hxxps://exego[.]app/nlwWO

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 15:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://exego.app/nlwWO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5612	msedge.exe
5612	msedge.exe
428	msedge.exe
428	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	4004	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4004	AUDIODG.EXE
Token: SeRestorePrivilege	5476	7zFM.exe
Token: 35	5476	7zFM.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 4448	428	msedge.exe	85
PID 428 wrote to memory of 4448	428	msedge.exe	85
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 4460	428	msedge.exe	87
PID 428 wrote to memory of 5612	428	msedge.exe	86
PID 428 wrote to memory of 5612	428	msedge.exe	86
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88
PID 428 wrote to memory of 3784	428	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://exego.app/nlwWO
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dad46f8,0x7ffe8dad4708,0x7ffe8dad4718
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,14710263819382384534,17338212597385808730,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7512 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Vape V4 & Lite.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4004

Network

DNS

exego.app

msedge.exe

Remote address:

8.8.8.8:53

Request

exego.app

IN A

Response

exego.app

IN A

104.26.15.117

exego.app

IN A

104.26.14.117

exego.app

IN A

172.67.73.247
GET

https://exego.app/nlwWO

msedge.exe

Remote address:

104.26.15.117:443

Request

GET /nlwWO HTTP/2.0
host: exego.app
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: must-revalidate, no-cache, no-store, private
pragma: no-cache
expires: -1
x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
set-cookie: XSRF-TOKEN=eyJpdiI6IjFXWDFDZjhRNjdzYS9EanJMa2U5VGc9PSIsInZhbHVlIjoiL2RIWW9nUHU3L1FSemVLL1lwdnJzWnQydTQzTkN6L0paRGNKQlVuL1dXODU0clplbUtQZjN6bFM2clh1eG5VZktNRm5UelpuOFZMVXQ1RkVZb2c0anRodzVBMEVuSmlDMUJsVlFubEt5ZUtEUlJ0emtYajBQTXVwRHpIZGpLL1kiLCJtYWMiOiIwN2NjZTA3M2QxZGM2ZDlmYTliMjhjNGMwMzc1ZDUzZDM1NzQ5MjI1NzViNDhmMzdkZWZlZjFhYzhjZTE3MzA2IiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:55:39 GMT; Max-Age=604800; path=/; samesite=lax
set-cookie: cutyio_session=eyJpdiI6IlFmdzdFR09SWGxvVU9FV3FnUFIyM2c9PSIsInZhbHVlIjoibkMwQ1RCQWh1OVM3dk5EV2o1TXRZMnUvNERZbkVOVkovTnRicU1LaERJZmRlbit5WDlEZ0owYjBNQlhhUDREMHBsTEl6ZWU1ZjhzR2JVRjE1ano4ZDBjTFB6b291QS9ORnREV0FMclJ0ejBvc0hubGJXRWdST2J1ZTZtYmFSWVYiLCJtYWMiOiI0NDA1ZmU4YTgzZmI2ZjI5NzYzNDk4NzdlZThlNmNmYjRiMDgwNWZlNjY5ZTI0NzlkOTJkYTc3NDcyNDlkNTliIiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:55:39 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jIuq9DdZtZnHcK4Y7Y%2FtDB1g%2BSvmzM7%2B7cFBXGJxMxzdLSuqaQL8euAXE7FiR6O5Oze55Iy%2Ft%2B0xJ9z4HE41meXlmpMfBksRvxm1K7A8bWxgvWCpZhLWOgC8AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2015d29dd7b-LHR
content-encoding: br
HEAD

https://exego.app/nlwWO

msedge.exe

Remote address:

104.26.15.117:443

Request

HEAD /nlwWO HTTP/2.0
host: exego.app
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/nlwWO
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: XSRF-TOKEN=eyJpdiI6IjFXWDFDZjhRNjdzYS9EanJMa2U5VGc9PSIsInZhbHVlIjoiL2RIWW9nUHU3L1FSemVLL1lwdnJzWnQydTQzTkN6L0paRGNKQlVuL1dXODU0clplbUtQZjN6bFM2clh1eG5VZktNRm5UelpuOFZMVXQ1RkVZb2c0anRodzVBMEVuSmlDMUJsVlFubEt5ZUtEUlJ0emtYajBQTXVwRHpIZGpLL1kiLCJtYWMiOiIwN2NjZTA3M2QxZGM2ZDlmYTliMjhjNGMwMzc1ZDUzZDM1NzQ5MjI1NzViNDhmMzdkZWZlZjFhYzhjZTE3MzA2IiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6IlFmdzdFR09SWGxvVU9FV3FnUFIyM2c9PSIsInZhbHVlIjoibkMwQ1RCQWh1OVM3dk5EV2o1TXRZMnUvNERZbkVOVkovTnRicU1LaERJZmRlbit5WDlEZ0owYjBNQlhhUDREMHBsTEl6ZWU1ZjhzR2JVRjE1ano4ZDBjTFB6b291QS9ORnREV0FMclJ0ejBvc0hubGJXRWdST2J1ZTZtYmFSWVYiLCJtYWMiOiI0NDA1ZmU4YTgzZmI2ZjI5NzYzNDk4NzdlZThlNmNmYjRiMDgwNWZlNjY5ZTI0NzlkOTJkYTc3NDcyNDlkNTliIiwidGFnIjoiIn0%3D

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: must-revalidate, no-cache, no-store, private
pragma: no-cache
expires: -1
x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
set-cookie: XSRF-TOKEN=eyJpdiI6IllYWVRHeHE1TDFhVW5LL1BaWU45L3c9PSIsInZhbHVlIjoiOHR2Y3VSMktnUGNEOWp6cVhFZEtYdmdEUFhmK3lZUnlDS3N1TUpKbktlK2tXaWFiU2RyT3ppd3E3WFpwYWdYQjQwaEdVK1dVMXFNdE13Y2l1NkxHVzlqTWZvOHZrbDZvRjh4T1l2YXlvTUgrVkxJeWY4bko5QXJZeHhtbG9uWE4iLCJtYWMiOiI2ZWMxZjIwN2FlODZjMjFlYmFlMTZiNTk2Y2UwMGRjYWFjOWUzNTJhYTYwNzAxM2U0NDcyNWQyN2FmNzg0MTBiIiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:55:40 GMT; Max-Age=604800; path=/; samesite=lax
set-cookie: cutyio_session=eyJpdiI6Ijd6Ymh1M1IvTlNpWVJsOEtLRGVXNkE9PSIsInZhbHVlIjoid3NXTW1LYW85dythTmphV1M4YjI0cGpwczh6a0dkdUZIaG9qQjAyVWNHTktiQlhIMG1aQmVVSXJrN3lCL0dKQzcvN3hHTXdyN0NESlAvMGM5dGVhNXVkSWNFRG4zazFZcitiVTYwTERONFJ4cGcrYzhJODJGUjYxSEZJNzZUR2EiLCJtYWMiOiIwN2I4NTlkYmViNGE5ZWZjMWQyOGNhNmYwMjRhODY4M2E4NDg0MDUxMzM4MDYyZGM5ZTk5NjliNWM0NTUxOTlmIiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:55:40 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5ILunhlGPuGb%2BBo9OGnYHn8yuZmjofYCay6W379J1u0e0CJhCpDorj%2BkYUYA1tBzdBwAt4ksOvrCc%2BmH5w1WVJP7xa5HAnLcVz%2FoACRqvxOjekw7%2FM7lRS4bA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2089d1bdd7b-LHR
content-encoding: br
GET

