178.2
GET

https://googleads.g.doubleclick.net/pagead/html/r20240215/r20190131/zrt_lookup.html

IEXPLORE.EXE

Remote address:

142.250.178.2:443

Request

GET /pagead/html/r20240215/r20190131/zrt_lookup.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 4688
X-XSS-Protection: 0
Date: Mon, 19 Feb 2024 19:35:12 GMT
Expires: Mon, 04 Mar 2024 19:35:12 GMT
Cache-Control: public, max-age=1209600
Age: 7636
ETag: 10668429588327695334
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615

IEXPLORE.EXE

Remote address:

142.250.178.2:443

Request

GET /pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Observe-Browsing-Topics: ?1
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 19 Feb 2024 21:42:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 19-Feb-2024 21:57:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Mon, 19 Feb 2024 21:42:32 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA

IEXPLORE.EXE

Remote address:

142.250.178.2:443

Request

GET /xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 19 Feb 2024 21:42:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
Set-Cookie: IDE=AHWqTUk9oVC2WF7HVQx30hWQnSF0bGtU9OqYbJjQrNOiETU9RfROV0NQh-48IjFJ; expires=Sat, 15-Mar-2025 21:42:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Mon, 19 Feb 2024 21:42:32 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah2dl8PzIDSZ_iKs5FPy4j87D-KaPWJU62Z7iawuRJunZflujyzHXuiQA37U-xQEJF50XMBzAUqF-bxyr1qXrDnQO2QusUfE-zQ_OK_gHwPW3qn1dEmpaAzTI3Mr09NNPAMEiIa6pKq9bS8AJS8VtEOOx0uf83UrXfIABAPelwQ49UpVXuNGp-VdPngXx0yCXTiNIBdrcNPNkhsH-USLbyM7N3JA&dbm_d=AKAmf-Bx_j4iGUHGF30uQFqvNNFCvgRJAbxRXY4_7UFuz2XaTocqsYuV-bvfDtUW7RQIiDcNBgUPtcnux6K8te39JslmFTMtcHP96Bum7DNzrLi_Ns5Q6OqfB11b6MFaicYG5sgDzQbuuKTlUVdlBlp3p3qcEP2TGBk55lViAl-ctt38pAvvuYjtfArNI-T4ghDTf9G-K3K2GPX04GKpQDxCql1WWgCyLsbsLn3YWweRaTo17ooT5Z9ygz2Cd2hWZkm8elPaQUUnqyXo1Faoj3F3-jCGFcmFfzr2AEh-gSpcnB2mJZ6Ys7WW891yKoUgzE9tT_kkezs6TWY3CYgjpuMjQ7pcAKqkpMjbTC3A1T5p9pB8l4mDXLtJGSNyTGWGnclx0InxieSeZ8NL5VYm74XNjdkT9Fonhy-7FlltC6EJg2fv8x6E6H5yqPEZ2enqX0a3M7pgvwJFS8_KnJ81ntmB5DA96DumYd52ODQR_yl-Tgb5-pkTufG4Q0K_qyvZ1uEd9YFvtJKxR5lKWzOw7m_v2IXJRnI_iOcVs9atyWhm-i0DrkZ-PttIYE6-wfc8sT88-BJH1xRI7OSGl5yeBwBxbHFZ4yuKuOtuXepSbfzwSiVYT9jmXtkN1HZllN7iJ-GB2iyKTUfmpJRWxGb2ZjGpzlgdxdtP4gPzn8dtU5vYg-RUNvAmrQya1uNYhCJNwZ9Zmnxg9dckMGtOTdsB3V6HSHCbr_2tCBRbZv_DmOUgop-4on5GssUEsnYZrFx5Bs_v8RPqkH3WWirtlajTeJizYYxReEcgA6MmIibrVMch_3l8R4t72zUTAmwROFEmWPlzkyziNawpUS-PW229pBziwQ45IglSASl2OMZCdEBBKakKNb692X9OZJQoA1pWc2gyAx9GSC2ZmZI4AqnizuOaYjtVkMypgW8mNJxF0ETfhufCBh5nJ_RiAPRT_3-Jp_rsZjfvtIRTjLOYR11PLKcdvYRiUSO479bi6pG1Zh0Fci8X8tbtzn2XLxp_TArgqy-CuH_BnPiuIf6zqfte1ZoFQCMRIEglRvwGwBWOLgSj9T-rOs4YWWUD1lYTr8WT7Fuoq_Mr8EMoke4zzlVMjobYsqg3E3ALlz4wTKb3B0NZHYoBaatebodgt6kZ2luLcUQ4Nfnzo5daFuOaA73a0Sw9dEjCS4m_Hoi-z1ezJSyI0D0Cva2l-Aqsyv6uhvxgSuXVOPK00Wm-Yg1XMEQGe-MXlJ529I8paxJs_nM_S35nUjeE5QmYFy1wjlnicuHHtxtFqOvbMoKk9OhQ6ok1SqdARhzkNPoDFVPexTHAibbXyxkMeQUuXT6CeM-4nNjPqmRqYqT7Q8xqDMIcklRV6BjmC6XEMOGTlh3d1HIieeEyYhtZxKgTQQILVTptgdi_lOB-Q_B0Xsr2Z38W_zFF7F2dOWg1ofyiH4i2cbYY_BFaw_0ZFduxQ2byXBcq6hP36Y7dOm-udhR-lzjLd-yu5d-jb2w6UO8EV5Lqk7Wv3qEwa53UHL-3NYdzZYWTI89CDH6KuUTJ9FA2MJRKKEuGhxT3VcwpaUFDjrLFaBTSLJJJ6W8DF2dvgEc29ThDRx7AI8AnQisTmxJBjm1Sqmf8CeGLZFeYk55s6N5SLq0szyI5IrXdEU8UhpIEz2s_w2EApKl3kDbgpAvAoVKyIwY9dGef7pFPeS2cOy5uGjWntk8PgddGHl6qXtzeDymfvo3y0CdDXyfRmQpzXVLqGVFg9dbx93rsYsss5Dyy7GIOHL9hMLgPG3C9UGN6CmqKz69gFn20aSkesgQ84N-ACkqBlyIKZdh1XHbgAPUyzLijb_XKq9n1FUNeRmUYmOCHsAdOsoZvCx1qlLrvZy2YLesQP3A70Cq62NMy4FD_Leg_c4WppEG7mUEtieZTtBTp2M_VmPCEYGywohjarBKDXDCmsyBZqAUbHrm-HQw89OyhCj3OgrDPrdnDRMUkD31X3FBXobzwrBfwAdUHuZMu2SKizdT62GuKCDQ8Q2XMt9O3OlFFMxmC-J7eZgaLS60JDcZeehVTtaEhgF39F1Z4OkYw_S1FGI40jNQU7fEdAstKTibfXA3dwp0CPIov8kKjHEJVQS9R34iUcqOebifhcHFlhEpzEhEBNtOjUJSvFNgYyISixx7uSnb-NhY_saKST27UmPInD5FcRvVUhQ_osRFfBWMMFRLGCtmJCaA_Uwc-FfoRCxHEYO-fTIBvZ2GLIWUpbJxR5c6yOcLLTvs6NNhD0xOGwWydEUDRaMeEB0u9p2gHNnW1QdsEXXzy-bRLLOkVM5Mkg2-NwhrAV9rNzZ6Wa_B-Mx2sHbpvhTweG2iTjXrNU7lclFrNT7h3Co_1TWcWoxENiKEBiPK_W_XEZdmudqwgbpw_dQWhZyZBeVvm8EDQwGknGhTb2P18RU8pKc_Rb_5nmgcxddoxxb3PjkTk8adTxel6LqTC16KJo-p-6ABzk59ZzI_SfxNg3vAsHZuJ6RnzPRuc6SYmv6oL2iS-otTwhTob9jZV15cycJ3LTavkfunVNPTnvxPiu8GDiDie1SSCewxH9juHfeY86dMy-tU6OL2l997i0NgMBNpLHRhTwWxbfl-tjV_DUpfuuyhPOjixHycLnd8a4qB45pIivsu5z37FNsDIeGs9aB3iSqCKjI_k2zxB4UDDX7LgP-J5OSohKbBtXERbcJ_ariEc4plMT0SzAamM9Cde6fJ0AVREAXsENNco3Eo7qwBJ6JSKlVqm06szpAw7LxJXmwNkUqHwRXlhAeQH31u7pjOxNVfysbyu9VNaDQAdd2IKaHqCwjRMiAXeouncXz6mn-Ah86ZiWdMdHyhHRgVXJkDILKNYJBz0MOERTi4EHqZocFH_qEKC9ID4fd6v431GoMwryttrKMqxgsqqT_yhtIlwyijR2VN9mj3pMPz0CRlaDeUF_5yJ9-HJhg4L3sViuuqmj_JE2cvMuoh6Bf1M9K9hCwaW3JnlcDUoyK1GLApSVPigZsUwJokzcAfSREMPQSgw4IRx3DOHfloujNAMb2jz29JnuoluB40qOzZUA7NjDWpKdRqYY5DVYcKL9rIvJt0KNmnqB2GGt_HOMFytyhNylRSz-_eVdbASIBMXl8F-0vb0AnZvqUam_wf_EDOLLclrRn7U4fV4cCVuR6Hl2jNPcb1h2a-_ws1RfI-Vu6Mf0acSGTZYkAuIp6vyNdv1gAzqWN5Wy04BU027dogJOnHVK1WcNexBQDmTXJwdxYTcM1ziPSRF-Xer9pWYKp-0dmLqNR9iFeTwGwNROuetCMg01STuUg9tJ9DpTVw2T7eIlOHgQkKqlHK18rvmsCIyjOCY7mw96lWsS_Y9Yt8v3IuqzoEI4G3JNcZCGzW5w5h3sNxxKYYphAxdKUSl3D79i9YxzxwLuZsaOhLHqOPR0wcCp68mZ6pLYjRXH08lqxuCtyDsS256xdZlwlGECJipVD-hdGIwtQKNMbrcpWh1Joehyadfg7TYjZsWgL0RMOYDlhZ3o3tqDX4ssmtn_FqFYYynYXY4pkURUhH0fnfnMrZBz3lm6n8Dj1GhHN3j8jWf-wepsIyS6tOJIeDsqIihZcbYGkLnA4xvcuUIk-_NRGxIl4iCqBQBOVoS4Krs1SsY_ycxBAy00RiVG40zOM2L3r8mr6gf7J-NrimLyz0sEhPh49lQZBwT33mEZ8hdw-qWp9YWZ-2ZJ2wuimGMy1A5pJWWHuWpllLZciazHEQIm2AouDmXK4VrWRp2_DYBwPsu9hWiaA040etsHOCa9XDxOAOSlkqpy1t4TIXXCg_G9FFULPbCzqP8yBuK0PBF_Igr1B0qk0uODjhWlvyoSxSU7neHUS5PKoZz3WZjMGHzQFZmhHnqMBZjGQFxqNad72ieP5UtiqKEeJzjX1p_FXJnQxFbMEQZcicGOz8E17V2o9ofKUhw72JsUHh_Qm0YZ5k1LBmaUKMQGpb8DQSAv3eDOfyfvW0XvMdjDa7zq8pO01JgP5NzUBBJYIkJPvKQOuxf_CrKgdg1x6b7PbRN1N6ZE7CvV1355uyT4bwhiMWLfn4G2PpGdmbTGeTdTE-qvkMFJwji1GWf_0Lz78uXR--YWXPvghyW6v6KkHswvh15v7QdostLUAEp8mDa9mWGzj4DyVErbmaouPYGCQwtF8Y4DYM7EuUJCl_QquZ_jlTN4EKsw8AqfcY_jj5fya6Lcvalr_w54mx20ajiLHBk5aj3VB6bKFg-834tQCG8mKKVAOMc90Nfj7_JzxuPRJGzvM8uKuEAVZr9OwYIDeZ46GnDKFtJvoZwoxH_OnQCFoBVffJpX0rPieFwWDOGScm0YNiBJ63jr70aImMEsOPsnnuu4glBdFah1fMVxnFVk6P5jEGaIkAcDz4nItfTEVEQf0101V8h5dNTcLR93im7KWX0WyijAVD5eqHkqhtxHhcI3QKYX9OzjEtSGaEks-uC14HR2-6Za-9zCZKQwRRHWKeEkqs_kO77l7kGVo4Q0X8V70bfgPKw619nkbT49mO2qMTp2H23Y6rX6nfVepDF&cid=CAQSTgAvHhf_IzEDrEprX4RbbanaG_74geLAoqnumOoaTCyNdczFpQaJ1r_0qTr4YOcCGonAeS7Wnmry84icSDmV0_LKK9y8kA6K__P_GSNSPRgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm&ds=l&xdt=1&iif=1&cor=17330574041691990000&adk=3476589349&idt=132&dtd=67

IEXPLORE.EXE

Remote address:

142.250.178.2:443

Request

GET /dbm/ad?dbm_c=AKAmf-Ah2dl8PzIDSZ_iKs5FPy4j87D-KaPWJU62Z7iawuRJunZflujyzHXuiQA37U-xQEJF50XMBzAUqF-bxyr1qXrDnQO2QusUfE-zQ_OK_gHwPW3qn1dEmpaAzTI3Mr09NNPAMEiIa6pKq9bS8AJS8VtEOOx0uf83UrXfIABAPelwQ49UpVXuNGp-VdPngXx0yCXTiNIBdrcNPNkhsH-USLbyM7N3JA&dbm_d=AKAmf-Bx_j4iGUHGF30uQFqvNNFCvgRJAbxRXY4_7UFuz2XaTocqsYuV-bvfDtUW7RQIiDcNBgUPtcnux6K8te39JslmFTMtcHP96Bum7DNzrLi_Ns5Q6OqfB11b6MFaicYG5sgDzQbuuKTlUVdlBlp3p3qcEP2TGBk55lViAl-ctt38pAvvuYjtfArNI-T4ghDTf9G-K3K2GPX04GKpQDxCql1WWgCyLsbsLn3YWweRaTo17ooT5Z9ygz2Cd2hWZkm8elPaQUUnqyXo1Faoj3F3-jCGFcmFfzr2AEh-gSpcnB2mJZ6Ys7WW891yKoUgzE9tT_kkezs6TWY3CYgjpuMjQ7pcAKqkpMjbTC3A1T5p9pB8l4mDXLtJGSNyTGWGnclx0InxieSeZ8NL5VYm74XNjdkT9Fonhy-7FlltC6EJg2fv8x6E6H5yqPEZ2enqX0a3M7pgvwJFS8_KnJ81ntmB5DA96DumYd52ODQR_yl-Tgb5-pkTufG4Q0K_qyvZ1uEd9YFvtJKxR5lKWzOw7m_v2IXJRnI_iOcVs9atyWhm-i0DrkZ-PttIYE6-wfc8sT88-BJH1xRI7OSGl5yeBwBxbHFZ4yuKuOtuXepSbfzwSiVYT9jmXtkN1HZllN7iJ-GB2iyKTUfmpJRWxGb2ZjGpzlgdxdtP4gPzn8dtU5vYg-RUNvAmrQya1uNYhCJNwZ9Zmnxg9dckMGtOTdsB3V6HSHCbr_2tCBRbZv_DmOUgop-4on5GssUEsnYZrFx5Bs_v8RPqkH3WWirtlajTeJizYYxReEcgA6MmIibrVMch_3l8R4t72zUTAmwROFEmWPlzkyziNawpUS-PW229pBziwQ45IglSASl2OMZCdEBBKakKNb692X9OZJQoA1pWc2gyAx9GSC2ZmZI4AqnizuOaYjtVkMypgW8mNJxF0ETfhufCBh5nJ_RiAPRT_3-Jp_rsZjfvtIRTjLOYR11PLKcdvYRiUSO479bi6pG1Zh0Fci8X8tbtzn2XLxp_TArgqy-CuH_BnPiuIf6zqfte1ZoFQCMRIEglRvwGwBWOLgSj9T-rOs4YWWUD1lYTr8WT7Fuoq_Mr8EMoke4zzlVMjobYsqg3E3ALlz4wTKb3B0NZHYoBaatebodgt6kZ2luLcUQ4Nfnzo5daFuOaA73a0Sw9dEjCS4m_Hoi-z1ezJSyI0D0Cva2l-Aqsyv6uhvxgSuXVOPK00Wm-Yg1XMEQGe-MXlJ529I8paxJs_nM_S35nUjeE5QmYFy1wjlnicuHHtxtFqOvbMoKk9OhQ6ok1SqdARhzkNPoDFVPexTHAibbXyxkMeQUuXT6CeM-4nNjPqmRqYqT7Q8xqDMIcklRV6BjmC6XEMOGTlh3d1HIieeEyYhtZxKgTQQILVTptgdi_lOB-Q_B0Xsr2Z38W_zFF7F2dOWg1ofyiH4i2cbYY_BFaw_0ZFduxQ2byXBcq6hP36Y7dOm-udhR-lzjLd-yu5d-jb2w6UO8EV5Lqk7Wv3qEwa53UHL-3NYdzZYWTI89CDH6KuUTJ9FA2MJRKKEuGhxT3VcwpaUFDjrLFaBTSLJJJ6W8DF2dvgEc29ThDRx7AI8AnQisTmxJBjm1Sqmf8CeGLZFeYk55s6N5SLq0szyI5IrXdEU8UhpIEz2s_w2EApKl3kDbgpAvAoVKyIwY9dGef7pFPeS2cOy5uGjWntk8PgddGHl6qXtzeDymfvo3y0CdDXyfRmQpzXVLqGVFg9dbx93rsYsss5Dyy7GIOHL9hMLgPG3C9UGN6CmqKz69gFn20aSkesgQ84N-ACkqBlyIKZdh1XHbgAPUyzLijb_XKq9n1FUNeRmUYmOCHsAdOsoZvCx1qlLrvZy2YLesQP3A70Cq62NMy4FD_Leg_c4WppEG7mUEtieZTtBTp2M_VmPCEYGywohjarBKDXDCmsyBZqAUbHrm-HQw89OyhCj3OgrDPrdnDRMUkD31X3FBXobzwrBfwAdUHuZMu2SKizdT62GuKCDQ8Q2XMt9O3OlFFMxmC-J7eZgaLS60JDcZeehVTtaEhgF39F1Z4OkYw_S1FGI40jNQU7fEdAstKTibfXA3dwp0CPIov8kKjHEJVQS9R34iUcqOebifhcHFlhEpzEhEBNtOjUJSvFNgYyISixx7uSnb-NhY_saKST27UmPInD5FcRvVUhQ_osRFfBWMMFRLGCtmJCaA_Uwc-FfoRCxHEYO-fTIBvZ2GLIWUpbJxR5c6yOcLLTvs6NNhD0xOGwWydEUDRaMeEB0u9p2gHNnW1QdsEXXzy-bRLLOkVM5Mkg2-NwhrAV9rNzZ6Wa_B-Mx2sHbpvhTweG2iTjXrNU7lclFrNT7h3Co_1TWcWoxENiKEBiPK_W_XEZdmudqwgbpw_dQWhZyZBeVvm8EDQwGknGhTb2P18RU8pKc_Rb_5nmgcxddoxxb3PjkTk8adTxel6LqTC16KJo-p-6ABzk59ZzI_SfxNg3vAsHZuJ6RnzPRuc6SYmv6oL2iS-otTwhTob9jZV15cycJ3LTavkfunVNPTnvxPiu8GDiDie1SSCewxH9juHfeY86dMy-tU6OL2l997i0NgMBNpLHRhTwWxbfl-tjV_DUpfuuyhPOjixHycLnd8a4qB45pIivsu5z37FNsDIeGs9aB3iSqCKjI_k2zxB4UDDX7LgP-J5OSohKbBtXERbcJ_ariEc4plMT0SzAamM9Cde6fJ0AVREAXsENNco3Eo7qwBJ6JSKlVqm06szpAw7LxJXmwNkUqHwRXlhAeQH31u7pjOxNVfysbyu9VNaDQAdd2IKaHqCwjRMiAXeouncXz6mn-Ah86ZiWdMdHyhHRgVXJkDILKNYJBz0MOERTi4EHqZocFH_qEKC9ID4fd6v431GoMwryttrKMqxgsqqT_yhtIlwyijR2VN9mj3pMPz0CRlaDeUF_5yJ9-HJhg4L3sViuuqmj_JE2cvMuoh6Bf1M9K9hCwaW3JnlcDUoyK1GLApSVPigZsUwJokzcAfSREMPQSgw4IRx3DOHfloujNAMb2jz29JnuoluB40qOzZUA7NjDWpKdRqYY5DVYcKL9rIvJt0KNmnqB2GGt_HOMFytyhNylRSz-_eVdbASIBMXl8F-0vb0AnZvqUam_wf_EDOLLclrRn7U4fV4cCVuR6Hl2jNPcb1h2a-_ws1RfI-Vu6Mf0acSGTZYkAuIp6vyNdv1gAzqWN5Wy04BU027dogJOnHVK1WcNexBQDmTXJwdxYTcM1ziPSRF-Xer9pWYKp-0dmLqNR9iFeTwGwNROuetCMg01STuUg9tJ9DpTVw2T7eIlOHgQkKqlHK18rvmsCIyjOCY7mw96lWsS_Y9Yt8v3IuqzoEI4G3JNcZCGzW5w5h3sNxxKYYphAxdKUSl3D79i9YxzxwLuZsaOhLHqOPR0wcCp68mZ6pLYjRXH08lqxuCtyDsS256xdZlwlGECJipVD-hdGIwtQKNMbrcpWh1Joehyadfg7TYjZsWgL0RMOYDlhZ3o3tqDX4ssmtn_FqFYYynYXY4pkURUhH0fnfnMrZBz3lm6n8Dj1GhHN3j8jWf-wepsIyS6tOJIeDsqIihZcbYGkLnA4xvcuUIk-_NRGxIl4iCqBQBOVoS4Krs1SsY_ycxBAy00RiVG40zOM2L3r8mr6gf7J-NrimLyz0sEhPh49lQZBwT33mEZ8hdw-qWp9YWZ-2ZJ2wuimGMy1A5pJWWHuWpllLZciazHEQIm2AouDmXK4VrWRp2_DYBwPsu9hWiaA040etsHOCa9XDxOAOSlkqpy1t4TIXXCg_G9FFULPbCzqP8yBuK0PBF_Igr1B0qk0uODjhWlvyoSxSU7neHUS5PKoZz3WZjMGHzQFZmhHnqMBZjGQFxqNad72ieP5UtiqKEeJzjX1p_FXJnQxFbMEQZcicGOz8E17V2o9ofKUhw72JsUHh_Qm0YZ5k1LBmaUKMQGpb8DQSAv3eDOfyfvW0XvMdjDa7zq8pO01JgP5NzUBBJYIkJPvKQOuxf_CrKgdg1x6b7PbRN1N6ZE7CvV1355uyT4bwhiMWLfn4G2PpGdmbTGeTdTE-qvkMFJwji1GWf_0Lz78uXR--YWXPvghyW6v6KkHswvh15v7QdostLUAEp8mDa9mWGzj4DyVErbmaouPYGCQwtF8Y4DYM7EuUJCl_QquZ_jlTN4EKsw8AqfcY_jj5fya6Lcvalr_w54mx20ajiLHBk5aj3VB6bKFg-834tQCG8mKKVAOMc90Nfj7_JzxuPRJGzvM8uKuEAVZr9OwYIDeZ46GnDKFtJvoZwoxH_OnQCFoBVffJpX0rPieFwWDOGScm0YNiBJ63jr70aImMEsOPsnnuu4glBdFah1fMVxnFVk6P5jEGaIkAcDz4nItfTEVEQf0101V8h5dNTcLR93im7KWX0WyijAVD5eqHkqhtxHhcI3QKYX9OzjEtSGaEks-uC14HR2-6Za-9zCZKQwRRHWKeEkqs_kO77l7kGVo4Q0X8V70bfgPKw619nkbT49mO2qMTp2H23Y6rX6nfVepDF&cid=CAQSTgAvHhf_IzEDrEprX4RbbanaG_74geLAoqnumOoaTCyNdczFpQaJ1r_0qTr4YOcCGonAeS7Wnmry84icSDmV0_LKK9y8kA6K__P_GSNSPRgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm&ds=l&xdt=1&iif=1&cor=17330574041691990000&adk=3476589349&idt=132&dtd=67 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: IDE=AHWqTUk9oVC2WF7HVQx30hWQnSF0bGtU9OqYbJjQrNOiETU9RfROV0NQh-48IjFJ

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Feb 2024 21:42:32 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&adk=1812271804&adf=3025194257&lmt=1707953055&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16&dt=1708378946180&bpp=11&bdt=2164&idt=411&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&nras=1&correlator=4083935735226&frm=20&pv=1&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fsapi=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=3702

IEXPLORE.EXE

Remote address:

142.250.178.2:443

Request

GET /pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&adk=1812271804&adf=3025194257&lmt=1707953055&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16&dt=1708378946180&bpp=11&bdt=2164&idt=411&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&nras=1&correlator=4083935735226&frm=20&pv=1&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fsapi=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=3702 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 19 Feb 2024 21:42:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 19-Feb-2024 21:57:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Mon, 19 Feb 2024 21:42:32 GMT
Transfer-Encoding: chunked
DNS

fundingchoicesmessages.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.16.238
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 535
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:31 GMT
Cross-Origin-Opener-Policy: same-origin
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Content-Security-Policy: script-src 'nonce-Ph8YSbrhqHcGeEn8f-HE_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://fundingchoicesmessages.google.com/f/AGSKWxU8kE4Czsz0gQDxgrvMExis3X3tFk1ibAPkPTa8263K0njM0BFVZyJvG4acYKspijBQAe0B8jr04iDmMHVqkmvAUmOwiFKZbXOUUwJeKWqB8kurx1XUZdSKhgnFbCKRf5A3GcBayg==?fccs=W251bGwsbnVsbCxbIkNQNk9nUUFQNk9nUUFFc0FDQkVOQW5Fb0FQX2dBRVBnQUF3SUlOSkQ3RDdGYlNGQ3dIcHphTHNBTUFoSFJzQ0FRb1FBQUFTQkFtQUJRQUtRSUFRQ2drQVFGQVNnQkFBQ0FBQUFJQ1pCSVFBRUNBQUFDVUFBUUFBQUFBQUVBQUFBQUFBSUlBQUFnQUVBQUFBSUFBQUNBQUFBRUFBSUFBQUFFQUFBbUFnQUFJSUFDQUFBaEFBQUFBQUFBQUFBQUFBQUFnQUFBQUFBQUFBQUFBQUFBQUFBQVFPaFFEMkYySzJrS0ZrUENtUVdZQVFCQ2lqWUVBaFFBQUFBa0NCSUFBZ0FVZ1FBZ0ZJSUFnQUlGQUFBQUFBQUFBUUVnQ1FBQVFBQkFBQUlBQ2dBQUFBQUFJQUFBQUFBQVFRQUFBQUFJQUFBQUFBQUFFQUFBQUFBQVFBQUFBSUFBQkVoQ0FBUVFBRUFBQUFBQUFRQUFBQUFBQUFBQUFCQUFBIiwiMn4yMDcyLjcwLjg5LjkzLjEwOC4xMjIuMTQ5LjE5Ni4yMjUzLjIyOTkuMjU5LjIzNTcuMzExLjMxMy4zMjMuMjM3My4zMzguMzU4LjI0MTUuNDE1LjQ0OS4yNTA2LjI1MjYuNDg2LjQ5NC40OTUuMjU2OC4yNTcxLjI1NzUuNTQwLjU3NC4yNjI0LjYwOS4yNjc3Ljg2NC45ODEuMTAyOS4xMDQ4LjEwNTEuMTA5NS4xMDk3LjExMjYuMTIwMS4xMjA1LjEyMTEuMTI3Ni4xMzAxLjEzNDQuMTM2NS4xNDE1LjE0MjMuMTQ0OS4xNDUxLjE1NzAuMTU3Ny4xNTk4LjE2NTEuMTcxNi4xNzM1LjE3NTMuMTc2NS4xODcwLjE4NzguMTg4OS4xOTU4fmR2LiJdLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTQ5LDg5NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOF0sbnVsbCwxLG51bGwsImVuIl0sImh0dHBzOi8vZHZwcy5oaWdocmV6LmNvLnVrL2Rvd25sb2Fkcy9YTW91c2VfaW5zdGFsbGVkLmh0bSIsbnVsbCxbWzgsIm9IUUI5T2U3Q1U0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIxIl1dXQ

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /f/AGSKWxU8kE4Czsz0gQDxgrvMExis3X3tFk1ibAPkPTa8263K0njM0BFVZyJvG4acYKspijBQAe0B8jr04iDmMHVqkmvAUmOwiFKZbXOUUwJeKWqB8kurx1XUZdSKhgnFbCKRf5A3GcBayg==?fccs=W251bGwsbnVsbCxbIkNQNk9nUUFQNk9nUUFFc0FDQkVOQW5Fb0FQX2dBRVBnQUF3SUlOSkQ3RDdGYlNGQ3dIcHphTHNBTUFoSFJzQ0FRb1FBQUFTQkFtQUJRQUtRSUFRQ2drQVFGQVNnQkFBQ0FBQUFJQ1pCSVFBRUNBQUFDVUFBUUFBQUFBQUVBQUFBQUFBSUlBQUFnQUVBQUFBSUFBQUNBQUFBRUFBSUFBQUFFQUFBbUFnQUFJSUFDQUFBaEFBQUFBQUFBQUFBQUFBQUFnQUFBQUFBQUFBQUFBQUFBQUFBQVFPaFFEMkYySzJrS0ZrUENtUVdZQVFCQ2lqWUVBaFFBQUFBa0NCSUFBZ0FVZ1FBZ0ZJSUFnQUlGQUFBQUFBQUFBUUVnQ1FBQVFBQkFBQUlBQ2dBQUFBQUFJQUFBQUFBQVFRQUFBQUFJQUFBQUFBQUFFQUFBQUFBQVFBQUFBSUFBQkVoQ0FBUVFBRUFBQUFBQUFRQUFBQUFBQUFBQUFCQUFBIiwiMn4yMDcyLjcwLjg5LjkzLjEwOC4xMjIuMTQ5LjE5Ni4yMjUzLjIyOTkuMjU5LjIzNTcuMzExLjMxMy4zMjMuMjM3My4zMzguMzU4LjI0MTUuNDE1LjQ0OS4yNTA2LjI1MjYuNDg2LjQ5NC40OTUuMjU2OC4yNTcxLjI1NzUuNTQwLjU3NC4yNjI0LjYwOS4yNjc3Ljg2NC45ODEuMTAyOS4xMDQ4LjEwNTEuMTA5NS4xMDk3LjExMjYuMTIwMS4xMjA1LjEyMTEuMTI3Ni4xMzAxLjEzNDQuMTM2NS4xNDE1LjE0MjMuMTQ0OS4xNDUxLjE1NzAuMTU3Ny4xNTk4LjE2NTEuMTcxNi4xNzM1LjE3NTMuMTc2NS4xODcwLjE4NzguMTg4OS4xOTU4fmR2LiJdLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTQ5LDg5NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOF0sbnVsbCwxLG51bGwsImVuIl0sImh0dHBzOi8vZHZwcy5oaWdocmV6LmNvLnVrL2Rvd25sb2Fkcy9YTW91c2VfaW5zdGFsbGVkLmh0bSIsbnVsbCxbWzgsIm9IUUI5T2U3Q1U0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIxIl1dXQ HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fundingchoicesmessages.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Timing-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:31 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Security-Policy: script-src 'nonce-2k-Sl747zrSqwNHc-zJchQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsOoxSXF4KshxXDy1m2mi0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgZvzzgokTiN99eckk8PUlkwQQawHxO8lXTN-AeIePBwvfuumshuuns245M511DxDHPJ_OmgLEi1lnsK4G4imBM1jnALFT-gzWECD-nDmD9TcQ-9TPYI0DYiEejuPTzq9jE2jYcvoLEwAR2Eml"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 73
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Security-Policy: script-src 'nonce-CVE-3lDPR5cP7rATQo9i3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 73
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Security-Policy: script-src 'nonce-Zy8C-7Ui2BZN20PvbLzsKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy: same-origin
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://fundingchoicesmessages.google.com/f/AGSKWxXi7GW-8IDpFJSX-cPq8ze3j-iQbCArcckXHf3ypXpMwaf5ekdEefdyuCyas1aXSPQK30LEI2NSVKG_9FZyBBYZYcUOQ_9KZv4_SEE-pf-LM3tiv6pGubg7_TaSvNhI888zTEL3qw==?fccs=W251bGwsbnVsbCxbIkNQNk9nUUFQNk9nUUFFc0FDQkVOQW5Fb0FQX2dBRVBnQUF3SUlOSkQ3RDdGYlNGQ3dIcHphTHNBTUFoSFJzQ0FRb1FBQUFTQkFtQUJRQUtRSUFRQ2drQVFGQVNnQkFBQ0FBQUFJQ1pCSVFBRUNBQUFDVUFBUUFBQUFBQUVBQUFBQUFBSUlBQUFnQUVBQUFBSUFBQUNBQUFBRUFBSUFBQUFFQUFBbUFnQUFJSUFDQUFBaEFBQUFBQUFBQUFBQUFBQUFnQUFBQUFBQUFBQUFBQUFBQUFBQVFPaFFEMkYySzJrS0ZrUENtUVdZQVFCQ2lqWUVBaFFBQUFBa0NCSUFBZ0FVZ1FBZ0ZJSUFnQUlGQUFBQUFBQUFBUUVnQ1FBQVFBQkFBQUlBQ2dBQUFBQUFJQUFBQUFBQVFRQUFBQUFJQUFBQUFBQUFFQUFBQUFBQVFBQUFBSUFBQkVoQ0FBUVFBRUFBQUFBQUFRQUFBQUFBQUFBQUFCQUFBIiwiMn4yMDcyLjcwLjg5LjkzLjEwOC4xMjIuMTQ5LjE5Ni4yMjUzLjIyOTkuMjU5LjIzNTcuMzExLjMxMy4zMjMuMjM3My4zMzguMzU4LjI0MTUuNDE1LjQ0OS4yNTA2LjI1MjYuNDg2LjQ5NC40OTUuMjU2OC4yNTcxLjI1NzUuNTQwLjU3NC4yNjI0LjYwOS4yNjc3Ljg2NC45ODEuMTAyOS4xMDQ4LjEwNTEuMTA5NS4xMDk3LjExMjYuMTIwMS4xMjA1LjEyMTEuMTI3Ni4xMzAxLjEzNDQuMTM2NS4xNDE1LjE0MjMuMTQ0OS4xNDUxLjE1NzAuMTU3Ny4xNTk4LjE2NTEuMTcxNi4xNzM1LjE3NTMuMTc2NS4xODcwLjE4NzguMTg4OS4xOTU4fmR2LiJdLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTUwLDg1NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOCw2XSxudWxsLDEsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9kdnBzLmhpZ2hyZXouY28udWsvZG93bmxvYWRzL1hNb3VzZV9pbnN0YWxsZWQuaHRtIixudWxsLFtbOCwib0hRQjlPZTdDVTQiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXV1d

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /f/AGSKWxXi7GW-8IDpFJSX-cPq8ze3j-iQbCArcckXHf3ypXpMwaf5ekdEefdyuCyas1aXSPQK30LEI2NSVKG_9FZyBBYZYcUOQ_9KZv4_SEE-pf-LM3tiv6pGubg7_TaSvNhI888zTEL3qw==?fccs=W251bGwsbnVsbCxbIkNQNk9nUUFQNk9nUUFFc0FDQkVOQW5Fb0FQX2dBRVBnQUF3SUlOSkQ3RDdGYlNGQ3dIcHphTHNBTUFoSFJzQ0FRb1FBQUFTQkFtQUJRQUtRSUFRQ2drQVFGQVNnQkFBQ0FBQUFJQ1pCSVFBRUNBQUFDVUFBUUFBQUFBQUVBQUFBQUFBSUlBQUFnQUVBQUFBSUFBQUNBQUFBRUFBSUFBQUFFQUFBbUFnQUFJSUFDQUFBaEFBQUFBQUFBQUFBQUFBQUFnQUFBQUFBQUFBQUFBQUFBQUFBQVFPaFFEMkYySzJrS0ZrUENtUVdZQVFCQ2lqWUVBaFFBQUFBa0NCSUFBZ0FVZ1FBZ0ZJSUFnQUlGQUFBQUFBQUFBUUVnQ1FBQVFBQkFBQUlBQ2dBQUFBQUFJQUFBQUFBQVFRQUFBQUFJQUFBQUFBQUFFQUFBQUFBQVFBQUFBSUFBQkVoQ0FBUVFBRUFBQUFBQUFRQUFBQUFBQUFBQUFCQUFBIiwiMn4yMDcyLjcwLjg5LjkzLjEwOC4xMjIuMTQ5LjE5Ni4yMjUzLjIyOTkuMjU5LjIzNTcuMzExLjMxMy4zMjMuMjM3My4zMzguMzU4LjI0MTUuNDE1LjQ0OS4yNTA2LjI1MjYuNDg2LjQ5NC40OTUuMjU2OC4yNTcxLjI1NzUuNTQwLjU3NC4yNjI0LjYwOS4yNjc3Ljg2NC45ODEuMTAyOS4xMDQ4LjEwNTEuMTA5NS4xMDk3LjExMjYuMTIwMS4xMjA1LjEyMTEuMTI3Ni4xMzAxLjEzNDQuMTM2NS4xNDE1LjE0MjMuMTQ0OS4xNDUxLjE1NzAuMTU3Ny4xNTk4LjE2NTEuMTcxNi4xNzM1LjE3NTMuMTc2NS4xODcwLjE4NzguMTg4OS4xOTU4fmR2LiJdLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTUwLDg1NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOCw2XSxudWxsLDEsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9kdnBzLmhpZ2hyZXouY28udWsvZG93bmxvYWRzL1hNb3VzZV9pbnN0YWxsZWQuaHRtIixudWxsLFtbOCwib0hRQjlPZTdDVTQiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXV1d HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fundingchoicesmessages.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Timing-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Security-Policy: script-src 'nonce-pOOYe1VhUPGfqWxY5U_FjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KEhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6OE9POr2MT6Li14gkTAN28RIw"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxUGQuOILqTwHIeueRDAtt_wQyBfNM7fRrOH7ie04pxdD-UbTwTHed_DxSDKeZU521NkjxH-4KOozn3RUkrxJKDCI7toIU0udVA5I2WdUXNO3nWTv59Jnu7gU3k8SqiR_WeLKT-r8Q==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxUGQuOILqTwHIeueRDAtt_wQyBfNM7fRrOH7ie04pxdD-UbTwTHed_DxSDKeZU521NkjxH-4KOozn3RUkrxJKDCI7toIU0udVA5I2WdUXNO3nWTv59Jnu7gU3k8SqiR_WeLKT-r8Q== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 159
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Security-Policy: script-src 'nonce-BFqdTYjNz9mvWUR63ugNRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://fundingchoicesmessages.google.com/i/ca-pub-7587278386327705?ers=2

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /i/ca-pub-7587278386327705?ers=2 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fundingchoicesmessages.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Timing-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:28 GMT
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Security-Policy: script-src 'nonce-YE9MZEm-eVzAl9JTFV8XBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Resource-Policy: cross-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsKoxSXF4KIhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6OI9POr2MT6Fjwto8JANpTRDk"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://fundingchoicesmessages.google.com/f/AGSKWxXdS2PxTAWUi9ZwryvyJu8q2i0H71bqN9QVUdDALeU6us6VAmib-tyHooFESS7HzjQCzZhFV95FwBUKZQeS1QQMPlqYGc7Ro5YzCUybyBw82xr-CRpphj6AUJrOfLhXboZA0zzK2g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTQ3LDE2NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9kdnBzLmhpZ2hyZXouY28udWsvZG93bmxvYWRzL1hNb3VzZV9pbnN0YWxsZWQuaHRtIixudWxsLFtbOCwib0hRQjlPZTdDVTQiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXV1d

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /f/AGSKWxXdS2PxTAWUi9ZwryvyJu8q2i0H71bqN9QVUdDALeU6us6VAmib-tyHooFESS7HzjQCzZhFV95FwBUKZQeS1QQMPlqYGc7Ro5YzCUybyBw82xr-CRpphj6AUJrOfLhXboZA0zzK2g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTQ3LDE2NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9kdnBzLmhpZ2hyZXouY28udWsvZG93bmxvYWRzL1hNb3VzZV9pbnN0YWxsZWQuaHRtIixudWxsLFtbOCwib0hRQjlPZTdDVTQiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXV1d HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fundingchoicesmessages.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Timing-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:29 GMT
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
Content-Security-Policy: script-src 'nonce-iHjCiAu0ViWFu9ezLPMArA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self'
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KchxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIW6Oo9POr2MTuNBzxxQAnKNECw"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 92
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:29 GMT
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Security-Policy: script-src 'nonce-VMD7IKcIjGS075hyh5YMGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxUya1v2KaGYA65iCmrY4u6cKHnlUqlvBoJyqab3wYiSTPRU4OAJpP9Ilfog7diuG9FtaDA3wSNjLrERz-W0I7vTJKDDPQFrIcPj94pvd6d2jc-83wMODdT06Vp0p2ynUWsSs7Nhlg==?dmid=f7e62947008f5bca

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxUya1v2KaGYA65iCmrY4u6cKHnlUqlvBoJyqab3wYiSTPRU4OAJpP9Ilfog7diuG9FtaDA3wSNjLrERz-W0I7vTJKDDPQFrIcPj94pvd6d2jc-83wMODdT06Vp0p2ynUWsSs7Nhlg==?dmid=f7e62947008f5bca HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 159
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:31 GMT
Content-Security-Policy: script-src 'nonce-52oiuOCcQ5XPsaXyXp_9Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://fundingchoicesmessages.google.com/f/AGSKWxVmKlcZfbtHjpih5Z8odVD68b0Gnw5RlvD5eUdVz1E-Ez99BWjOEWwIsrFcTtdzvq9FkMeZIZ9_pd8hT8Far_CTZWl1mTfn42RL86uiOgcZxCWDM5iW94hMm8NoYMbV5MBnhv4WuSnFCEg5P2GQL7DxDuTK-VQh3XLAHSghNIeCa8-tdTogEGBWjpu5/_-advertisement./your_ad./ads/js./google/ad?-ContentAd-

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /f/AGSKWxVmKlcZfbtHjpih5Z8odVD68b0Gnw5RlvD5eUdVz1E-Ez99BWjOEWwIsrFcTtdzvq9FkMeZIZ9_pd8hT8Far_CTZWl1mTfn42RL86uiOgcZxCWDM5iW94hMm8NoYMbV5MBnhv4WuSnFCEg5P2GQL7DxDuTK-VQh3XLAHSghNIeCa8-tdTogEGBWjpu5/_-advertisement./your_ad./ads/js./google/ad?-ContentAd- HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fundingchoicesmessages.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Cross-Origin-Opener-Policy: same-origin
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
Content-Security-Policy: script-src 'nonce-YzeFt-hi_7IdxbGTILLFjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self'
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Resource-Policy: cross-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KohxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6OE9POr2MTmDF1zTdGANtNRGk"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 76
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Content-Security-Policy: script-src 'nonce-pidqWvEYgEwGI72HvUebfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 63
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Security-Policy: script-src 'nonce--M4L4177upPAGfko8ye_Rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

tpc.googlesyndication.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

216.58.212.225
DNS

tpc.googlesyndication.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A
DNS

cm.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

216.58.204.66
DNS

dsum-sec.casalemedia.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dsum-sec.casalemedia.com

IN A

Response

dsum-sec.casalemedia.com

IN A

172.64.151.101

dsum-sec.casalemedia.com

IN A

104.18.36.155
DNS

ib.adnxs.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

g.geo.appnexusgslb.net

g.geo.appnexusgslb.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.211.12

ib.anycast.adnxs.com

IN A

185.89.210.212
GET

https://ib.adnxs.com/setuid?entity=101&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&code=CAESEHLKJav853CBJRBb27t9NWw&google_cver=1

IEXPLORE.EXE

Remote address:

185.89.210.122:443

Request

GET /setuid?entity=101&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&code=CAESEHLKJav853CBJRBb27t9NWw&google_cver=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Redirection

Server: nginx/1.23.4
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26addtl_consent%3D1%7E1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70%26code%3DCAESEHLKJav853CBJRBb27t9NWw%26google_cver%3D1
AN-X-Request-Uuid: c62d744c-9dad-480e-8a90-cd95a8adfb25
Set-Cookie: uuid2=5002594541137323800; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 19-May-2024 21:42:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 89.149.23.59; 89.149.23.59; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

IEXPLORE.EXE

Remote address:

185.89.210.122:443

Request

GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
Cookie: uuid2=6635968695422994502

Response

HTTP/1.1 302 Found

Server: nginx/1.23.4
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzNTk2ODY5NTQyMjk5NDUwMg%3D%3D
AN-X-Request-Uuid: 13f4fe55-b10a-4477-8888-970833753195
Set-Cookie: uuid2=6635968695422994502; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 19-May-2024 21:42:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 89.149.23.59; 89.149.23.59; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}

IEXPLORE.EXE

Remote address:

185.89.210.122:443

Request

GET /getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Redirection

Server: nginx/1.23.4
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
AN-X-Request-Uuid: d53c16e5-7763-42c0-ab80-c9f1c8976789
Set-Cookie: uuid2=6635968695422994502; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 19-May-2024 21:42:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 89.149.23.59; 89.149.23.59; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26addtl_consent%3D1%7E1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70%26code%3DCAESEHLKJav853CBJRBb27t9NWw%26google_cver%3D1

IEXPLORE.EXE

Remote address:

185.89.210.122:443

Request

GET /bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26addtl_consent%3D1%7E1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70%26code%3DCAESEHLKJav853CBJRBb27t9NWw%26google_cver%3D1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
Cookie: uuid2=5002594541137323800

Response

HTTP/1.1 200 OK

Server: nginx/1.23.4
Date: Mon, 19 Feb 2024 21:42:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 13d31736-6336-458a-aea9-1435537e9255
Set-Cookie: anj=dTM7k!M41.D>6NRF']wIg2C$GrGc's!]tbPl1M>e)ZlrFUfJ+tGXxouS425#VB'[J_bjMT?o-<lQ8AV*aaS(=pP_y43If)y3KL9D3I?*bTsf=!; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 19-May-2024 21:42:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
Set-Cookie: uuid2=5002594541137323800; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 19-May-2024 21:42:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 89.149.23.59; 89.149.23.59; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D

IEXPLORE.EXE

Remote address:

172.64.151.101:443

Request

GET /rrum?ixi=0&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dsum-sec.casalemedia.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Mon, 19 Feb 2024 21:42:33 GMT
Content-Length: 0
Connection: keep-alive
Location: /rrum?addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&ixi=0&C=1
CF-Ray: 8581ae291f1323d8-LHR
CF-Cache-Status: DYNAMIC
Cache-Control: no-cache
Expires: 0
Set-Cookie: CMID=ZdPLSbmqPjEAAGQKADzVRgAA; Path=/; Domain=casalemedia.com; Expires=Tue, 18 Feb 2025 21:42:33 GMT; Max-Age=31536000; Secure; SameSite=None
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Set-Cookie: CMPS=4427; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Set-Cookie: CMPRO=4427; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJPEGdvarS5X2rI31KX%2BV5VTFgLDk1TPafircuzyf3bzCeBSOoqopAlefZKe%2BzwpsufVPo8%2FdLt96pMrzCAiuC79KE01v5eHe1an39BehfAfsEGK75NHRhK6RSwZEa99NL1KLlrAAkUdgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://dsum-sec.casalemedia.com/rrum?addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&ixi=0&C=1

IEXPLORE.EXE

Remote address:

172.64.151.101:443

Request

GET /rrum?addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&ixi=0&C=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dsum-sec.casalemedia.com
Connection: Keep-Alive
Cookie: CMID=ZdPLSbmqPjEAAGQKADzVRgAA; CMPS=4427; CMPRO=4427

Response

HTTP/1.1 302 Found

Date: Mon, 19 Feb 2024 21:42:33 GMT
Content-Length: 0
Connection: keep-alive
Location: https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdPLSbmqPjEAAGQKADzVRgAA
CF-Ray: 8581ae297fc223d8-LHR
CF-Cache-Status: DYNAMIC
Cache-Control: no-cache
Expires: 0
Set-Cookie: CMID=ZdPLSbmqPjEAAGQKADzVRgAA; Path=/; Domain=casalemedia.com; Expires=Tue, 18 Feb 2025 21:42:33 GMT; Max-Age=31536000; Secure; SameSite=None
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Set-Cookie: CMPRO=4427; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=saSwJk5NFX2tGDgBgARabKYWRLK8J7pKkwXznQcJa2nHx1W%2FpOyk2mzD9WE7NHszPaPUyAjdHqkktaQgV7LYRD4Jdnc1yZGw2vLeU68cUUfhTmV0HtBYymg4QqgVpgvqJTT3T2e6ueGFVg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA

IEXPLORE.EXE

Remote address:

172.64.151.101:443

Request

GET /rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Cookie: CMID=ZdPLSbmqPjEAAGQKADzVRgAA; CMPS=4427; CMPRO=4427
Connection: Keep-Alive
Host: dsum-sec.casalemedia.com