https://exego.app/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.26.15.117:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: exego.app
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: XSRF-TOKEN=eyJpdiI6IllYWVRHeHE1TDFhVW5LL1BaWU45L3c9PSIsInZhbHVlIjoiOHR2Y3VSMktnUGNEOWp6cVhFZEtYdmdEUFhmK3lZUnlDS3N1TUpKbktlK2tXaWFiU2RyT3ppd3E3WFpwYWdYQjQwaEdVK1dVMXFNdE13Y2l1NkxHVzlqTWZvOHZrbDZvRjh4T1l2YXlvTUgrVkxJeWY4bko5QXJZeHhtbG9uWE4iLCJtYWMiOiI2ZWMxZjIwN2FlODZjMjFlYmFlMTZiNTk2Y2UwMGRjYWFjOWUzNTJhYTYwNzAxM2U0NDcyNWQyN2FmNzg0MTBiIiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6Ijd6Ymh1M1IvTlNpWVJsOEtLRGVXNkE9PSIsInZhbHVlIjoid3NXTW1LYW85dythTmphV1M4YjI0cGpwczh6a0dkdUZIaG9qQjAyVWNHTktiQlhIMG1aQmVVSXJrN3lCL0dKQzcvN3hHTXdyN0NESlAvMGM5dGVhNXVkSWNFRG4zazFZcitiVTYwTERONFJ4cGcrYzhJODJGUjYxSEZJNzZUR2EiLCJtYWMiOiIwN2I4NTlkYmViNGE5ZWZjMWQyOGNhNmYwMjRhODY4M2E4NDg0MDUxMzM4MDYyZGM5ZTk5NjliNWM0NTUxOTlmIiwidGFnIjoiIn0%3D

Response

HTTP/2.0 302

date: Mon, 19 Feb 2024 15:55:40 GMT
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
vary: accept-encoding
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEqsrJ7mVhT%2FUfatXOinB6xrpkBQcf%2BOMyVw7GmLDVKCGI%2BUSv0QfIPu1M9lAt%2BmQHeVZiVup9igfpvxwBWVo5lMFsLaJds5Hi7MN7OQe7PMb9%2FtE3RM26MxPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb20aef59dd7b-LHR
GET

https://exego.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js

msedge.exe

Remote address:

104.26.15.117:443

Request

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js HTTP/2.0
host: exego.app
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: XSRF-TOKEN=eyJpdiI6IllYWVRHeHE1TDFhVW5LL1BaWU45L3c9PSIsInZhbHVlIjoiOHR2Y3VSMktnUGNEOWp6cVhFZEtYdmdEUFhmK3lZUnlDS3N1TUpKbktlK2tXaWFiU2RyT3ppd3E3WFpwYWdYQjQwaEdVK1dVMXFNdE13Y2l1NkxHVzlqTWZvOHZrbDZvRjh4T1l2YXlvTUgrVkxJeWY4bko5QXJZeHhtbG9uWE4iLCJtYWMiOiI2ZWMxZjIwN2FlODZjMjFlYmFlMTZiNTk2Y2UwMGRjYWFjOWUzNTJhYTYwNzAxM2U0NDcyNWQyN2FmNzg0MTBiIiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6Ijd6Ymh1M1IvTlNpWVJsOEtLRGVXNkE9PSIsInZhbHVlIjoid3NXTW1LYW85dythTmphV1M4YjI0cGpwczh6a0dkdUZIaG9qQjAyVWNHTktiQlhIMG1aQmVVSXJrN3lCL0dKQzcvN3hHTXdyN0NESlAvMGM5dGVhNXVkSWNFRG4zazFZcitiVTYwTERONFJ4cGcrYzhJODJGUjYxSEZJNzZUR2EiLCJtYWMiOiIwN2I4NTlkYmViNGE5ZWZjMWQyOGNhNmYwMjRhODY4M2E4NDg0MDUxMzM4MDYyZGM5ZTk5NjliNWM0NTUxOTlmIiwidGFnIjoiIn0%3D

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:40 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0hy4NWkl04tAwJdfu2j48VtHFFBZVPPc4HNPyYcFoftbyKDrILqKNzEP0YD1AqawBbmnCm88cACNeEYZG1%2BI9VddMI5lxJrtvmUKdRi6CapC67yPa8afSaAgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb20c1855dd7b-LHR
content-encoding: br
POST

https://exego.app/cdn-cgi/challenge-platform/h/b/jsd/r/857fb2015d29dd7b

msedge.exe

Remote address:

104.26.15.117:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/857fb2015d29dd7b HTTP/2.0
host: exego.app
content-length: 14054
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://exego.app
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: XSRF-TOKEN=eyJpdiI6IllYWVRHeHE1TDFhVW5LL1BaWU45L3c9PSIsInZhbHVlIjoiOHR2Y3VSMktnUGNEOWp6cVhFZEtYdmdEUFhmK3lZUnlDS3N1TUpKbktlK2tXaWFiU2RyT3ppd3E3WFpwYWdYQjQwaEdVK1dVMXFNdE13Y2l1NkxHVzlqTWZvOHZrbDZvRjh4T1l2YXlvTUgrVkxJeWY4bko5QXJZeHhtbG9uWE4iLCJtYWMiOiI2ZWMxZjIwN2FlODZjMjFlYmFlMTZiNTk2Y2UwMGRjYWFjOWUzNTJhYTYwNzAxM2U0NDcyNWQyN2FmNzg0MTBiIiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6Ijd6Ymh1M1IvTlNpWVJsOEtLRGVXNkE9PSIsInZhbHVlIjoid3NXTW1LYW85dythTmphV1M4YjI0cGpwczh6a0dkdUZIaG9qQjAyVWNHTktiQlhIMG1aQmVVSXJrN3lCL0dKQzcvN3hHTXdyN0NESlAvMGM5dGVhNXVkSWNFRG4zazFZcitiVTYwTERONFJ4cGcrYzhJODJGUjYxSEZJNzZUR2EiLCJtYWMiOiIwN2I4NTlkYmViNGE5ZWZjMWQyOGNhNmYwMjRhODY4M2E4NDg0MDUxMzM4MDYyZGM5ZTk5NjliNWM0NTUxOTlmIiwidGFnIjoiIn0%3D
cookie: _ga_GGDCMPL4QP=GS1.1.1708358139.1.0.1708358139.0.0.0
cookie: _ga=GA1.1.740424307.1708358140