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
CF-Ray: 8581ae29f8ac23d8-LHR
CF-Cache-Status: DYNAMIC
Cache-Control: no-cache
Expires: 0
Set-Cookie: CMID=ZdPLSbmqPjEAAGQKADzVRgAA; Path=/; Domain=casalemedia.com; Expires=Tue, 18 Feb 2025 21:42:33 GMT; Max-Age=31536000; Secure; SameSite=None
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Set-Cookie: CMPRO=4427; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQ1AMQatuRQT%2BtgsyuE0nlY8bjqOSVUfto5PcbgTmLJXutkXdI9TbgxrvlvwJ3qJaiDxv1bopjio25MLzI0bqntWg5bzAnN7%2BxNWOEIkCWkxIdwjGeDD7k%2B93RN0TMx8IW5pAL9AhM3VOg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

IEXPLORE.EXE

Remote address:

172.64.151.101:443

Request

GET /rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dsum-sec.casalemedia.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Mon, 19 Feb 2024 21:42:33 GMT
Content-Length: 0
Connection: keep-alive
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&C=1
CF-Ray: 8581ae29bc26776d-LHR
CF-Cache-Status: DYNAMIC
Cache-Control: no-cache
Expires: 0
Set-Cookie: CMID=ZdPLSbmqPi8AAHrRAD0vxAAA; Path=/; Domain=casalemedia.com; Expires=Tue, 18 Feb 2025 21:42:33 GMT; Max-Age=31536000; Secure; SameSite=None
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Set-Cookie: CMPS=4425; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Set-Cookie: CMPRO=4425; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vor9C8C%2BbC6%2Bwl5ROPP0q6nItiYDPMs%2FfWof%2F4GPXdVe6PcbJ8iPj0Ivgd8%2Bat4jHu6Uf3q9Y%2BtsQxiafIZIlBZnkvO%2FWHV04ZTBpwhERb4tfHqqS0dCdWLmYUhP0%2F%2FUZVthLIPduFW0g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&C=1

IEXPLORE.EXE

Remote address:

172.64.151.101:443

Request

GET /rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&C=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dsum-sec.casalemedia.com
Connection: Keep-Alive
Cookie: CMID=ZdPLSbmqPi8AAHrRAD0vxAAA; CMPS=4425; CMPRO=4425

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
CF-Ray: 8581ae2a1ca6776d-LHR
CF-Cache-Status: DYNAMIC
Cache-Control: no-cache
Expires: 0
Set-Cookie: CMID=ZdPLSbmqPi8AAHrRAD0vxAAA; Path=/; Domain=casalemedia.com; Expires=Tue, 18 Feb 2025 21:42:33 GMT; Max-Age=31536000; Secure; SameSite=None
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Set-Cookie: CMPRO=4425; Path=/; Domain=casalemedia.com; Expires=Sun, 19 May 2024 21:42:33 GMT; Max-Age=7776000; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqJNMKlsS7%2FJe0HtyvHgSsCey6bOKirY5XBAnqQRsz%2FydgPOLJEfbbRjVwJd1UvMIQXuHu%2FkGgJF%2BU9ybN0iYyxdWPQtpyTjq5n%2B1OwCJaPIdTISJCmjIaLHvQ6neF6JUh7OziyiMRD%2BYA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: IDE=AHWqTUk9oVC2WF7HVQx30hWQnSF0bGtU9OqYbJjQrNOiETU9RfROV0NQh-48IjFJ

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://ib.adnxs.com/setuid?entity=101&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&code=CAESEHLKJav853CBJRBb27t9NWw&google_cver=1
Date: Mon, 19 Feb 2024 21:42:32 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 935
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: IDE=AHWqTUk9oVC2WF7HVQx30hWQnSF0bGtU9OqYbJjQrNOiETU9RfROV0NQh-48IjFJ

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70
Date: Mon, 19 Feb 2024 21:42:32 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 958
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzNTk2ODY5NTQyMjk5NDUwMg%3D%3D

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pixel?google_nid=appnexus&google_hm=NjYzNTk2ODY5NTQyMjk5NDUwMg%3D%3D HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: IDE=AHWqTUk9oVC2WF7HVQx30hWQnSF0bGtU9OqYbJjQrNOiETU9RfROV0NQh-48IjFJ

Response

HTTP/1.1 200 OK

Content-Type: image/png
Date: Mon, 19 Feb 2024 21:42:32 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Server: HTTP server (unknown)
Content-Length: 170
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdPLSbmqPjEAAGQKADzVRgAA

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pixel?gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdPLSbmqPjEAAGQKADzVRgAA HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: IDE=AHWqTUk9oVC2WF7HVQx30hWQnSF0bGtU9OqYbJjQrNOiETU9RfROV0NQh-48IjFJ

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA
Date: Mon, 19 Feb 2024 21:42:33 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 716
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

POST /el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w== HTTP/1.1
Accept: */*
Content-Type: text/plain
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: fundingchoicesmessages.google.com
Content-Length: 73
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 19 Feb 2024 21:42:32 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
Content-Security-Policy: script-src 'nonce-kbYdbqs4iQwmRnCfM1dn5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

fw.adsafeprotected.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fw.adsafeprotected.com

IN A

Response

fw.adsafeprotected.com

IN CNAME

iefw.adsafeprotected.com

iefw.adsafeprotected.com

IN CNAME

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

34.250.18.149

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

34.246.23.11

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

54.171.253.204

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

54.220.19.109

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

54.77.58.207

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

52.211.3.71

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

18.202.133.215

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

52.210.32.7
DNS

s0.2mdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s0.2mdn.net

IN A

Response

s0.2mdn.net

IN A

142.250.179.230
GET

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus.js

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /pagead/js/r20240215/r20110914/client/window_focus.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 1449
X-XSS-Protection: 0
Date: Mon, 19 Feb 2024 17:44:17 GMT
Expires: Mon, 04 Mar 2024 17:44:17 GMT
Cache-Control: public, max-age=1209600
Age: 14296
ETag: 18393213423120915576
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /sodar/sodar2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Date: Mon, 19 Feb 2024 21:42:33 GMT
Expires: Mon, 19 Feb 2024 21:42:33 GMT
Cache-Control: private, max-age=3000
ETag: "1637097310169751"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://tpc.googlesyndication.com/sodar/62bHydCX.html

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /sodar/62bHydCX.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Timing-Allow-Origin: *
Content-Length: 14538
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 16 Feb 2024 03:37:31 GMT
Expires: Sat, 15 Feb 2025 03:37:31 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 25 Aug 2023 23:48:00 GMT
Content-Type: text/html
Vary: Accept-Encoding
Age: 324302
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection.js

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /pagead/js/r20240215/r20110914/client/qs_click_protection.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 11734
X-XSS-Protection: 0
Date: Mon, 19 Feb 2024 03:48:10 GMT
Expires: Mon, 04 Mar 2024 03:48:10 GMT
Cache-Control: public, max-age=1209600
Age: 64463
ETag: 11364404989051962374
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /sodar/Q12zgMmT.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Timing-Allow-Origin: *
Content-Length: 15468
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 16 Feb 2024 03:45:37 GMT
Expires: Sat, 15 Feb 2025 03:45:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 25 Aug 2023 23:48:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 323816
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /sodar/sodar2/225/runner.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Content-Length: 5046
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 16 Feb 2024 03:35:27 GMT
Expires: Sat, 15 Feb 2025 03:35:27 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 21 Jun 2021 20:47:05 GMT
Content-Type: text/html
Vary: Accept-Encoding
Age: 324426
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/generate_204?jNTPDw

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /generate_204?jNTPDw HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Feb 2024 21:42:34 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://fw.adsafeprotected.com/rjss/st/1937413/78038472/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015494965&ias_pubId=pub-7587278386327705&ias_chanId=1&ias_placementId=20958729565&bidurl=https://dvps.highrez.co.uk/downloads/XMouse_installed.htm&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gP1hnRysH-iBwJGXkWZULs

IEXPLORE.EXE

Remote address:

34.250.18.149:443

Request

GET /rjss/st/1937413/78038472/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015494965&ias_pubId=pub-7587278386327705&ias_chanId=1&ias_placementId=20958729565&bidurl=https://dvps.highrez.co.uk/downloads/XMouse_installed.htm&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gP1hnRysH-iBwJGXkWZULs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fw.adsafeprotected.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 21:42:34 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
pragma: no-cache
cache-control: no-cache
expires: Wed, 31 Dec 1969 23:59:59 GMT
access-control-allow-origin: fw.adsafeprotected.com
access-control-allow-credentials: true
vary: accept-encoding
content-encoding: gzip
GET

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

IEXPLORE.EXE

Remote address:

142.250.179.230:443

Request

GET /879366/html_inpage_rendering_lib_200_278.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s0.2mdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 61485
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Feb 2024 00:01:00 GMT
Expires: Tue, 20 Feb 2024 00:01:00 GMT
Cache-Control: public, max-age=86400
Age: 78093
Last-Modified: Tue, 14 Mar 2023 18:43:57 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://s0.2mdn.net/sadbundle/5698485915987476480/bau-120x600.html?e=69&leftOffset=0&topOffset=0&c=sbQAMav9FK&t=1&renderingType=2&ev=01_250

IEXPLORE.EXE

Remote address:

142.250.179.230:443

Request

GET /sadbundle/5698485915987476480/bau-120x600.html?e=69&leftOffset=0&topOffset=0&c=sbQAMav9FK&t=1&renderingType=2&ev=01_250 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s0.2mdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 1442
Date: Mon, 19 Feb 2024 21:42:33 GMT
Expires: Tue, 18 Feb 2025 21:42:33 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 13 Jun 2023 14:36:45 GMT
X-Content-Type-Options: nosniff
Allow-Fenced-Frame-Automatic-Beacons: true
X-DNS-Prefetch-Control: off
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://s0.2mdn.net/879366/Enabler_01_250.js

IEXPLORE.EXE

Remote address:

142.250.179.230:443

Request

GET /879366/Enabler_01_250.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://s0.2mdn.net/sadbundle/5698485915987476480/bau-120x600.html?e=69&leftOffset=0&topOffset=0&c=sbQAMav9FK&t=1&renderingType=2&ev=01_250
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s0.2mdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 42247
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Feb 2024 03:30:52 GMT
Expires: Tue, 20 Feb 2024 03:30:52 GMT
Cache-Control: public, max-age=86400
Age: 65501
Last-Modified: Tue, 14 Mar 2023 21:28:42 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

https://www.google.com/recaptcha/api2/aframe

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /recaptcha/api2/aframe HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Expires: Mon, 19 Feb 2024 21:42:33 GMT
Date: Mon, 19 Feb 2024 21:42:33 GMT
Cache-Control: private, max-age=300
Content-Security-Policy: script-src 'nonce-M3JHNwRoxsiH2VEmjwe2BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

googleads4.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads4.g.doubleclick.net

IN A

Response

googleads4.g.doubleclick.net

IN A

216.58.201.98
DNS

fe0.google.com

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
DNS

fe0.google.com

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A
DNS

ocsp.r2m02.amazontrust.com

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

13.249.8.192
DNS

ocsp.r2m02.amazontrust.com

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

13.249.8.192
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D

Remote address:

13.249.8.192:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 19 Feb 2024 20:27:33 GMT
Last-Modified: Mon, 19 Feb 2024 20:27:33 GMT
Server: ECAcc (lhd/35C3)
X-Cache: Hit from cloudfront
Via: 1.1 14bd82d61eea261f371dd878bc132822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: kJBzUtOBoC4Ai4QIkmeWJvqDb5rXFlhDE6pl9oYY9F2oqZXHM-8Epw==
Age: 4501
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D

Remote address:

13.249.8.192:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 19 Feb 2024 20:27:33 GMT
Last-Modified: Mon, 19 Feb 2024 20:27:33 GMT
Server: ECAcc (lhd/35C3)
X-Cache: Hit from cloudfront
Via: 1.1 14bd82d61eea261f371dd878bc132822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: BytPF6hiXTnX26Bsuf4YqwRUq_CFV5xocGALbVTiW5OgRWJKXASe7g==
Age: 4501

23.48.165.139:80

http://repository.certum.pl/ctnca.cer

http

XMouseButtonControl.exe

319 B
2.7kB
4
4

HTTP Request

GET http://repository.certum.pl/ctnca.cer

HTTP Response

200
188.74.78.172:80

www.highrez.co.uk

IEXPLORE.EXE

98 B
52 B
2
1
188.74.78.172:80

http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64

http

IEXPLORE.EXE

529 B
1.3kB
4
3

HTTP Request

GET http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64

HTTP Response

301
188.74.78.172:443

https://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64

tls, http

IEXPLORE.EXE

1.1kB
5.5kB
8
8

HTTP Request

GET https://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64

HTTP Response

302
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/js/jquery-3.6.3-min.js

tls, http

IEXPLORE.EXE

1.4kB
6.2kB
13
13

HTTP Request

GET https://dvps.highrez.co.uk/downloads/js/jquery-3.6.3-min.js

HTTP Response

500
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/js/widget.js

tls, http

IEXPLORE.EXE

4.7kB
18.5kB
24
25

HTTP Request

GET https://dvps.highrez.co.uk/downloads/XMouse_installed.htm?Platform=x64?version=2200500

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/css/default.css

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/css/cryptodonate.css

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/css/cryptodonate.dark.css

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/css/cryptodonate.pink.css

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/css/cryptodonate.green.css

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/css/magnific-popup.css

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/js/widget.js

HTTP Response

500
96.17.179.184:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

323 B
1.6kB
4
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
96.17.179.184:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

323 B
1.6kB
4
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/images/hdacharity.jpg

tls, http

IEXPLORE.EXE

1.3kB
18.4kB
13
21

HTTP Request

GET https://dvps.highrez.co.uk/downloads/images/hdacharity.jpg

HTTP Response

200
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/js/cryptodonate.js

tls, http

IEXPLORE.EXE

1.2kB
1.5kB
10
9

HTTP Request

GET https://dvps.highrez.co.uk/downloads/js/cryptodonate.js

HTTP Response

500
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/images/janey.jpg

tls, http

IEXPLORE.EXE

1.1kB
3.0kB
7
9

HTTP Request

GET https://dvps.highrez.co.uk/downloads/images/janey.jpg

HTTP Response

200
208.87.103.217:443

dvps.highrez.co.uk

tls

IEXPLORE.EXE

608 B
498 B
7
6
163.70.147.23:80

http://connect.facebook.net/en_US/all.js

http

IEXPLORE.EXE

453 B
604 B
4
4

HTTP Request

GET http://connect.facebook.net/en_US/all.js

HTTP Response

301
163.70.147.23:80

connect.facebook.net

IEXPLORE.EXE

98 B
52 B
2
1
208.87.103.217:443

dvps.highrez.co.uk

tls

IEXPLORE.EXE

470 B
349 B
4
4
192.229.221.25:443

https://www.paypalobjects.com/en_GB/i/scr/pixel.gif

tls, http

IEXPLORE.EXE

1.2kB
8.8kB
10
11

HTTP Request

GET https://www.paypalobjects.com/en_GB/i/scr/pixel.gif

HTTP Response

200
192.229.221.25:443

https://www.paypalobjects.com/en_GB/i/btn/btn_donate_LG.gif

tls, http

IEXPLORE.EXE

1.2kB
10.5kB
10
12

HTTP Request

GET https://www.paypalobjects.com/en_GB/i/btn/btn_donate_LG.gif

HTTP Response

200
163.70.147.23:443

https://connect.facebook.net/en_US/all.js

tls, http

IEXPLORE.EXE

1.0kB
8.3kB
10
13

HTTP Request

GET https://connect.facebook.net/en_US/all.js

HTTP Response

200
208.87.103.217:443

dvps.highrez.co.uk

tls

IEXPLORE.EXE

608 B
498 B
7
6
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/images/xmbcicon.png

tls, http

IEXPLORE.EXE

1.1kB
4.4kB
8
11

HTTP Request

GET https://dvps.highrez.co.uk/downloads/images/xmbcicon.png

HTTP Response

200
208.87.103.217:443

https://dvps.highrez.co.uk/downloads/images/xmbc.ico

tls, http

IEXPLORE.EXE

2.5kB
67.1kB
32
57

HTTP Request

GET https://dvps.highrez.co.uk/scripts/cookie-consent.js

HTTP Response

200

HTTP Request

GET https://dvps.highrez.co.uk/downloads/images/xmbc.ico

HTTP Response

200
142.250.178.2:443

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah2dl8PzIDSZ_iKs5FPy4j87D-KaPWJU62Z7iawuRJunZflujyzHXuiQA37U-xQEJF50XMBzAUqF-bxyr1qXrDnQO2QusUfE-zQ_OK_gHwPW3qn1dEmpaAzTI3Mr09NNPAMEiIa6pKq9bS8AJS8VtEOOx0uf83UrXfIABAPelwQ49UpVXuNGp-VdPngXx0yCXTiNIBdrcNPNkhsH-USLbyM7N3JA&dbm_d=AKAmf-Bx_j4iGUHGF30uQFqvNNFCvgRJAbxRXY4_7UFuz2XaTocqsYuV-bvfDtUW7RQIiDcNBgUPtcnux6K8te39JslmFTMtcHP96Bum7DNzrLi_Ns5Q6OqfB11b6MFaicYG5sgDzQbuuKTlUVdlBlp3p3qcEP2TGBk55lViAl-ctt38pAvvuYjtfArNI-T4ghDTf9G-K3K2GPX04GKpQDxCql1WWgCyLsbsLn3YWweRaTo17ooT5Z9ygz2Cd2hWZkm8elPaQUUnqyXo1Faoj3F3-jCGFcmFfzr2AEh-gSpcnB2mJZ6Ys7WW891yKoUgzE9tT_kkezs6TWY3CYgjpuMjQ7pcAKqkpMjbTC3A1T5p9pB8l4mDXLtJGSNyTGWGnclx0InxieSeZ8NL5VYm74XNjdkT9Fonhy-7FlltC6EJg2fv8x6E6H5yqPEZ2enqX0a3M7pgvwJFS8_KnJ81ntmB5DA96DumYd52ODQR_yl-Tgb5-pkTufG4Q0K_qyvZ1uEd9YFvtJKxR5lKWzOw7m_v2IXJRnI_iOcVs9atyWhm-i0DrkZ-PttIYE6-wfc8sT88-BJH1xRI7OSGl5yeBwBxbHFZ4yuKuOtuXepSbfzwSiVYT9jmXtkN1HZllN7iJ-GB2iyKTUfmpJRWxGb2ZjGpzlgdxdtP4gPzn8dtU5vYg-RUNvAmrQya1uNYhCJNwZ9Zmnxg9dckMGtOTdsB3V6HSHCbr_2tCBRbZv_DmOUgop-4on5GssUEsnYZrFx5Bs_v8RPqkH3WWirtlajTeJizYYxReEcgA6MmIibrVMch_3l8R4t72zUTAmwROFEmWPlzkyziNawpUS-PW229pBziwQ45IglSASl2OMZCdEBBKakKNb692X9OZJQoA1pWc2gyAx9GSC2ZmZI4AqnizuOaYjtVkMypgW8mNJxF0ETfhufCBh5nJ_RiAPRT_3-Jp_rsZjfvtIRTjLOYR11PLKcdvYRiUSO479bi6pG1Zh0Fci8X8tbtzn2XLxp_TArgqy-CuH_BnPiuIf6zqfte1ZoFQCMRIEglRvwGwBWOLgSj9T-rOs4YWWUD1lYTr8WT7Fuoq_Mr8EMoke4zzlVMjobYsqg3E3ALlz4wTKb3B0NZHYoBaatebodgt6kZ2luLcUQ4Nfnzo5daFuOaA73a0Sw9dEjCS4m_Hoi-z1ezJSyI0D0Cva2l-Aqsyv6uhvxgSuXVOPK00Wm-Yg1XMEQGe-MXlJ529I8paxJs_nM_S35nUjeE5QmYFy1wjlnicuHHtxtFqOvbMoKk9OhQ6ok1SqdARhzkNPoDFVPexTHAibbXyxkMeQUuXT6CeM-4nNjPqmRqYqT7Q8xqDMIcklRV6BjmC6XEMOGTlh3d1HIieeEyYhtZxKgTQQILVTptgdi_lOB-Q_B0Xsr2Z38W_zFF7F2dOWg1ofyiH4i2cbYY_BFaw_0ZFduxQ2byXBcq6hP36Y7dOm-udhR-lzjLd-yu5d-jb2w6UO8EV5Lqk7Wv3qEwa53UHL-3NYdzZYWTI89CDH6KuUTJ9FA2MJRKKEuGhxT3VcwpaUFDjrLFaBTSLJJJ6W8DF2dvgEc29ThDRx7AI8AnQisTmxJBjm1Sqmf8CeGLZFeYk55s6N5SLq0szyI5IrXdEU8UhpIEz2s_w2EApKl3kDbgpAvAoVKyIwY9dGef7pFPeS2cOy5uGjWntk8PgddGHl6qXtzeDymfvo3y0CdDXyfRmQpzXVLqGVFg9dbx93rsYsss5Dyy7GIOHL9hMLgPG3C9UGN6CmqKz69gFn20aSkesgQ84N-ACkqBlyIKZdh1XHbgAPUyzLijb_XKq9n1FUNeRmUYmOCHsAdOsoZvCx1qlLrvZy2YLesQP3A70Cq62NMy4FD_Leg_c4WppEG7mUEtieZTtBTp2M_VmPCEYGywohjarBKDXDCmsyBZqAUbHrm-HQw89OyhCj3OgrDPrdnDRMUkD31X3FBXobzwrBfwAdUHuZMu2SKizdT62GuKCDQ8Q2XMt9O3OlFFMxmC-J7eZgaLS60JDcZeehVTtaEhgF39F1Z4OkYw_S1FGI40jNQU7fEdAstKTibfXA3dwp0CPIov8kKjHEJVQS9R34iUcqOebifhcHFlhEpzEhEBNtOjUJSvFNgYyISixx7uSnb-NhY_saKST27UmPInD5FcRvVUhQ_osRFfBWMMFRLGCtmJCaA_Uwc-FfoRCxHEYO-fTIBvZ2GLIWUpbJxR5c6yOcLLTvs6NNhD0xOGwWydEUDRaMeEB0u9p2gHNnW1QdsEXXzy-bRLLOkVM5Mkg2-NwhrAV9rNzZ6Wa_B-Mx2sHbpvhTweG2iTjXrNU7lclFrNT7h3Co_1TWcWoxENiKEBiPK_W_XEZdmudqwgbpw_dQWhZyZBeVvm8EDQwGknGhTb2P18RU8pKc_Rb_5nmgcxddoxxb3PjkTk8adTxel6LqTC16KJo-p-6ABzk59ZzI_SfxNg3vAsHZuJ6RnzPRuc6SYmv6oL2iS-otTwhTob9jZV15cycJ3LTavkfunVNPTnvxPiu8GDiDie1SSCewxH9juHfeY86dMy-tU6OL2l997i0NgMBNpLHRhTwWxbfl-tjV_DUpfuuyhPOjixHycLnd8a4qB45pIivsu5z37FNsDIeGs9aB3iSqCKjI_k2zxB4UDDX7LgP-J5OSohKbBtXERbcJ_ariEc4plMT0SzAamM9Cde6fJ0AVREAXsENNco3Eo7qwBJ6JSKlVqm06szpAw7LxJXmwNkUqHwRXlhAeQH31u7pjOxNVfysbyu9VNaDQAdd2IKaHqCwjRMiAXeouncXz6mn-Ah86ZiWdMdHyhHRgVXJkDILKNYJBz0MOERTi4EHqZocFH_qEKC9ID4fd6v431GoMwryttrKMqxgsqqT_yhtIlwyijR2VN9mj3pMPz0CRlaDeUF_5yJ9-HJhg4L3sViuuqmj_JE2cvMuoh6Bf1M9K9hCwaW3JnlcDUoyK1GLApSVPigZsUwJokzcAfSREMPQSgw4IRx3DOHfloujNAMb2jz29JnuoluB40qOzZUA7NjDWpKdRqYY5DVYcKL9rIvJt0KNmnqB2GGt_HOMFytyhNylRSz-_eVdbASIBMXl8F-0vb0AnZvqUam_wf_EDOLLclrRn7U4fV4cCVuR6Hl2jNPcb1h2a-_ws1RfI-Vu6Mf0acSGTZYkAuIp6vyNdv1gAzqWN5Wy04BU027dogJOnHVK1WcNexBQDmTXJwdxYTcM1ziPSRF-Xer9pWYKp-0dmLqNR9iFeTwGwNROuetCMg01STuUg9tJ9DpTVw2T7eIlOHgQkKqlHK18rvmsCIyjOCY7mw96lWsS_Y9Yt8v3IuqzoEI4G3JNcZCGzW5w5h3sNxxKYYphAxdKUSl3D79i9YxzxwLuZsaOhLHqOPR0wcCp68mZ6pLYjRXH08lqxuCtyDsS256xdZlwlGECJipVD-hdGIwtQKNMbrcpWh1Joehyadfg7TYjZsWgL0RMOYDlhZ3o3tqDX4ssmtn_FqFYYynYXY4pkURUhH0fnfnMrZBz3lm6n8Dj1GhHN3j8jWf-wepsIyS6tOJIeDsqIihZcbYGkLnA4xvcuUIk-_NRGxIl4iCqBQBOVoS4Krs1SsY_ycxBAy00RiVG40zOM2L3r8mr6gf7J-NrimLyz0sEhPh49lQZBwT33mEZ8hdw-qWp9YWZ-2ZJ2wuimGMy1A5pJWWHuWpllLZciazHEQIm2AouDmXK4VrWRp2_DYBwPsu9hWiaA040etsHOCa9XDxOAOSlkqpy1t4TIXXCg_G9FFULPbCzqP8yBuK0PBF_Igr1B0qk0uODjhWlvyoSxSU7neHUS5PKoZz3WZjMGHzQFZmhHnqMBZjGQFxqNad72ieP5UtiqKEeJzjX1p_FXJnQxFbMEQZcicGOz8E17V2o9ofKUhw72JsUHh_Qm0YZ5k1LBmaUKMQGpb8DQSAv3eDOfyfvW0XvMdjDa7zq8pO01JgP5NzUBBJYIkJPvKQOuxf_CrKgdg1x6b7PbRN1N6ZE7CvV1355uyT4bwhiMWLfn4G2PpGdmbTGeTdTE-qvkMFJwji1GWf_0Lz78uXR--YWXPvghyW6v6KkHswvh15v7QdostLUAEp8mDa9mWGzj4DyVErbmaouPYGCQwtF8Y4DYM7EuUJCl_QquZ_jlTN4EKsw8AqfcY_jj5fya6Lcvalr_w54mx20ajiLHBk5aj3VB6bKFg-834tQCG8mKKVAOMc90Nfj7_JzxuPRJGzvM8uKuEAVZr9OwYIDeZ46GnDKFtJvoZwoxH_OnQCFoBVffJpX0rPieFwWDOGScm0YNiBJ63jr70aImMEsOPsnnuu4glBdFah1fMVxnFVk6P5jEGaIkAcDz4nItfTEVEQf0101V8h5dNTcLR93im7KWX0WyijAVD5eqHkqhtxHhcI3QKYX9OzjEtSGaEks-uC14HR2-6Za-9zCZKQwRRHWKeEkqs_kO77l7kGVo4Q0X8V70bfgPKw619nkbT49mO2qMTp2H23Y6rX6nfVepDF&cid=CAQSTgAvHhf_IzEDrEprX4RbbanaG_74geLAoqnumOoaTCyNdczFpQaJ1r_0qTr4YOcCGonAeS7Wnmry84icSDmV0_LKK9y8kA6K__P_GSNSPRgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm&ds=l&xdt=1&iif=1&cor=17330574041691990000&adk=3476589349&idt=132&dtd=67

tls, http

IEXPLORE.EXE

15.1kB
75.9kB
47
71

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/html/r20240215/r20190131/zrt_lookup.html

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&h=600&slotname=9610547132&adk=3456615022&adf=1839787983&pi=t.ma~as.9610547132&w=120&lmt=1707953055&format=120x600&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&wgl=1&dt=1708378946180&bpp=21&bdt=2165&idt=361&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&correlator=4083935735226&frm=20&pv=2&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=1143&ady=105&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=3615

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/xbbe/pixel?d=CI3jLRD7mj8Yq_j5gwIwAQ&v=APEucNWI7N-IbMVq0dvPJh3ZQWDOzI-WdB-wbr5Sbw_CsQiS-92LaN9oSTW8SMGuhXevG8TkrqGj7sEAMUJyKmDUyOPKN7NhDap1QxOacrHV4lUb9h2_mz_7qnXGm414pAr7BJDUgIR2jHL6qlapaVnl6A2r2f8ur3D2KrjwkZzJaeELzBO55mkBlANsVMarhuZNnfHFW6unY1a5QOAvM6pWo5l-PfI3Tyev7AC91bHgOr93ApJkg-DcBS_wg3L6zama-tuuhhWTxb25BefNyHMkbhi0RFDqWC-u0TggBx4vseWm-9lY-I6ARtDfMjOlE7cYzdKleLXTh26QiOvYPSPNdnW4cwtOcTCDD966rKBHBxrdGxJWJA9DOB0ZzCjqP4nNzVWyHaZz2ljP5oRcDJoPhBlPCNsK6fpY7yVW5nj9UoXVQ1YeYCkH93Yp_UQDoYJjO-KzS7ZOQHNWSCcb2iGWguWn_tOkUych9vMXLr3Q6GYcOhlBZGT8yDTf3IT3bq9_DGM8oKtWTNw9LguUNZV1B11kcxcjFBewgt-tWCGzHf6WkvgzYo_9C-5gpmBg9AbcJk3XOlu59a0RfqMdYRI59rou934-LfICzPG8BnOIcXZhxQvm_F0LWMOJAvB1DmXVDz2li3AjJu08ojH5E16jZJcgTW4Qy06lRdrklZJW3hR799R9O0luak9OspOQDVCGWHrQDuoHzdeO8zy4n0-k8Pp5YNs1iSNz1mC1FYg6ktZTW-nzYohS3o4YqjJ1JlhndaTyT5fYuDqZD_kKOji9mFZL_PmrvO99SRtyyLthvS2sCge-JNqDjFKkjdPolPUQMRvhcVnPvVhKH_60O2y1e_yjvDD4DxZNADNlcUAdSkAafCF5csA