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:41 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=WHtRIW0x4FvFh5at49OjKe2iFhaYfk_FHwaXzXB_LQI-1708358141-1.0-ARrd85Go9202+MBPeBYmQebUOVFvuW3tHtdGyms1yo8VGGCpoKGX64iUvMEABWMhWLx88wWv6tycwCRWBoq12I0=; path=/; expires=Tue, 18-Feb-25 15:55:41 GMT; domain=.exego.app; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FhGSn8JGXl3ezZO60GByVsuyDCxTJEJ%2BlNTs96AecSWN3a0HYHl%2F%2Fkuer1UcJ30fPt1m68wjBJg66Kd5lBHkTgQ6hOseXiH34YBN2HNLtUg9s8qg3%2F%2FjosLOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2103cb1dd7b-LHR
content-encoding: br
POST

https://exego.app/nlwWO

msedge.exe

Remote address:

104.26.15.117:443

Request

POST /nlwWO HTTP/2.0
host: exego.app
content-length: 47
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
origin: https://exego.app
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://exego.app/nlwWO
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: XSRF-TOKEN=eyJpdiI6IllYWVRHeHE1TDFhVW5LL1BaWU45L3c9PSIsInZhbHVlIjoiOHR2Y3VSMktnUGNEOWp6cVhFZEtYdmdEUFhmK3lZUnlDS3N1TUpKbktlK2tXaWFiU2RyT3ppd3E3WFpwYWdYQjQwaEdVK1dVMXFNdE13Y2l1NkxHVzlqTWZvOHZrbDZvRjh4T1l2YXlvTUgrVkxJeWY4bko5QXJZeHhtbG9uWE4iLCJtYWMiOiI2ZWMxZjIwN2FlODZjMjFlYmFlMTZiNTk2Y2UwMGRjYWFjOWUzNTJhYTYwNzAxM2U0NDcyNWQyN2FmNzg0MTBiIiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6Ijd6Ymh1M1IvTlNpWVJsOEtLRGVXNkE9PSIsInZhbHVlIjoid3NXTW1LYW85dythTmphV1M4YjI0cGpwczh6a0dkdUZIaG9qQjAyVWNHTktiQlhIMG1aQmVVSXJrN3lCL0dKQzcvN3hHTXdyN0NESlAvMGM5dGVhNXVkSWNFRG4zazFZcitiVTYwTERONFJ4cGcrYzhJODJGUjYxSEZJNzZUR2EiLCJtYWMiOiIwN2I4NTlkYmViNGE5ZWZjMWQyOGNhNmYwMjRhODY4M2E4NDg0MDUxMzM4MDYyZGM5ZTk5NjliNWM0NTUxOTlmIiwidGFnIjoiIn0%3D
cookie: _ga_GGDCMPL4QP=GS1.1.1708358139.1.0.1708358139.0.0.0
cookie: _ga=GA1.1.740424307.1708358140
cookie: prefetchAd_6966799=true
cookie: cf_clearance=WHtRIW0x4FvFh5at49OjKe2iFhaYfk_FHwaXzXB_LQI-1708358141-1.0-ARrd85Go9202+MBPeBYmQebUOVFvuW3tHtdGyms1yo8VGGCpoKGX64iUvMEABWMhWLx88wWv6tycwCRWBoq12I0=
cookie: FCCDCF=%5Bnull%2Cnull%2Cnull%2C%5B%22CP6OgQAP6OgQAEsACBENAoEoAP_gAEPgAAKIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%22%2C%222~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.%22%2C%22A1E29C36-29C0-4F49-B15D-92D89AB306FC%22%5D%5D
cookie: FCNEC=%5B%5B%22AKsRol8jdu4-_f4mGp78FZNX6socZw3S_ZTvyW2yf35pDSVN2xsX4FVIWifIE4W0NT0NroeNcQJj2fIHIoBSovzIW6a7WNuyHUZ0yps0for8biDTzHO3SZYvgZUvEp9k2vp2jXUVk6qubQ7dBytipA7y2y252nxlSw%3D%3D%22%5D%5D
cookie: __gads=ID=6d5529715caecca3:T=1708358155:RT=1708358155:S=ALNI_MZVx5zn8oqKE0yk-scO98N-T7CmFw
cookie: __gpi=UID=00000d281e1d9747:T=1708358155:RT=1708358155:S=ALNI_MbJZyTcCgnDPS7x0237jgohUkYdwg
cookie: __eoi=ID=367e3157a4717dfd:T=1708358155:RT=1708358155:S=AA-Afjb6RHPGDr9ywYRZtXcfqavp

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: must-revalidate, no-cache, no-store, private
pragma: no-cache
expires: -1
x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
set-cookie: XSRF-TOKEN=eyJpdiI6InlFOXZMN0FrbUVRN1cwVjNJZG9rTFE9PSIsInZhbHVlIjoiZTdUdVp6N2tjalh1U2g4VlZ1WXdwSlFDUko5TWo2Rk1rbStlZE5QQWhjWmdhd2hwY1ArWElHWTRZVVZlM1hWb255RFRmNHdVZkIwd1lpQmlabk95R29IZnpBOHo4blo2aDJybUo0V08zY1RQTExDZDRzK2FJQ2s4dUd0NGhmKzAiLCJtYWMiOiJlNGZkNzg2ZjUxZmRhMjUzNDM3YjcyMTliZTA3OTAzMjY3MzdiMmI3MDUyNGVkNjdiMWMxOTBjYzAwNjE5YWYxIiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:55:57 GMT; Max-Age=604800; path=/; samesite=lax
set-cookie: cutyio_session=eyJpdiI6ImV0MUNiNHE3TllMOFBPb0thL0p4dVE9PSIsInZhbHVlIjoialVQeFh4MERaMXNtOHVDRjM4ZWxqUzI4WTVaOHllenBRaWRNRHh4MFhtUlJzQ3p1Y1dkSWVteDdRV2RVcU43N3p5SFg0SGJrOEd5QTZJNi9VcjM0Qmk4WE92eFIwYkdNN3RMOUxCaUtQRjB2LzFFREhBNldjSUdCUzBNTVVyQXkiLCJtYWMiOiI4ZDM3OGJhNjc3MDZmNDk4OGU4ZTUzYjQyNjljYTkzZTVjZjYxYTAxOTY0YTc1MmIyN2IxYmUzOGI0NjJjMTkxIiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:55:57 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CL1hoC8DQerArjHA5BGsfkpuPSxuNKYsusvGv7r0LAG2W76ghyhT6FV1oN%2Fgb6x4fyrv06WeSx5MA%2Bqj%2F9Qc8hpclSjua8bSMPB%2BFEvg9UgYxa5k8BQfyFnXAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb276bfa6dd7b-LHR
content-encoding: br
POST