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah2dl8PzIDSZ_iKs5FPy4j87D-KaPWJU62Z7iawuRJunZflujyzHXuiQA37U-xQEJF50XMBzAUqF-bxyr1qXrDnQO2QusUfE-zQ_OK_gHwPW3qn1dEmpaAzTI3Mr09NNPAMEiIa6pKq9bS8AJS8VtEOOx0uf83UrXfIABAPelwQ49UpVXuNGp-VdPngXx0yCXTiNIBdrcNPNkhsH-USLbyM7N3JA&dbm_d=AKAmf-Bx_j4iGUHGF30uQFqvNNFCvgRJAbxRXY4_7UFuz2XaTocqsYuV-bvfDtUW7RQIiDcNBgUPtcnux6K8te39JslmFTMtcHP96Bum7DNzrLi_Ns5Q6OqfB11b6MFaicYG5sgDzQbuuKTlUVdlBlp3p3qcEP2TGBk55lViAl-ctt38pAvvuYjtfArNI-T4ghDTf9G-K3K2GPX04GKpQDxCql1WWgCyLsbsLn3YWweRaTo17ooT5Z9ygz2Cd2hWZkm8elPaQUUnqyXo1Faoj3F3-jCGFcmFfzr2AEh-gSpcnB2mJZ6Ys7WW891yKoUgzE9tT_kkezs6TWY3CYgjpuMjQ7pcAKqkpMjbTC3A1T5p9pB8l4mDXLtJGSNyTGWGnclx0InxieSeZ8NL5VYm74XNjdkT9Fonhy-7FlltC6EJg2fv8x6E6H5yqPEZ2enqX0a3M7pgvwJFS8_KnJ81ntmB5DA96DumYd52ODQR_yl-Tgb5-pkTufG4Q0K_qyvZ1uEd9YFvtJKxR5lKWzOw7m_v2IXJRnI_iOcVs9atyWhm-i0DrkZ-PttIYE6-wfc8sT88-BJH1xRI7OSGl5yeBwBxbHFZ4yuKuOtuXepSbfzwSiVYT9jmXtkN1HZllN7iJ-GB2iyKTUfmpJRWxGb2ZjGpzlgdxdtP4gPzn8dtU5vYg-RUNvAmrQya1uNYhCJNwZ9Zmnxg9dckMGtOTdsB3V6HSHCbr_2tCBRbZv_DmOUgop-4on5GssUEsnYZrFx5Bs_v8RPqkH3WWirtlajTeJizYYxReEcgA6MmIibrVMch_3l8R4t72zUTAmwROFEmWPlzkyziNawpUS-PW229pBziwQ45IglSASl2OMZCdEBBKakKNb692X9OZJQoA1pWc2gyAx9GSC2ZmZI4AqnizuOaYjtVkMypgW8mNJxF0ETfhufCBh5nJ_RiAPRT_3-Jp_rsZjfvtIRTjLOYR11PLKcdvYRiUSO479bi6pG1Zh0Fci8X8tbtzn2XLxp_TArgqy-CuH_BnPiuIf6zqfte1ZoFQCMRIEglRvwGwBWOLgSj9T-rOs4YWWUD1lYTr8WT7Fuoq_Mr8EMoke4zzlVMjobYsqg3E3ALlz4wTKb3B0NZHYoBaatebodgt6kZ2luLcUQ4Nfnzo5daFuOaA73a0Sw9dEjCS4m_Hoi-z1ezJSyI0D0Cva2l-Aqsyv6uhvxgSuXVOPK00Wm-Yg1XMEQGe-MXlJ529I8paxJs_nM_S35nUjeE5QmYFy1wjlnicuHHtxtFqOvbMoKk9OhQ6ok1SqdARhzkNPoDFVPexTHAibbXyxkMeQUuXT6CeM-4nNjPqmRqYqT7Q8xqDMIcklRV6BjmC6XEMOGTlh3d1HIieeEyYhtZxKgTQQILVTptgdi_lOB-Q_B0Xsr2Z38W_zFF7F2dOWg1ofyiH4i2cbYY_BFaw_0ZFduxQ2byXBcq6hP36Y7dOm-udhR-lzjLd-yu5d-jb2w6UO8EV5Lqk7Wv3qEwa53UHL-3NYdzZYWTI89CDH6KuUTJ9FA2MJRKKEuGhxT3VcwpaUFDjrLFaBTSLJJJ6W8DF2dvgEc29ThDRx7AI8AnQisTmxJBjm1Sqmf8CeGLZFeYk55s6N5SLq0szyI5IrXdEU8UhpIEz2s_w2EApKl3kDbgpAvAoVKyIwY9dGef7pFPeS2cOy5uGjWntk8PgddGHl6qXtzeDymfvo3y0CdDXyfRmQpzXVLqGVFg9dbx93rsYsss5Dyy7GIOHL9hMLgPG3C9UGN6CmqKz69gFn20aSkesgQ84N-ACkqBlyIKZdh1XHbgAPUyzLijb_XKq9n1FUNeRmUYmOCHsAdOsoZvCx1qlLrvZy2YLesQP3A70Cq62NMy4FD_Leg_c4WppEG7mUEtieZTtBTp2M_VmPCEYGywohjarBKDXDCmsyBZqAUbHrm-HQw89OyhCj3OgrDPrdnDRMUkD31X3FBXobzwrBfwAdUHuZMu2SKizdT62GuKCDQ8Q2XMt9O3OlFFMxmC-J7eZgaLS60JDcZeehVTtaEhgF39F1Z4OkYw_S1FGI40jNQU7fEdAstKTibfXA3dwp0CPIov8kKjHEJVQS9R34iUcqOebifhcHFlhEpzEhEBNtOjUJSvFNgYyISixx7uSnb-NhY_saKST27UmPInD5FcRvVUhQ_osRFfBWMMFRLGCtmJCaA_Uwc-FfoRCxHEYO-fTIBvZ2GLIWUpbJxR5c6yOcLLTvs6NNhD0xOGwWydEUDRaMeEB0u9p2gHNnW1QdsEXXzy-bRLLOkVM5Mkg2-NwhrAV9rNzZ6Wa_B-Mx2sHbpvhTweG2iTjXrNU7lclFrNT7h3Co_1TWcWoxENiKEBiPK_W_XEZdmudqwgbpw_dQWhZyZBeVvm8EDQwGknGhTb2P18RU8pKc_Rb_5nmgcxddoxxb3PjkTk8adTxel6LqTC16KJo-p-6ABzk59ZzI_SfxNg3vAsHZuJ6RnzPRuc6SYmv6oL2iS-otTwhTob9jZV15cycJ3LTavkfunVNPTnvxPiu8GDiDie1SSCewxH9juHfeY86dMy-tU6OL2l997i0NgMBNpLHRhTwWxbfl-tjV_DUpfuuyhPOjixHycLnd8a4qB45pIivsu5z37FNsDIeGs9aB3iSqCKjI_k2zxB4UDDX7LgP-J5OSohKbBtXERbcJ_ariEc4plMT0SzAamM9Cde6fJ0AVREAXsENNco3Eo7qwBJ6JSKlVqm06szpAw7LxJXmwNkUqHwRXlhAeQH31u7pjOxNVfysbyu9VNaDQAdd2IKaHqCwjRMiAXeouncXz6mn-Ah86ZiWdMdHyhHRgVXJkDILKNYJBz0MOERTi4EHqZocFH_qEKC9ID4fd6v431GoMwryttrKMqxgsqqT_yhtIlwyijR2VN9mj3pMPz0CRlaDeUF_5yJ9-HJhg4L3sViuuqmj_JE2cvMuoh6Bf1M9K9hCwaW3JnlcDUoyK1GLApSVPigZsUwJokzcAfSREMPQSgw4IRx3DOHfloujNAMb2jz29JnuoluB40qOzZUA7NjDWpKdRqYY5DVYcKL9rIvJt0KNmnqB2GGt_HOMFytyhNylRSz-_eVdbASIBMXl8F-0vb0AnZvqUam_wf_EDOLLclrRn7U4fV4cCVuR6Hl2jNPcb1h2a-_ws1RfI-Vu6Mf0acSGTZYkAuIp6vyNdv1gAzqWN5Wy04BU027dogJOnHVK1WcNexBQDmTXJwdxYTcM1ziPSRF-Xer9pWYKp-0dmLqNR9iFeTwGwNROuetCMg01STuUg9tJ9DpTVw2T7eIlOHgQkKqlHK18rvmsCIyjOCY7mw96lWsS_Y9Yt8v3IuqzoEI4G3JNcZCGzW5w5h3sNxxKYYphAxdKUSl3D79i9YxzxwLuZsaOhLHqOPR0wcCp68mZ6pLYjRXH08lqxuCtyDsS256xdZlwlGECJipVD-hdGIwtQKNMbrcpWh1Joehyadfg7TYjZsWgL0RMOYDlhZ3o3tqDX4ssmtn_FqFYYynYXY4pkURUhH0fnfnMrZBz3lm6n8Dj1GhHN3j8jWf-wepsIyS6tOJIeDsqIihZcbYGkLnA4xvcuUIk-_NRGxIl4iCqBQBOVoS4Krs1SsY_ycxBAy00RiVG40zOM2L3r8mr6gf7J-NrimLyz0sEhPh49lQZBwT33mEZ8hdw-qWp9YWZ-2ZJ2wuimGMy1A5pJWWHuWpllLZciazHEQIm2AouDmXK4VrWRp2_DYBwPsu9hWiaA040etsHOCa9XDxOAOSlkqpy1t4TIXXCg_G9FFULPbCzqP8yBuK0PBF_Igr1B0qk0uODjhWlvyoSxSU7neHUS5PKoZz3WZjMGHzQFZmhHnqMBZjGQFxqNad72ieP5UtiqKEeJzjX1p_FXJnQxFbMEQZcicGOz8E17V2o9ofKUhw72JsUHh_Qm0YZ5k1LBmaUKMQGpb8DQSAv3eDOfyfvW0XvMdjDa7zq8pO01JgP5NzUBBJYIkJPvKQOuxf_CrKgdg1x6b7PbRN1N6ZE7CvV1355uyT4bwhiMWLfn4G2PpGdmbTGeTdTE-qvkMFJwji1GWf_0Lz78uXR--YWXPvghyW6v6KkHswvh15v7QdostLUAEp8mDa9mWGzj4DyVErbmaouPYGCQwtF8Y4DYM7EuUJCl_QquZ_jlTN4EKsw8AqfcY_jj5fya6Lcvalr_w54mx20ajiLHBk5aj3VB6bKFg-834tQCG8mKKVAOMc90Nfj7_JzxuPRJGzvM8uKuEAVZr9OwYIDeZ46GnDKFtJvoZwoxH_OnQCFoBVffJpX0rPieFwWDOGScm0YNiBJ63jr70aImMEsOPsnnuu4glBdFah1fMVxnFVk6P5jEGaIkAcDz4nItfTEVEQf0101V8h5dNTcLR93im7KWX0WyijAVD5eqHkqhtxHhcI3QKYX9OzjEtSGaEks-uC14HR2-6Za-9zCZKQwRRHWKeEkqs_kO77l7kGVo4Q0X8V70bfgPKw619nkbT49mO2qMTp2H23Y6rX6nfVepDF&cid=CAQSTgAvHhf_IzEDrEprX4RbbanaG_74geLAoqnumOoaTCyNdczFpQaJ1r_0qTr4YOcCGonAeS7Wnmry84icSDmV0_LKK9y8kA6K__P_GSNSPRgB&dv3_ver=m202401290101&rfl=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm&ds=l&xdt=1&iif=1&cor=17330574041691990000&adk=3476589349&idt=132&dtd=67

HTTP Response

200
142.250.178.2:443

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&adk=1812271804&adf=3025194257&lmt=1707953055&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16&dt=1708378946180&bpp=11&bdt=2164&idt=411&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&nras=1&correlator=4083935735226&frm=20&pv=1&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fsapi=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=3702

tls, http

IEXPLORE.EXE

3.1kB
6.1kB
10
10

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.&gpp_sid=-1&client=ca-pub-7587278386327705&output=html&adk=1812271804&adf=3025194257&lmt=1707953055&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fdvps.highrez.co.uk%2Fdownloads%2FXMouse_installed.htm%3FPlatform%3Dx64%3Fversion%3D2200500&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16&dt=1708378946180&bpp=11&bdt=2164&idt=411&shv=r20240215&mjsv=m202402140101&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&nras=1&correlator=4083935735226&frm=20&pv=1&ga_vid=1415248801.1708378950&ga_sid=1708378950&ga_hid=14236799&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44808398%2C31081187%2C44795921%2C95322434%2C95324580%2C95325068%2C31081220%2C95322182%2C95324154%2C95324160%2C95325078&oid=2&pvsid=4502958145669116&tmod=90981820&nvt=1&fsapi=1&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=3702

HTTP Response

200
172.217.16.238:443

https://fundingchoicesmessages.google.com/el/AGSKWxUGQuOILqTwHIeueRDAtt_wQyBfNM7fRrOH7ie04pxdD-UbTwTHed_DxSDKeZU521NkjxH-4KOozn3RUkrxJKDCI7toIU0udVA5I2WdUXNO3nWTv59Jnu7gU3k8SqiR_WeLKT-r8Q==

tls, http

IEXPLORE.EXE

8.6kB
28.0kB
34
44

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403

HTTP Request

GET https://fundingchoicesmessages.google.com/f/AGSKWxU8kE4Czsz0gQDxgrvMExis3X3tFk1ibAPkPTa8263K0njM0BFVZyJvG4acYKspijBQAe0B8jr04iDmMHVqkmvAUmOwiFKZbXOUUwJeKWqB8kurx1XUZdSKhgnFbCKRf5A3GcBayg==?fccs=W251bGwsbnVsbCxbIkNQNk9nUUFQNk9nUUFFc0FDQkVOQW5Fb0FQX2dBRVBnQUF3SUlOSkQ3RDdGYlNGQ3dIcHphTHNBTUFoSFJzQ0FRb1FBQUFTQkFtQUJRQUtRSUFRQ2drQVFGQVNnQkFBQ0FBQUFJQ1pCSVFBRUNBQUFDVUFBUUFBQUFBQUVBQUFBQUFBSUlBQUFnQUVBQUFBSUFBQUNBQUFBRUFBSUFBQUFFQUFBbUFnQUFJSUFDQUFBaEFBQUFBQUFBQUFBQUFBQUFnQUFBQUFBQUFBQUFBQUFBQUFBQVFPaFFEMkYySzJrS0ZrUENtUVdZQVFCQ2lqWUVBaFFBQUFBa0NCSUFBZ0FVZ1FBZ0ZJSUFnQUlGQUFBQUFBQUFBUUVnQ1FBQVFBQkFBQUlBQ2dBQUFBQUFJQUFBQUFBQVFRQUFBQUFJQUFBQUFBQUFFQUFBQUFBQVFBQUFBSUFBQkVoQ0FBUVFBRUFBQUFBQUFRQUFBQUFBQUFBQUFCQUFBIiwiMn4yMDcyLjcwLjg5LjkzLjEwOC4xMjIuMTQ5LjE5Ni4yMjUzLjIyOTkuMjU5LjIzNTcuMzExLjMxMy4zMjMuMjM3My4zMzguMzU4LjI0MTUuNDE1LjQ0OS4yNTA2LjI1MjYuNDg2LjQ5NC40OTUuMjU2OC4yNTcxLjI1NzUuNTQwLjU3NC4yNjI0LjYwOS4yNjc3Ljg2NC45ODEuMTAyOS4xMDQ4LjEwNTEuMTA5NS4xMDk3LjExMjYuMTIwMS4xMjA1LjEyMTEuMTI3Ni4xMzAxLjEzNDQuMTM2NS4xNDE1LjE0MjMuMTQ0OS4xNDUxLjE1NzAuMTU3Ny4xNTk4LjE2NTEuMTcxNi4xNzM1LjE3NTMuMTc2NS4xODcwLjE4NzguMTg4OS4xOTU4fmR2LiJdLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTQ5LDg5NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOF0sbnVsbCwxLG51bGwsImVuIl0sImh0dHBzOi8vZHZwcy5oaWdocmV6LmNvLnVrL2Rvd25sb2Fkcy9YTW91c2VfaW5zdGFsbGVkLmh0bSIsbnVsbCxbWzgsIm9IUUI5T2U3Q1U0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIxIl1dXQ

HTTP Response

200

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403

HTTP Request

GET https://fundingchoicesmessages.google.com/f/AGSKWxXi7GW-8IDpFJSX-cPq8ze3j-iQbCArcckXHf3ypXpMwaf5ekdEefdyuCyas1aXSPQK30LEI2NSVKG_9FZyBBYZYcUOQ_9KZv4_SEE-pf-LM3tiv6pGubg7_TaSvNhI888zTEL3qw==?fccs=W251bGwsbnVsbCxbIkNQNk9nUUFQNk9nUUFFc0FDQkVOQW5Fb0FQX2dBRVBnQUF3SUlOSkQ3RDdGYlNGQ3dIcHphTHNBTUFoSFJzQ0FRb1FBQUFTQkFtQUJRQUtRSUFRQ2drQVFGQVNnQkFBQ0FBQUFJQ1pCSVFBRUNBQUFDVUFBUUFBQUFBQUVBQUFBQUFBSUlBQUFnQUVBQUFBSUFBQUNBQUFBRUFBSUFBQUFFQUFBbUFnQUFJSUFDQUFBaEFBQUFBQUFBQUFBQUFBQUFnQUFBQUFBQUFBQUFBQUFBQUFBQVFPaFFEMkYySzJrS0ZrUENtUVdZQVFCQ2lqWUVBaFFBQUFBa0NCSUFBZ0FVZ1FBZ0ZJSUFnQUlGQUFBQUFBQUFBUUVnQ1FBQVFBQkFBQUlBQ2dBQUFBQUFJQUFBQUFBQVFRQUFBQUFJQUFBQUFBQUFFQUFBQUFBQVFBQUFBSUFBQkVoQ0FBUVFBRUFBQUFBQUFRQUFBQUFBQUFBQUFCQUFBIiwiMn4yMDcyLjcwLjg5LjkzLjEwOC4xMjIuMTQ5LjE5Ni4yMjUzLjIyOTkuMjU5LjIzNTcuMzExLjMxMy4zMjMuMjM3My4zMzguMzU4LjI0MTUuNDE1LjQ0OS4yNTA2LjI1MjYuNDg2LjQ5NC40OTUuMjU2OC4yNTcxLjI1NzUuNTQwLjU3NC4yNjI0LjYwOS4yNjc3Ljg2NC45ODEuMTAyOS4xMDQ4LjEwNTEuMTA5NS4xMDk3LjExMjYuMTIwMS4xMjA1LjEyMTEuMTI3Ni4xMzAxLjEzNDQuMTM2NS4xNDE1LjE0MjMuMTQ0OS4xNDUxLjE1NzAuMTU3Ny4xNTk4LjE2NTEuMTcxNi4xNzM1LjE3NTMuMTc2NS4xODcwLjE4NzguMTg4OS4xOTU4fmR2LiJdLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTUwLDg1NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOCw2XSxudWxsLDEsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9kdnBzLmhpZ2hyZXouY28udWsvZG93bmxvYWRzL1hNb3VzZV9pbnN0YWxsZWQuaHRtIixudWxsLFtbOCwib0hRQjlPZTdDVTQiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXV1d

HTTP Response

200

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxUGQuOILqTwHIeueRDAtt_wQyBfNM7fRrOH7ie04pxdD-UbTwTHed_DxSDKeZU521NkjxH-4KOozn3RUkrxJKDCI7toIU0udVA5I2WdUXNO3nWTv59Jnu7gU3k8SqiR_WeLKT-r8Q==