https://exego.app/nlwWO

msedge.exe

Remote address:

104.26.15.117:443

Request

POST /nlwWO HTTP/2.0
host: exego.app
content-length: 766
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
origin: https://exego.app
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://exego.app/nlwWO
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.1.740424307.1708358140
cookie: prefetchAd_6966799=true
cookie: cf_clearance=WHtRIW0x4FvFh5at49OjKe2iFhaYfk_FHwaXzXB_LQI-1708358141-1.0-ARrd85Go9202+MBPeBYmQebUOVFvuW3tHtdGyms1yo8VGGCpoKGX64iUvMEABWMhWLx88wWv6tycwCRWBoq12I0=
cookie: FCCDCF=%5Bnull%2Cnull%2Cnull%2C%5B%22CP6OgQAP6OgQAEsACBENAoEoAP_gAEPgAAKIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%22%2C%222~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.%22%2C%22A1E29C36-29C0-4F49-B15D-92D89AB306FC%22%5D%5D
cookie: __gads=ID=6d5529715caecca3:T=1708358155:RT=1708358155:S=ALNI_MZVx5zn8oqKE0yk-scO98N-T7CmFw
cookie: __gpi=UID=00000d281e1d9747:T=1708358155:RT=1708358155:S=ALNI_MbJZyTcCgnDPS7x0237jgohUkYdwg
cookie: __eoi=ID=367e3157a4717dfd:T=1708358155:RT=1708358155:S=AA-Afjb6RHPGDr9ywYRZtXcfqavp
cookie: XSRF-TOKEN=eyJpdiI6InlFOXZMN0FrbUVRN1cwVjNJZG9rTFE9PSIsInZhbHVlIjoiZTdUdVp6N2tjalh1U2g4VlZ1WXdwSlFDUko5TWo2Rk1rbStlZE5QQWhjWmdhd2hwY1ArWElHWTRZVVZlM1hWb255RFRmNHdVZkIwd1lpQmlabk95R29IZnpBOHo4blo2aDJybUo0V08zY1RQTExDZDRzK2FJQ2s4dUd0NGhmKzAiLCJtYWMiOiJlNGZkNzg2ZjUxZmRhMjUzNDM3YjcyMTliZTA3OTAzMjY3MzdiMmI3MDUyNGVkNjdiMWMxOTBjYzAwNjE5YWYxIiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6ImV0MUNiNHE3TllMOFBPb0thL0p4dVE9PSIsInZhbHVlIjoialVQeFh4MERaMXNtOHVDRjM4ZWxqUzI4WTVaOHllenBRaWRNRHh4MFhtUlJzQ3p1Y1dkSWVteDdRV2RVcU43N3p5SFg0SGJrOEd5QTZJNi9VcjM0Qmk4WE92eFIwYkdNN3RMOUxCaUtQRjB2LzFFREhBNldjSUdCUzBNTVVyQXkiLCJtYWMiOiI4ZDM3OGJhNjc3MDZmNDk4OGU4ZTUzYjQyNjljYTkzZTVjZjYxYTAxOTY0YTc1MmIyN2IxYmUzOGI0NjJjMTkxIiwidGFnIjoiIn0%3D
cookie: _ga_GGDCMPL4QP=GS1.1.1708358139.1.0.1708358157.0.0.0
cookie: _ga_3K0TP58S5B=GS1.1.1708358157.1.0.1708358157.0.0.0
cookie: ab=8e39a1946ef1566e197e9b586462e1269215183f
cookie: FCNEC=%5B%5B%22AKsRol-b4gLJiQwYjAR2J_BKaD5OuXUeUCUnQSPp7aX3IYB0yo4MBsZLBntbKmfxeXQiHFY5pp4-TFHmQlWmSycKlr-SVVBNml8gsjQuXusLc0k_2Cpm05LXlt_R1mCMaSQVKICZBw0_eEooy67dXIWXvqkYMxfAxQ%3D%3D%22%5D%5D

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:57:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: must-revalidate, no-cache, no-store, private
pragma: no-cache
expires: -1
x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
set-cookie: visitor=eyJpdiI6IndIT3FnNzV5Y0x3Sk1qcGxVb2RUUWc9PSIsInZhbHVlIjoiZGlnQ0Vscmt5MFMvOXExMThJcjhnNCtkcDluV2dSNHF3UWcxSmtDWDVGUEpxajFGLzRLby9oTVdwRVM2OGpyNURMQ1FHN3dManRSRmRRd1o0UStUanpqM2l5MU9pam5ONUY5M05sKzViN3JOVG5pUnFvMzVtSUFWbFJuaGh6YmJXTHdMNisxc3gzVTF1Mzg0N0JhUmlFMUFuUTJFS3NIRCtIVFc5Zk9UbDJINkRQbllGcWd1VUdDVEZmdCtzdm14K1NFY2VqSFZzakRoZjFiMnZ2NmMvdXJDLzNSMFB4VkpxdldNYXdVMGVJWGEzUzR2dU5vT3VrRnF4MmxSNnZ4TyIsIm1hYyI6IjQ3MTZjYTBiYzM4MDEzNGQ5ZTdiMzQyZTczNzc3YmQ0ZDY5NTU5NTBkYWZmZDRhMmYyYzBmYzBhZWY2YmUzZjAiLCJ0YWciOiIifQ%3D%3D; expires=Mon, 19 Feb 2024 23:59:20 GMT; Max-Age=28920; path=/; secure; httponly; samesite=lax
set-cookie: XSRF-TOKEN=eyJpdiI6InNiNFZXN0lwekx4ejlYVUhOQjYrUWc9PSIsInZhbHVlIjoiaURhZzNveVE2WGQ1S1BpSUdpejYwOVE2a2wyenFYc3VkWW9HbGoxdk5zcWpXRVBmMmpjdy9hTDFIYmhDeHZjMWZxNjVvSHN3NlRuWmtWK0RRbjZBTU9LODRLbnBJbE45dzNBRDNBZVFhdkVkenk2NW1GYWhJZGpib3hORjVlL3EiLCJtYWMiOiIxNTVhMDQxY2UyOTBmYjE1YWUyYmY3Y2M3NDg4MGYyZWM1OWY1NjhiOGU2MWI1M2Q2N2Q2Mjk4OTA0NTQxODY4IiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:57:20 GMT; Max-Age=604800; path=/; samesite=lax
set-cookie: cutyio_session=eyJpdiI6InFkL1BHM3JHWDVoQTdERWlnV2N1Zmc9PSIsInZhbHVlIjoiNGtrdy9wK2U3YWdxdC9qNTdEMU80K2VUaGMzNW5KckdOYU5LSGVqWXVRWnJPOTFrOUZBZFZMdkkzOURNVXRnSEQ3UDBaUHEvN0RLaXoxRGNPdUdib01MWmhDVXVRdmJ0TXh5Rk1jOEZGdmxOWHJjQjlnZ292NjJPeWpScksyUFIiLCJtYWMiOiI1MmViMDg5MzI3N2IwODFkZWY3ZTZkNDA0MWE3NzQxMzg5Mjk3Y2Q4Mzc0Njk3YmUwM2MxMGZiNTY0ZDE5ZjY2IiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:57:20 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZtNB1mQ6VFvu9jZ4R%2BI1Q92ENnrqIFEFC4nsVjSHCQm697%2Bt1ZM6QOV%2Bf%2BZMF1GzPmI9JMOtTgbng2%2Fecwrlxsj9MpusuCUMsnj63ZqUF%2FHSCYb1PhqvNqOr%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb47c9c0bdd7b-LHR
content-encoding: br
POST

https://exego.app/go/nlwWO

msedge.exe

Remote address:

104.26.15.117:443

Request

POST /go/nlwWO HTTP/2.0
host: exego.app
content-length: 449
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
origin: https://exego.app
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://exego.app/nlwWO
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.1.740424307.1708358140
cookie: prefetchAd_6966799=true
cookie: cf_clearance=WHtRIW0x4FvFh5at49OjKe2iFhaYfk_FHwaXzXB_LQI-1708358141-1.0-ARrd85Go9202+MBPeBYmQebUOVFvuW3tHtdGyms1yo8VGGCpoKGX64iUvMEABWMhWLx88wWv6tycwCRWBoq12I0=
cookie: FCCDCF=%5Bnull%2Cnull%2Cnull%2C%5B%22CP6OgQAP6OgQAEsACBENAoEoAP_gAEPgAAKIINJD7D7FbSFCwHpzaLsAMAhHRsCAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQAECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAQOhQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA%22%2C%222~2072.70.89.93.108.122.149.196.2253.2299.259.2357.311.313.323.2373.338.358.2415.415.449.2506.2526.486.494.495.2568.2571.2575.540.574.2624.609.2677.864.981.1029.1048.1051.1095.1097.1126.1201.1205.1211.1276.1301.1344.1365.1415.1423.1449.1451.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958~dv.%22%2C%22A1E29C36-29C0-4F49-B15D-92D89AB306FC%22%5D%5D
cookie: __gads=ID=6d5529715caecca3:T=1708358155:RT=1708358155:S=ALNI_MZVx5zn8oqKE0yk-scO98N-T7CmFw
cookie: __gpi=UID=00000d281e1d9747:T=1708358155:RT=1708358155:S=ALNI_MbJZyTcCgnDPS7x0237jgohUkYdwg
cookie: __eoi=ID=367e3157a4717dfd:T=1708358155:RT=1708358155:S=AA-Afjb6RHPGDr9ywYRZtXcfqavp
cookie: ab=8e39a1946ef1566e197e9b586462e1269215183f
cookie: visitor=eyJpdiI6IndIT3FnNzV5Y0x3Sk1qcGxVb2RUUWc9PSIsInZhbHVlIjoiZGlnQ0Vscmt5MFMvOXExMThJcjhnNCtkcDluV2dSNHF3UWcxSmtDWDVGUEpxajFGLzRLby9oTVdwRVM2OGpyNURMQ1FHN3dManRSRmRRd1o0UStUanpqM2l5MU9pam5ONUY5M05sKzViN3JOVG5pUnFvMzVtSUFWbFJuaGh6YmJXTHdMNisxc3gzVTF1Mzg0N0JhUmlFMUFuUTJFS3NIRCtIVFc5Zk9UbDJINkRQbllGcWd1VUdDVEZmdCtzdm14K1NFY2VqSFZzakRoZjFiMnZ2NmMvdXJDLzNSMFB4VkpxdldNYXdVMGVJWGEzUzR2dU5vT3VrRnF4MmxSNnZ4TyIsIm1hYyI6IjQ3MTZjYTBiYzM4MDEzNGQ5ZTdiMzQyZTczNzc3YmQ0ZDY5NTU5NTBkYWZmZDRhMmYyYzBmYzBhZWY2YmUzZjAiLCJ0YWciOiIifQ%3D%3D
cookie: XSRF-TOKEN=eyJpdiI6InNiNFZXN0lwekx4ejlYVUhOQjYrUWc9PSIsInZhbHVlIjoiaURhZzNveVE2WGQ1S1BpSUdpejYwOVE2a2wyenFYc3VkWW9HbGoxdk5zcWpXRVBmMmpjdy9hTDFIYmhDeHZjMWZxNjVvSHN3NlRuWmtWK0RRbjZBTU9LODRLbnBJbE45dzNBRDNBZVFhdkVkenk2NW1GYWhJZGpib3hORjVlL3EiLCJtYWMiOiIxNTVhMDQxY2UyOTBmYjE1YWUyYmY3Y2M3NDg4MGYyZWM1OWY1NjhiOGU2MWI1M2Q2N2Q2Mjk4OTA0NTQxODY4IiwidGFnIjoiIn0%3D
cookie: cutyio_session=eyJpdiI6InFkL1BHM3JHWDVoQTdERWlnV2N1Zmc9PSIsInZhbHVlIjoiNGtrdy9wK2U3YWdxdC9qNTdEMU80K2VUaGMzNW5KckdOYU5LSGVqWXVRWnJPOTFrOUZBZFZMdkkzOURNVXRnSEQ3UDBaUHEvN0RLaXoxRGNPdUdib01MWmhDVXVRdmJ0TXh5Rk1jOEZGdmxOWHJjQjlnZ292NjJPeWpScksyUFIiLCJtYWMiOiI1MmViMDg5MzI3N2IwODFkZWY3ZTZkNDA0MWE3NzQxMzg5Mjk3Y2Q4Mzc0Njk3YmUwM2MxMGZiNTY0ZDE5ZjY2IiwidGFnIjoiIn0%3D
cookie: _ga_3K0TP58S5B=GS1.1.1708358157.1.0.1708358239.0.0.0
cookie: _ga_GGDCMPL4QP=GS1.1.1708358139.1.1.1708358241.0.0.0
cookie: FCNEC=%5B%5B%22AKsRol81Jgm4x8fqBWnewnVMpLYKy1vhZZeNyo0l0oHLqyGTk_vEegPCb7G3jZ2JnJ8pcj1G6Pyo7v_SQLlnSImhWN46UJV59nNHg4qkyM6KuAWpjL8NcxUoIKF53odw72DyRgHIDML3rFkxxwqWy5vLhYFBA4neDQ%3D%3D%22%5D%5D