HTTP Response

403
172.217.16.238:443

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

tls, http

IEXPLORE.EXE

8.8kB
150.5kB
84
144

HTTP Request

GET https://fundingchoicesmessages.google.com/i/ca-pub-7587278386327705?ers=2

HTTP Response

200

HTTP Request

GET https://fundingchoicesmessages.google.com/f/AGSKWxXdS2PxTAWUi9ZwryvyJu8q2i0H71bqN9QVUdDALeU6us6VAmib-tyHooFESS7HzjQCzZhFV95FwBUKZQeS1QQMPlqYGc7Ro5YzCUybyBw82xr-CRpphj6AUJrOfLhXboZA0zzK2g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4Mzc4OTQ3LDE2NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9kdnBzLmhpZ2hyZXouY28udWsvZG93bmxvYWRzL1hNb3VzZV9pbnN0YWxsZWQuaHRtIixudWxsLFtbOCwib0hRQjlPZTdDVTQiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXV1d

HTTP Response

200

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxUya1v2KaGYA65iCmrY4u6cKHnlUqlvBoJyqab3wYiSTPRU4OAJpP9Ilfog7diuG9FtaDA3wSNjLrERz-W0I7vTJKDDPQFrIcPj94pvd6d2jc-83wMODdT06Vp0p2ynUWsSs7Nhlg==?dmid=f7e62947008f5bca

HTTP Response

403

HTTP Request

GET https://fundingchoicesmessages.google.com/f/AGSKWxVmKlcZfbtHjpih5Z8odVD68b0Gnw5RlvD5eUdVz1E-Ez99BWjOEWwIsrFcTtdzvq9FkMeZIZ9_pd8hT8Far_CTZWl1mTfn42RL86uiOgcZxCWDM5iW94hMm8NoYMbV5MBnhv4WuSnFCEg5P2GQL7DxDuTK-VQh3XLAHSghNIeCa8-tdTogEGBWjpu5/_-advertisement./your_ad./ads/js./google/ad?-ContentAd-

HTTP Response

200

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403
185.89.210.122:443

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

tls, http

IEXPLORE.EXE

4.2kB
7.1kB
12
12

HTTP Request

GET https://ib.adnxs.com/setuid?entity=101&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&code=CAESEHLKJav853CBJRBb27t9NWw&google_cver=1

HTTP Response

307

HTTP Request

GET https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

HTTP Response

302
185.89.210.122:443

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26addtl_consent%3D1%7E1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70%26code%3DCAESEHLKJav853CBJRBb27t9NWw%26google_cver%3D1

tls, http

IEXPLORE.EXE

4.1kB
5.6kB
9
9

HTTP Request

GET https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}

HTTP Response

307

HTTP Request

GET https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26gdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26addtl_consent%3D1%7E1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70%26code%3DCAESEHLKJav853CBJRBb27t9NWw%26google_cver%3D1

HTTP Response

200
172.64.151.101:443

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA

tls, http

IEXPLORE.EXE

7.4kB
9.8kB
16
18

HTTP Request

GET https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D

HTTP Response

302

HTTP Request

GET https://dsum-sec.casalemedia.com/rrum?addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3DCP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&ixi=0&C=1

HTTP Response

302

HTTP Request

GET https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA

HTTP Response

200
172.64.151.101:443

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&C=1

tls, http

IEXPLORE.EXE

5.0kB
7.6kB
12
15

HTTP Request

GET https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

HTTP Response

302

HTTP Request

GET https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJAiNZ-0cqtjGapTqLVxqJk&google_cver=1&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70&C=1

HTTP Response

200
216.58.204.66:443

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

tls, http

IEXPLORE.EXE

2.7kB
7.2kB
9
10

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

HTTP Response

302
216.58.204.66:443

https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdPLSbmqPjEAAGQKADzVRgAA

tls, http

IEXPLORE.EXE

6.2kB
10.4kB
15
16

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=1~1651.338.311.196.2575.259.108.1570.1095.358.2253.1205.1365.1577.1870.2677.2357.2526.2571.1097.574.495.486.540.1201.2373.1415.1449.89.2299.1051.864.1276.1765.323.981.1301.1889.1878.93.494.2072.415.122.2568.149.1423.1716.70

HTTP Response

302

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzNTk2ODY5NTQyMjk5NDUwMg%3D%3D

HTTP Response

200

HTTP Request

GET https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CP6OgQAP6OgQAEsACBENAnEoAP_gAEPgAAwIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdPLSbmqPjEAAGQKADzVRgAA

HTTP Response

302
172.217.16.238:443

https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

tls, http

IEXPLORE.EXE

1.5kB
9.5kB
10
13

HTTP Request

POST https://fundingchoicesmessages.google.com/el/AGSKWxVqj3QCg-65beUQZEugnk_rtGN4VukMWLGvXd1_A1IHTD0CBcNyfMwAzB3GaOGiG_hv7_MS_rwb1BmeWpeDhR20EWBizR2hSSIPSUvPKnzJnybwr1DQiXfxOjjXbsRyUrWoWiYP2w==

HTTP Response

403
216.58.212.225:443

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus.js

tls, http

IEXPLORE.EXE

2.8kB
6.9kB
9
10

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus.js

HTTP Response

200
216.58.212.225:443

https://tpc.googlesyndication.com/sodar/62bHydCX.html

tls, http

IEXPLORE.EXE

3.6kB
28.4kB
19
27

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/sodar/62bHydCX.html

HTTP Response

200
216.58.212.225:443

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection.js

tls, http

IEXPLORE.EXE

3.0kB
17.8kB
14
18

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection.js

HTTP Response

200
216.58.212.225:443

https://tpc.googlesyndication.com/generate_204?jNTPDw

tls, http

IEXPLORE.EXE

4.0kB
28.9kB
20
29

HTTP Request

GET https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/generate_204?jNTPDw

HTTP Response

204
34.250.18.149:443

fw.adsafeprotected.com

tls

IEXPLORE.EXE

661 B
6.4kB
7
10
34.250.18.149:443

https://fw.adsafeprotected.com/rjss/st/1937413/78038472/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015494965&ias_pubId=pub-7587278386327705&ias_chanId=1&ias_placementId=20958729565&bidurl=https://dvps.highrez.co.uk/downloads/XMouse_installed.htm&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gP1hnRysH-iBwJGXkWZULs

tls, http

IEXPLORE.EXE

4.7kB
92.1kB
43
73

HTTP Request

GET https://fw.adsafeprotected.com/rjss/st/1937413/78038472/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015494965&ias_pubId=pub-7587278386327705&ias_chanId=1&ias_placementId=20958729565&bidurl=https://dvps.highrez.co.uk/downloads/XMouse_installed.htm&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gP1hnRysH-iBwJGXkWZULs

HTTP Response

200
142.250.179.230:443

s0.2mdn.net

tls

IEXPLORE.EXE

656 B
4.9kB
8
8
142.250.179.230:443

https://s0.2mdn.net/879366/Enabler_01_250.js

tls, http

IEXPLORE.EXE

7.3kB
119.5kB
53
92

HTTP Request

GET https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

HTTP Response

200

HTTP Request

GET https://s0.2mdn.net/sadbundle/5698485915987476480/bau-120x600.html?e=69&leftOffset=0&topOffset=0&c=sbQAMav9FK&t=1&renderingType=2&ev=01_250

HTTP Response

200

HTTP Request

GET https://s0.2mdn.net/879366/Enabler_01_250.js

HTTP Response

200
142.250.178.4:443

https://www.google.com/recaptcha/api2/aframe

tls, http

IEXPLORE.EXE

1.1kB
6.4kB
9
11

HTTP Request

GET https://www.google.com/recaptcha/api2/aframe

HTTP Response

200
142.250.178.4:443

www.google.com

tls

IEXPLORE.EXE

613 B
4.7kB
7
8
216.58.201.98:443

googleads4.g.doubleclick.net

tls

4.7kB
6.6kB
10
11
216.58.201.98:443

googleads4.g.doubleclick.net

tls

4.7kB
6.8kB
10
11
13.249.8.192:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D

http

432 B
1.1kB
4
4

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D

HTTP Response

200
13.249.8.192:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D

http

432 B
1.1kB
4
4

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAiw2V0mxopZwaBFBAz5k%2FQ%3D

HTTP Response

200

8.8.8.8:53

www.highrez.co.uk

dns

IEXPLORE.EXE

63 B
79 B
1
1

DNS Request

www.highrez.co.uk

DNS Response

188.74.78.172
8.8.8.8:53

repository.certum.pl

dns

XMouseButtonControl.exe

66 B
213 B
1
1

DNS Request

repository.certum.pl

DNS Response

23.48.165.139

23.48.165.155
8.8.8.8:53

dvps.highrez.co.uk

dns

IEXPLORE.EXE

64 B
96 B
1
1

DNS Request

dvps.highrez.co.uk

DNS Response

208.87.103.217

149.255.97.140
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.184

96.17.179.205
8.8.8.8:53

connect.facebook.net

dns

IEXPLORE.EXE

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.147.23
8.8.8.8:53

www.paypalobjects.com

dns

IEXPLORE.EXE

67 B
148 B
1
1

DNS Request

www.paypalobjects.com

DNS Response

192.229.221.25
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.178.2
8.8.8.8:53

fundingchoicesmessages.google.com

dns

IEXPLORE.EXE

79 B
116 B
1
1

DNS Request

fundingchoicesmessages.google.com

DNS Response

172.217.16.238
8.8.8.8:53

tpc.googlesyndication.com

dns

IEXPLORE.EXE

142 B
87 B
2
1

DNS Request

tpc.googlesyndication.com

DNS Request

tpc.googlesyndication.com

DNS Response

216.58.212.225
8.8.8.8:53

cm.g.doubleclick.net

dns

IEXPLORE.EXE

66 B
82 B
1
1

DNS Request

cm.g.doubleclick.net

DNS Response

216.58.204.66
8.8.8.8:53

dsum-sec.casalemedia.com

dns

IEXPLORE.EXE

70 B
102 B
1
1

DNS Request

dsum-sec.casalemedia.com

DNS Response

172.64.151.101

104.18.36.155
8.8.8.8:53

ib.adnxs.com

dns

IEXPLORE.EXE

58 B
311 B
1
1

DNS Request

ib.adnxs.com

DNS Response

185.89.210.122

185.89.210.46

185.89.210.90

185.89.210.20

185.89.211.84

185.89.210.141

185.89.210.82

185.89.210.180

185.89.211.116

185.89.210.244

185.89.211.12

185.89.210.212
8.8.8.8:53

fw.adsafeprotected.com

dns

IEXPLORE.EXE

68 B
282 B
1
1

DNS Request

fw.adsafeprotected.com

DNS Response

34.250.18.149

34.246.23.11

54.171.253.204

54.220.19.109

54.77.58.207

52.211.3.71

18.202.133.215

52.210.32.7
8.8.8.8:53

s0.2mdn.net

dns

IEXPLORE.EXE

57 B
73 B
1
1

DNS Request

s0.2mdn.net

DNS Response

142.250.179.230
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

googleads4.g.doubleclick.net

dns

74 B
90 B
1
1

DNS Request

googleads4.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

fe0.google.com

dns

120 B
110 B
2
1

DNS Request

fe0.google.com

DNS Request

fe0.google.com
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

13.249.8.192
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

13.249.8.192

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
726KB

MD5
6738a7f31ec91e46facdc4b2f5ed1a5d

SHA1
ac30336944001a419dab45e44f58af12dc089bbc

SHA256
db10d17dc004db6547bf787adc441f46c51cfdef9d2575ab888d40a967a6f789

SHA512
ea97d3ce94d79da5df8575f9ea0f918155d8f122fed814d5a932b4cd8f958256b68242cb89981412123809ead776e87bf51c649e20e5ca49b20353c3bfb6d91d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
469772ee0a1108b9364f07af11f43089

SHA1
b3e296f36e20d79921619e51b9606fc79c941b2d

SHA256
d417f93033db5579209c9b4544b1b5977694a30a2fee0c324793be2e1baa6dd1

SHA512
470910db057e52ece4ce1ced9db4c93849deb7046bba48502f934eef96eaf1fac26169e65993d174d8dc89249ce56f9df4259c3549de11b0f721cb04ee5fb40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

Filesize
402B

MD5
5e65b979f1d7f84573f1032be8bd388a

SHA1
cc3083a0ebb41d71fe3cbb6b497dd070ee0d2317

SHA256
93fdfe8bad7aa98b4484bb8ab8e7c3dc85e59cca331d0bf9263332c7aa8b2fb3

SHA512
58fddc3322789acdb63c18f61425e02d43a1e520b76182d72773e4457ea555fb9e7209fe996e9b2a76e87fff537b023b5fc10b61a5ada4fda7f9825a1e48da0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
0546a8f7c0fda3d5b6a232cfab4c6ddc

SHA1
625565e966cc7a4b45c5e9139643c1d3e1ce2769

SHA256
c001a9bf9ef966bd69d18d577f06688cffc689687f3e920fc98932959a88d584

SHA512
7ab9efc75ea32fe984b2cbca1650003f59486594e6b532937777d89e8118da471ade4cf201c3208e4c0298fe4155bfcf0691d71f64a874108201caaae5068e2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea6d87d0dbd1da7ed3a212ee8291db0d

SHA1
d00fb1dcfffdb96f65e627ade5be7c69c0c6a4da

SHA256
0284ae7f29e670e9bd4359ce48684c01ccdbd03f6edf51f5c06a7a463823986c

SHA512
ecaefb20f0116c2786b9bdd078be2c40dbe212d9573a6dd66d352e3d30fc8aa43edaf936a35e6f878998df3b8657c0e1c85a36469d5699815c5cc4af5957e2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48a7e6c88c3bf3a96dd58d6cfc605c9c

SHA1
6b7fa67d20f10d8934910db0c7cebb858e1d32ed

SHA256
16030405064d63322f7fe033ca5f611800413e7ccd24350d99516a681ff39b6a

SHA512
cfadb543896ed12f5c1433396a87dd063293465425c58f400edb7bfbde03c027533b95e1e133eb3ebe7c24d2583a92e1405133a897b3c34dafb26982c4398d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bff05dd23c19d05bcb3a0563da808a08

SHA1
f6039041b0e2f803dee3d88b0a7f0f537580cca8

SHA256
0e984401cff93a1214d4fccff984d74c03d0a3dfa54762489a25048dfe19665e

SHA512
d2835f35d9f301d0ec877d87f6081d1877f9fd61bfe0b288e082c09cbb66f5ef64345d19f4072d82a465aa3cb6cb089f3297b21f4769a24e25d0977ec8905c93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b4162ea32e784631b0a61a5e6246f57

SHA1
2e99d769292504834afca160c822e7b7df5c6856

SHA256
bd3c6f135bd53c6da8b19afd12433f196e335238072bcbb370192f03944bf697

SHA512
8a49f31327355fefc60b2b05d78661fe46829360a7d12d95c63063bf79e785abd7cd133066b91193ac98498ffe9354dffa5971bd5c1c92f9064abc0e011ce6d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10f9c17d6a1a2417087931e0d5a4cd77

SHA1
3693e9bd080b17156dbf072ce9e40b9fbb08d277

SHA256
1e7a9220e7e93f4b89ac1128c27fbf94732b5d9170374d316c17344c4cc17452

SHA512
0999e6d5dd56ab747472a2733a2350d6889551041073bd0723192d9bddf1190e5b2b342e490060ec7c636c8da770e3916a117bc7d44a374dc6f44b50ae595a06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c74359901e7bd366f8e93af2da65c064

SHA1
4213de6360fdb2c13ca301754efc6f6fed4dd946

SHA256
6501b20ca9d11249e6fe3d86f63a0eda5d5de85a8e455e5f37264c0a2f5b0f33

SHA512
a29ceebf24f13d5fb5977864e9806ffe097370054916d974f249bb23e9ba09b068c429a799114706b5f8e1331ddafbd2b8dc6d1dd03c0df0db373bbc3ecb083a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29a7a571cd8cbfc9bc6db4e2299e66d1

SHA1
0102c7878417ccef9729646d2394c00b0b17d804

SHA256
b802b0990f5fdc5fc82665940f36dbeda53067b46ba4e041680322cadcdc3cef

SHA512
d1a911b4ecfee3ad9ce2643d09edfb46e6a0c63155ed5bf57ca744ec7f5517455e96de9b1f5920992e2894ffabfbd165a197869e336982e67b44ef3c9472b789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4699b82696de89579e3893921cd799f1

SHA1
1384e20d138c34471988bd6da982e37eeb6b0b6f

SHA256
4b0578b1df2e6dce4a1fa154e52c1d269caf93d7ea1ef7015a4d9322646e54ad

SHA512
d5ec7a7aa51faf27ffef431c6ddffa30ca5c89dc45f0f8eed559ee855ac3d81d18a20d9cdeef8622177e8f5e56952a290a58fd79f1b7bfab2b5aec23f5016446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d35b00d8ddb01624e8e273a482c6a0d9