Response

HTTP/2.0 302

date: Mon, 19 Feb 2024 15:57:44 GMT
content-type: text/html; charset=UTF-8
location: https://mega.nz/file/R5Z30JAa#iP9SQ0fMOfwQiXwkstH1QYinFz5qkEY1nFjLeKgVrBA
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IjJsNXRRVVpNVVNTYklwbUpuWkRNUmc9PSIsInZhbHVlIjoiVldFamM0R2k3RlhKZENQQm00djN5ZXZ1YzR2S2xyL0s2UURCVXlkZGxtMXdjdloxZXI5VjRjczJnREt2VFJRNTNlN1IvT3Z1dmZZUVNicGE4RlZQdU54N2U5T0lNTzQ1K0RQRTdpSG5LNHRUL08wUklpZUxzd3lvQUEvRmYvNkgiLCJtYWMiOiIxODMzNWE4ZGE3OGI5ZGRiMDM2NDQzZDhkN2I2NTcxYTZiOTAzMTU2NzcxZWMxZmEwYmFiYmRmMDA4ZjZlNDg1IiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:57:44 GMT; Max-Age=604800; path=/; samesite=lax
set-cookie: cutyio_session=eyJpdiI6Inl1OEV2WFBCZkRIMWtqT0xjK2lCcmc9PSIsInZhbHVlIjoibnVaM25mT2plQ2xBQmxtNmc5c2NBN3QzYWRURVlkWVBmRTFPSlpiYS9Id2lnSFpETmJYNG1Ud0srRC90MFVhS3paY2lucDBqNmgrTjA1MFQ0cTk4L2orVHFPbGo5TjVNY014Wmo4cFlrbUVmU0s0NjFPZjZoUFNKSGlMbjBBTTMiLCJtYWMiOiJjM2ZiYTA4N2FjYTg5NmVjYzQ4ZGJkOTE1NjYzZjQ5NWFkODYxZmUwYjNkZWYzMmRjM2QzNmI0MDAzODY2ZGM4IiwidGFnIjoiIn0%3D; expires=Mon, 26 Feb 2024 15:57:44 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZM%2BUbnIXrFQFBLfdC0%2F%2FVocZMYXXaeL6K5VPuP7psKhwsJReur2g%2ByMNM03Dz8KVAeqT%2FJ%2BQ5Dcy%2BtXaDzO%2Bkd%2B1lwhUKIeDT0qyZJ9C%2BGAs6H3GHzGs6yub3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb50c9e67dd7b-LHR
DNS

cdn.cuty.io

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.cuty.io

IN A

Response

cdn.cuty.io

IN A

172.67.139.32

cdn.cuty.io

IN A

104.21.87.9
DNS

live.demand.supply

msedge.exe

Remote address:

8.8.8.8:53

Request

live.demand.supply

IN A

Response

live.demand.supply

IN A

104.16.134.22

live.demand.supply

IN A

104.16.133.22
DNS

securepubads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN CNAME

securepubads46.g.doubleclick.net

securepubads46.g.doubleclick.net

IN A

142.250.179.226
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

https://arglingpistole.com/1clkn/60028

msedge.exe

Remote address:

23.109.170.0:443

Request

GET /1clkn/60028 HTTP/1.1
Host: arglingpistole.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://exego.app/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 19 Feb 2024 15:55:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Set-Cookie: GL_UI4=eJw9jU1OwzAYRPOfFprASDkAR3DSppAlC87AMnLsr8E0sSvHJOL2WEiwG8280QuCIKoeEK7ZHvEXb%2FE0sEEeBR1F3bXsxE9Nxy6MU8PppW3Pz2fs1dI7PkzkEuyWmVvXuzXBYSRNVoleGEkFHj3111y12XSCdLBcywLp7ImpQD5Ysy1kqxiJ5jMheZMj%2BZl%2FGouoa3xU2seQITJLFZd3yN%2BVlv5VHhDVrCyzAPe3ibuLsXOvZBYiHS2XhPAVO8EdjcZ%2BI5e0XJ25AWaS%2FT%2F%2FK423miGTtCrh3cZ9kP0BKYpNOQ%3D%3D; expires=Tue, 20-Feb-2024 15:55:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Set-Cookie: GL_GI10=eJwFwVsKwjAQBdDMCBGlCBe7gK6g4AvMr1LyoVRRuoDSlBDQSUmD6%2FccpRSXBThMKM6m3h1NvT%2FUJwPyYHsBD4JNJyGPrroF8S5%2BQQmLprXgJFg24j%2B9ONAAfY%2FiooAC1qFt3pV9PbonWGasrjFNMfV5BE2awDlqBZ5dqUA%2Fvf0D1wgeoQ%3D%3D; expires=Tue, 20-Feb-2024 15:55:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET

https://live.demand.supply/up.js

msedge.exe

Remote address:

104.16.134.22:443

Request

GET /up.js HTTP/2.0
host: live.demand.supply
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Mon, 19 Feb 2024 15:55:54 GMT
set-cookie: __cf_bm=TA6UnOkOFniPrG3Y_2NNB1vzyyTXUgQrzyhGneQEyWM-1708358139-1.0-AQgB91ceimdqVuW49l7OTveAVhriZyjWZF20akct8EE3OrW+ILmrCGJwzWfqoezpMqobmTCKbIWL1YlOlXMbiLs=; path=/; expires=Mon, 19-Feb-24 16:25:39 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb2065de763ba-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://live.demand.supply/up.js

msedge.exe

Remote address:

104.16.134.22:443

Request

GET /up.js HTTP/2.0
host: live.demand.supply
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TA6UnOkOFniPrG3Y_2NNB1vzyyTXUgQrzyhGneQEyWM-1708358139-1.0-AQgB91ceimdqVuW49l7OTveAVhriZyjWZF20akct8EE3OrW+ILmrCGJwzWfqoezpMqobmTCKbIWL1YlOlXMbiLs=

Response

HTTP/2.0 403

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Mon, 19 Feb 2024 15:56:13 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb2794c3363ba-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://live.demand.supply/up.js

msedge.exe

Remote address:

104.16.134.22:443

Request

GET /up.js HTTP/2.0
host: live.demand.supply
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TA6UnOkOFniPrG3Y_2NNB1vzyyTXUgQrzyhGneQEyWM-1708358139-1.0-AQgB91ceimdqVuW49l7OTveAVhriZyjWZF20akct8EE3OrW+ILmrCGJwzWfqoezpMqobmTCKbIWL1YlOlXMbiLs=

Response

HTTP/2.0 403

date: Mon, 19 Feb 2024 15:57:21 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Mon, 19 Feb 2024 15:57:36 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb47eb9ad63ba-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://www.google.com/recaptcha/api.js

msedge.exe

Remote address:

142.250.178.4:443

Request

GET /recaptcha/api.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://securepubads.g.doubleclick.net/tag/js/gpt.js

msedge.exe

Remote address:

142.250.179.226:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402150101/pubads_impl.js?cb=31081246

msedge.exe

Remote address:

142.250.179.226:443

Request

GET /pagead/managed/js/gpt/m202402150101/pubads_impl.js?cb=31081246 HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.googletagservices.com/dcm/dcmads.js

msedge.exe

Remote address:

142.250.179.226:443

Request

GET /dcm/dcmads.js HTTP/2.0
host: www.googletagservices.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.cuty.io/css/public.css?id=a66d1b3f490ee5b9c79bc9f7135b2531

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /css/public.css?id=a66d1b3f490ee5b9c79bc9f7135b2531 HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-175a"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjquXWbuQGAlrN3CYBktInX7faW2AszYC8udqpjSSrv6whJQofmpNEhSeHq7F%2B8jGZx3p2JZw9KFHaCxwrathpbt8pRfKIf4GyZgwKIOHZIeQb9QuNAw8Uxez8Fkog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb20538c6070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/logo.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/logo.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 12579
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-3123"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARwsesaZ%2BPYyWVq6gLtziLJSvpjtsOvi3SnLAVVlFCSPjtv8tigPIvnzXz5YbeFXEne2pTqdbcyK3uJGRXBc%2BwrKz0QiYnIrrKsDMPtw45hjGLXRFJ3%2BS1nsc5DGGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb20538cb070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/locale-en.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/locale-en.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-dc"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajzFm4pB6nZ2hgfnBbgpIvlJaQzEAxBS2mLJF0nAtsypUhpqOm9TIT4UxVOkVQoqgMuvKHpEz6a3CuzJkYqbsJ0od9aQWuJAMYkpB5niFfG7IpwdvJ0gciiMuGVCtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb20538ca070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/arrow-down.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/arrow-down.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 51070
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-c77e"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTJwJyxQu7vp5xPJNefJsvBxPlevCPXbCLYNcW9mbbiDu0dW7nYy3bLzvW1HGEoQWx9SZO7oFFji6Q%2F7dcmKBIulgVM4xdylw9cM3DMcQ4PrxSYkyAQGDne%2BC5lCvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb20538cc070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/locale-es.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/locale-es.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 24647
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-6047"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41sB19S3%2BuZMQnW9DlebeSoTfhQHOj9e29ot%2Bosf52Mvst8ErwO5VBf96ZFhNepw%2Bsv2B3v6Sfm3vw58WcD8DmePpHQEkuGrWGo62ZmriIhPlsuueupgE5TADjlD%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb20538c9070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/locale-ar.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/locale-ar.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: text/css
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=52548
etag: W/"63ac510a-cd44"
expires: Tue, 10 Dec 2024 18:24:44 GMT
last-modified: Wed, 28 Dec 2022 14:22:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6039011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooCKQfKSvbEFXSj1RlWh1nDX6It2d0h%2F8sKdpky1bPuFwSBYvVQ%2FRvBOSFYfoGCeBU98dSlXZfvI%2FUnGz1K83%2BLVz7BRyRsJ2m6Da3vaZaiClkWysqH4tgle01eVxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb20538c2070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/js/layouts/base.js?id=c0d86b5cf94285825c0fac448a45514b