SHA1
1a1177f7d750894c7937735b5a75789ba9321c59

SHA256
fb85a178a2847e97013d19a0a456387f36e1f402b18cb8d17fb6dc55981d0e4a

SHA512
7ff76bb37f980707a2bae1b6be77a562ef7ae3337badb6c850c2faf158cec4c6c8b91952a658dbd941963455dc6fcb6e2f6019c1032f2f8003f5186bf2877e03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c3cc0082f4195606b72d138fd678371

SHA1
9bb17cd4723f6503bf4f221618a3369d8cb22dc8

SHA256
13b4d96a072e9c5e12310d9cac3cb96fd736fb0ef16e3a3aaeb23813fe014026

SHA512
4add6533da1221b1793345cd21e6aae0858bb068a138b95ebb56323d2b3017535b9d5e6fe80850ade8cb1b46a23b21f404296e03ff929933f99b28e6e36721fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
786642070a7034a23b0d44661d8ac818

SHA1
6ffb0a8d22be0d733d6a53f02091d94ae0106cec

SHA256
f9d9abbec680cca5c951a15600496196594e9a78c427e9264d73480d244b11d2

SHA512
f66e9f2786adedd0d06ef841465077ba9142879704801535b479ae2d875af7832551b89df494b7647b479a71d067352ad4dc76a9f0e06d2376b325dac7907c4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
631f7db60296afe17b1b4051ea2e7aa0

SHA1
d93b569f2236591c502f442413f09e5be84c88b5

SHA256
60d8634580328de374029da395d581514e73581f38be4c94873b56c63f474a2b

SHA512
828ea06a5f68105b73a5832b47e617830754ee588ba26184446ab79f57a8bb2f6f78808db81e71a21413a5bd64ea4555d9378107ddb5bc9d97edbcd7526af14a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
373c1d68876e3362db32bbd0b1015a41

SHA1
f713af5f7f7c54a25af719e52f11922f58e4d1d0

SHA256
daf8f9cf2995fc4d2217b9ff54544bcd736e5cfa4bc70b2ae614e061ef47a175

SHA512
47aef30b7bce26b2f40c4f9dd294240b2535cb5a7fffb59e5059526b78e01d99c9c6cd83a181397ca87a98f32c2ea92344c970076981a438cfec5806dedf2dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edd19376add30bd8b10b8493cf33708a

SHA1
42e2c548c395393570abd20f4388a5a1ce2ebc24

SHA256
11024da88fa40a554017f44b2cbdb559529063b9eaf910ea41b142faceb1d671

SHA512
93ac842e7067c857bcf71f9f5a6a09611718e9502e34beb5874af9c13deca0b8f5bc4fa9c322a06f9ce59493959f11ea6fc3917e241593da8c7d12c688d84987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ef54719a5cbe570fa3b7275ee9a617a

SHA1
192d5547e9752939a82b37eaeee311c6a74fd7b2

SHA256
59e382f1a74a4ee0e2721cc7650d73c2755f64840ecb02cccbff310abda5c16d

SHA512
12ca7fc11060b3a8e8bf04f08bce38f66782cfef8d070e993c40059266ceccc939fba899b697b955705e17a22d6f96c549e327d8e0689495f3cb21c751c87f71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4919f342c7db84ce343b37c250cdf287

SHA1
25c096078864c7bb4239accd2523ac43ebf0724d

SHA256
1b6c67fa145354dffd956fc578599bdd0d995e2c67edb33c2cd30af95eb9f26d

SHA512
3f5855eff6f158cdafaa8142db13bf84cafe20993850162a02b7c62e708c50b8cae535f4357d9cde177f192b8b1b9b784d615b41ce1c1ccd04efa6b659e5f413

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dca1584599cde241ca881494806cac28

SHA1
14e114d73e2f8238bd3c459b403b559b87d969f5

SHA256
698db63025d4fa7cd70659cce6abd4e4493e3d27f575b5e5b196b4cdfa3c929f

SHA512
76238d6452be66e9ae22e18d7341bd9ad78d6e7f284bc075035a2bf77078eb3f9e64acfc64e0d4d7f411fdda84f0212f69de330be2b6c480117575070f2ceb44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6e397e5771721ae05ba84a2aa4faa03

SHA1
c116cde9748e491d7824058b7487858ba4e65a73

SHA256
27a7d4f1d68883ef26b993456e7302fb5538dfa872c77715e9f67f2cca6eb45d

SHA512
a8b838c892a28e38875c5b6f5a16e68c67027ee4b031f32a91ab1cd9fee752aac56159ae8596e2c3c6d4dacc6ee716c552165df91c65c1631150b1eb36290a97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47fc80367c55c2d87f8dbe0c341ae8e1

SHA1
bb92244e31e4deecc02823936616ddcc90413520

SHA256
21c5d8461e9659dfceadd049c80b023528d11718be49e60655d04cabb663ce06

SHA512
3f13d6ea602461cbdee0997dc29a198b61b080b951b9d70358d826b573a26f91295145a81ad8d1070c390e2924d31356a3805b45d6cccd557b1fde25ec5e3442

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57e6b2aa76c78f06fd84c9f325e07326

SHA1
fae8c159fa63d1b338461ca5a9853145d3205de4

SHA256
8db0e544596b7bbd1e1faa858449ff38c8be9e6af61f4555a45bad593a1b7035

SHA512
674742bb774f79fc9ba0828bbe079a8d9210a21ba7b9da73c1f358ac660b3c614ea59808271daf50364f1a5905e978b295671e149e7e0f4b6c5e83d2b0f45bb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f717cb072de1e526e681fa509e7e898

SHA1
4ac5d43ef1c72c9db57d0427cda79d0e0cdcfbb9

SHA256
f0557a1b801bcb328b052d3b4401ab0d2173026ccd676fa972028e7c1fb9868d

SHA512
43b4ee6182de6a912b0e2eb1185a6924b335daaa70d76165622cb997420dcdbb42d3698237406d6ce3454feb46b5b02d2181d6dd17033d9dc1963c432afb1ee4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d0fe81b3a66457f65d24ede9f90ce34

SHA1
19f4ac5d70ba6e8cb3fbbf7e1ce6a40aaa5501b9

SHA256
8863a2e6384068ecc742a6118f3085d9da748d3258d99631dd620a2adb535d72

SHA512
ed81279387758160d8171c8e78f741b35d096c0a853a699b18742070a0f4dd382e3d357945ee9199f6dd503c1c711037e074ded99a47b325d94c64a31f1132c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5bbcca9c7c55fffd6351e57a97e8c79

SHA1
135d8a41d0f86fdac1cfaeec9bc825082938e311

SHA256
9616f470a638b4a57fe8a320fcea0936659dd3570a48bee05eba0abc29406513

SHA512
6b173916b4bbb623ae48fe71602b785b0251372c5291440dcad8c1e3c5ef325eb44b83ef40e2252049038f4ec6050cfc9ab85f1b33f80e5803c63939ae61361c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ed2fa12f42788b39a0e5441aacc200b

SHA1
7a40627e4dc1b9e31003c8e70c9c04c252186a56

SHA256
00b961953056b23278c1bad561d39e4529f43283b73ea8774185269570c0ec69

SHA512
be959a8b39494b7f6744c7169390e9e03f03a7358af214a1556067bfdfdefc16fc8ffe69fb41e810748945600a8bcd3850df4a8e58a14ee4899f1b1f58b909a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ee3d9196676ae0ff735776f00be717f

SHA1
b02aae7a07fc77144d802a39827255959386e045

SHA256
ed0932de9294d0fa745a3dee4e021c59e835477968db1153ab878ba3c4974f65

SHA512
398cc9a4b3b2db8a937b0e75958dc11e8433b8d39f348199fd7f32ce33c287f0f7ac290011f15b9c261d46199d076a76a8c9f97668ddee1329cd712587d1c980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a011b4f4f643e6d54452b65970ededc6

SHA1
5c307b0bd08496932f9cb374c4bb3a9d60765ff9

SHA256
0d08d623f5c1fabb9ae019e6be17133c056fbc47fca44ea2b48c0ff9fcb5d5c1

SHA512
f5ac354b5c3e5d874ca75a5cc9852fd5326a8046ee41365a2f6ea57a26d717996433e4db0daa2eab24da848a239b5fb94f09c058521b4f02ddc0827680ec89a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc44676fda63ff1367300da8b2ccdd63

SHA1
29cd9ac66ae485a38063f814ab2d6ce3eeaebc62

SHA256
fc142817d0a8c0cb172f495d230094f9844913b9ba3f99fcd02e2d1f10ec8cbf

SHA512
6ee8163f7c51dd3b2965b8924065548e16e838dedae890f969b91fba846ebe31221a2e7ae52f016807f326ad34ceb5143230db6c1f3c3aaeeb1955e2ab969133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
285ba0bad10d1e74391e4b5df8960c65

SHA1
d1973359325693a80cae76b6eb9107e808d06734

SHA256
eb9bcebb14cf61aba72a1b5573c04c1bd38a50e289a5b92487803966ac43381a

SHA512
14cbcca1e065cbe29ca5db3d8ec1ed5527e7fe11101cc4c8c84976f835d03d36641a3f2eeb429609ba5f2443a3bc034506d42478e07591c52e2f549f4c2360ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2de33ee29022d4107ad1ee7510927aec

SHA1
a6921e67af0c3a4343c995a7537bb4870bb603b4

SHA256
19ce56c2bba17dcb9a6a1b172e423312b765dd3967bedb90d96d69c4403e38ef

SHA512
6bdb400433519f7c35fc2f45a66b6eee175150913719eab6e06b3f576397e95e3a8618fd9e61718c2157d81a026744d56ec7b07aaa0fef6bf5dc2492681e2347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e700cf1405fd394396c9ce35469d6ea0

SHA1
05265651d10cfa74832ef2b1e27fcd70237b35eb

SHA256
f4c548b7cff9308640cd736cbefd6bf45030dca8ae56c42674d12f63fb09a2dd

SHA512
848f843104b7c64cd186d885cb660214488defa5a02a465da999ad713e6e8e0133fdb8c3ca5f98a839b2af05127e3e86ec6ac417ed2c7691aba8d66a8ff27a48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fef018c1cea35bc515242cf1d43914d

SHA1
5bb9c450bfe866b15c73aa5957f52fe4164acb10

SHA256
34b8cc1f6750881295559a28ea9191e6cca14217657ec8c847b270b9c004b964

SHA512
0ccb25bc5477cf77f4c2e68300cd499b5cc72d873b69400f157a85918eb10eb4d5e2110e2ff3d385206ceb7db4f3d29ad6659f85fccba2688807cd81cde9420a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31dcc0a43d4fb94afab565853cc7a549

SHA1
59d90e32c9a7356485725231bab18490f6cb350e

SHA256
a41202409d1c11446f5a09cce3c06e8c20b617ab174c690d58c3a5bda4042724

SHA512
50dfcc3062fd7635ff3dd6333177359a17972c8ea3ba82dbf6be330b9980da4ba1305855fc1b662e74f80e6d184bd2b039f8952852c616d8c19bfa226c699a08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97136e20e2072839722233bd72d705e2

SHA1
47377fbbf822d91cc6bd0b346bcbb8ea2faf9577

SHA256
50de75c7490ee3950073eb9159f2924ad1f0207225b544364435d5a92c6677f1

SHA512
557c41cb518b1cc9da56083de13fc12d7385c21e38ad5406f6447adcd8f3842941f1e19fc16e944550ecea6064cf044de12fe0f50427ee5499b68ef23fd69149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92345958b01f278a050ef8375d1f829d

SHA1
00010c8e8d0ec09ed6aef59ad0cf040f0ff5741f

SHA256
775f706bd6c224e4b3e8bcbb33280c9270079f3bd505d0e1844bf0c8c88dff97

SHA512
6416eb00d04de90b89296c301502fde3d0fd554004da5329feeef53c88bcebc4784df0c6b1c1897664b852980d9e7a25abbfc7fb8869a85ce436efdb8d3cf727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17dba82da70c90424be29f822f0078b9

SHA1
9ae7fe0cd1ac4b63de5962c411e1e0e58fb3cf16

SHA256
7ecbde5d03eb0d2e6af809e29cc82b31dd6f7633b41d616e806cf73a1c52d0f6

SHA512
45097f725e562c0cbc5e4626826a9b93c728c463cfb473c837504a19425eebdf43e3b9e606d833e61ceaa5b7bc24b4cf8f2d50a618ccfdba11d41b485008b299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GEI8CBZ2\www.google[1].xml

Filesize
92B

MD5
90b8bd18706721fbd8def28e533b171b

SHA1
bc6b1f37ecb959646d5dd4aafa36f9c9c321ff84

SHA256
2d8e62fdfc40fe266136d3d792381b277ed10685317cd7b5cc3709e9d124bb9e

SHA512
b87c303bdb575841f8609cfead1149f58351b9ed9608fbae37febcb4f47f4f3aec9203e96f34b53e356779efb68ae3e3f2e29941d4a0ec26e777a0810527bc5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GI9ARZHR\dvps.highrez.co[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

Filesize
3KB

MD5
ccf4c71a6beb1d9290bcc03be3bd0fd3

SHA1
9de46a363e0487dcac63ab9b9b2146f5531db041

SHA256
fb17b0d94701d798e6dd7ecc74718cd4bc2387a82cfda2f1f751e221a7380c99

SHA512
b5db990200f15b9c14a2d97d653bdc17954e6e47b9d6e3afc670e58c5548c1b880eefc38457696fb8744cbd6be4d6cbfe62ace02bbb8bf704e4cb983ce0bc908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\f[1].txt

Filesize
176KB

MD5
d90b2533c1d0d2326c69ae9b3a65e200

SHA1
00af8a7479ea65863580dbf85f8bfd85350edf58

SHA256
d6070269d5f103ade7f6f7f5c23e8c5659c0652569d5cc2e651e52f4046787a2

SHA512
75c322a0f588e5437f43dc3dfcf52a7d9c51bf00c70e0ad82a93642f9f3946ab8e4d77f061f8ecc4b0c768346a8313b047918391cb412fc6e550f4ceaca2a185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\sUZmNgw9Nq2fwuAcXGjFUpiEPOzLn7Li1RiOpjg7MUo[1].js

Filesize
40KB

MD5
2b5ed6778ac30e4880a755590736c080

SHA1
53acbcfb9d1ef2063e6604cb67f56cd884452d30

SHA256
b14666360c3d36ad9fc2e01c5c68c55298843ceccb9fb2e2d5188ea6383b314a

SHA512
bcb72a6375f444b6c1ae543913c6359624628c08c2ebbc5ad657b24d0958838baad921bae2f9571c56ecb7107b898229d7704c914cf42dc3c83c5b06d55b84fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3RPYUN\sodar2[1].js

Filesize
16KB

MD5
2cc87e9764aebcbbf36ff2061e6a2793

SHA1
b4f2ffdf4c695aa79f0e63651c18a88729c2407b

SHA256
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

SHA512
4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab66E0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar66F2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ioSpecial.ini

Filesize
696B

MD5
cc09941bf22394a9d1265c2a4e44f803

SHA1
fdf3a9fff4c9f25dbbc50341a421326de897c643

SHA256
97a8c0544314849c68a1b2bb12fba7d9e87c089d5eb9afbc29dea8ba9b116995

SHA512
9a89967091bd4ce8c77b24fc5abd8e862cb5bb55671641eab3a66d180004b78182dbb613231aaa6eff6b72e2def641fc32777b6f294233484deb2cd0c54f2d2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ioSpecial.ini

Filesize
709B

MD5
36d76f911b8cad5b6918d95346bbfbed

SHA1
63638091e2bf5d635133b87bb2bb867f8cfd3f30

SHA256
5663dcc38d2ad76dd46c31f2bd76b0b99cbc132212cfacce72d0201730f5fc1d

SHA512
ec0f19755a0c45ae0524ee4e60ad672eecbc8a8b64c7c9e75d304ae73df97a0be2e8dff2951e9c533408d728d6cd9a240a4ba57908e0c2b6a41a32d41d1fe3d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ioSpecial.ini

Filesize
726B

MD5
e1b9a42cf7b0f23aa44e88aefba53388

SHA1
20f76a5833c7911ccc1a29f05051dc1c5db2269a

SHA256
7cbc645f2b66a8c46461fc5780d80c25ade282583e86c666ec3b2aae2cf3605e

SHA512
e2822981e84b42d6471014d6aa2d1631a202dfe1631f0c8879b55bcd042d8352f95b362146b0281a6544fbe79ea89cd900cbfc9a09d8513410be82367f2f1ea3

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/3056-232-0x0000000001EF0000-0x0000000001EF2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request