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /js/layouts/base.js?id=c0d86b5cf94285825c0fac448a45514b HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: application/javascript
cache-control: max-age=31536000
cf-bgj: minify
etag: W/"65775288-1a1d7"
expires: Tue, 10 Dec 2024 18:24:44 GMT
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3943452
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bg2FbOdOaPOg0DNO8Ev954%2BHgNpxLTTVRFQIZPy4mnasPbCfQ382cdej6Q1ub515RTOx%2FQ2SrNgN9xjLWre2XqFjorXr8XMYZFp23lFR451Q9%2Fu2Ztzp8SZKQSbfiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb205a932070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/locale-fr.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/locale-fr.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-d1"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yy0%2FGpsTwvOY7hlIQz9yef4sCu6ypl6F17mtKBFpuT%2FS%2FkizVLZxKwTUGJKWtNaZOQY0EXErHlnUn%2FF8gRFqt13BNiPR08cdHbdHXtQRCprK0k15GhXeUyQ5sLyMJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e96e070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/burger.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/burger.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 16411
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-401b"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bY9lL%2BKFfVjSzj4i3x6c1fkz%2FrY9Q1QJRP4hwssR9wuFidPwZTHLKKw19yIOR9Eg3Hqga%2FqhHnkuE7BkvGd%2BJeAz%2FBY5IL8oVk%2Fvg0FGHlL%2BrBYyXkZGV1seoHioFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e96c070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/x.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/x.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 409
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-199"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9TkN9X3Q%2B6NAyz5ROnMec9%2BHuDUNuYzW9%2FwSRZG8SgIRDEWA48MMwrteKw1aWf0YjC0yKzm%2BGEldfLm4y%2BMlku3RlHf4en5t2fb0oI%2BHeCXKR%2BGGfbi8BxUlnNVpQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e970070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/facebook-icon.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/facebook-icon.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-658"
expires: Tue, 10 Dec 2024 18:24:43 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038859
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8JMINoKFg0yYOEy%2BgTiM6zN8JpA9lytj0sVMVaZG65tCyZkhKEGjoSIM5YpjEr01exYWeiFH4nAEUA1CDpW0OaRAYn5h54esGwIusdw1BNJWUkLBqVqnxLPaGyE6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e973070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/twitter-icon.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/twitter-icon.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 227769
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-379b9"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nuKjZrdVUtiQZ7Ew7fqVO8n204NKOmbVkfpOnZIKed1DBtvRVW%2BD5WotI3T5KH9E0mrSigO3sR3AZHsx2K42WcgnzdD9%2B%2FjlMHdTdudhINCJI9d1wcc2ur%2F1E5UKYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e972070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/linkedin-icon.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/linkedin-icon.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 809
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-329"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltOgW%2BVuf4h8o2HiMplSLxCdHch7RReqiDRNavq9jbfza%2BRlTAVqB7YoWVVu4Bh%2FU20IcE46oR7Fth9RBIWt6zCpBfSgzaNt5nblF%2F3hZloZKJiaUArSrRLVMCaqjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e971070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/step-1.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/step-1.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-cf"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4jcXsdkLJ8Ct%2B1kD4aMRBczIq2VTXRb%2BZRJzOHQijV6Sq0aSpBOqtE9l7M3ge4BtmWR7mMWJIXLTs0rfQZpJzFfgG2kkG%2BjG7QcEasQe1Gzj34jpelTt5MT%2B8U91Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e96d070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/step-2.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/step-2.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 24721
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-6091"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LL71bSwCQ4TBI5yRBScMVGDSBRHyol0oSScu97ijmbcry2ztd8GnJcOOsPWPNe5DFUUJIByxMEQ%2FkZGVTExtCQeBpgcDYs10AYLD2%2FS46UAEdMzuZYa3%2Bjw8yvOjmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e97b070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/step-3.svg

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/step-3.svg HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-607"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038859
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIZNdNE89XtgSniJDvtpQh2Si1Q2oa1IXTfc8fMFi38A4mqRLhwit%2BgDlUYfdijUtnK%2BHPv6jP5QBmfiAWjzf1qx%2FjxsOv4Us28%2F10MNHTlgZx%2FI0crCwHWt1SVNcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e974070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/money-tree.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/money-tree.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 27646
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-6bfe"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqSD0Byv0PAQOfrawwaLMgrTPDVcERZvuR%2B7RdnY94JSwrX8nlOvGq81RKNQUbSaXnEd1zu4l5owb89A6HjaQ5ByZHoU61KXrxa3lophkYOSAZkAI1Q7wTporqH1kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e977070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/bitcoin.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/bitcoin.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 1390
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-56e"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VveqDBuTNRQjNiLWBpoqPWwLOgJy16P%2F5Khw0nEIS72A3PXqdkxN3VZVKUgn9W4wn0gQqqoe4mZaArEKwBuC8Wq6g5q55GYuAtMCz8mke5Nxmthbh54TQehBqY79Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e97a070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/payeer.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/payeer.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 67278
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-106ce"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nxje3GCTnMbU4xR0%2F0zSWvo5D%2Bo7tX3bmuKJWgId46%2Ba5sI9E14%2BkIqgTr06aXo%2F6H%2FvH%2FKTydDEsojC8I%2BKEQwN2tneQtK7xWI4x0aL7oYBJevJYQYu5KvnKOjZng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e981070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/paypal.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/paypal.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 8141
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-1fcd"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8PI%2BWsv9wklSvHGq7XnnBPfo2KJt%2FIPZtYe6B3Iw%2F0W7ZX3mxgU%2BmHTIp7zmVBzCX94bUi1Bo6NU7IchFlVsW7T%2FBB0RPVIhNXuEsdTGvju3Rsbq9iUkl7k3PJ%2B%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e97f070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/perfectMoney.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/perfectMoney.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: application/javascript
cache-control: max-age=31536000
cf-bgj: minify
etag: W/"65775288-bd5"
expires: Tue, 10 Dec 2024 18:24:44 GMT
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6039011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRV57bx04m4zWk18luakMNgGUydAAC8LMb8EOzW7pGwEVZl54xkIxbwvWtu6eP3kOeXOXA8z1q8PDXd2br5P6bo0SDf32mSnJTOCANrnyhx0r4279n%2Fs%2FsDGpSYn0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb205e983070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/advcash.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/advcash.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 202386
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-31692"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GrLbTZtGjg20zcHuezzhBI92g1euLbK01ArFkwcKSUg2lm15sMLEiwyvxpXFxcWsPp4Sw%2FiN8huzT%2BygAFdV7NslfUoDPxgKdn%2Bc68%2FL%2FMioDQY4qPiFn10hfHt2ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e97d070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/airtm.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/airtm.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 1558
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-616"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iwJRyOCdUF8%2FUeLUBz75summOht2xOJkSRTf1wazjd1i%2Bz6oSblp7YQr3YAxfIRsNAiuxaucymi7Ue9krkPpNgZLhLQtUw8%2BdWoFCTIvpP9mb16pNlAANyH%2BVOtsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e980070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/usdt.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/usdt.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: application/javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=24436
etag: W/"65775288-5f74"
expires: Tue, 10 Dec 2024 18:24:44 GMT
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6039011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkEPMyKzWUuSpKCiWE4Ilmc6rjPlNWbwOd%2F%2BrKcDzBkx1KB9Vph%2B8xo5KJBQHq0JX4lVOj6FtqODXxLQI%2Fj0Xp2DEwlTAke70BaHKLhi0duol22dsf9y1dazQFzAiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb205e982070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/js/public/links/first.js?id=f4f40786c2f5a4811aab233657310538

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /js/public/links/first.js?id=f4f40786c2f5a4811aab233657310538 HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/svg+xml
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-45b"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJBhk5Py7mjElscvctO4P86gdp2jfedKmCXo6x9ZpSJ6%2BsN2QIgWqT%2BAj5b6o%2B01HzOphRFuC4Rulf5XCpxW5QIir1GXcAsBWE5Ro12eYg2KOXkXx%2BV8GANbCC3Icg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e975070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/js/public/layouts/_partials/nav-links.js?id=c574008a4f65b56db91ee9ebcec8bc7f

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /js/public/layouts/_partials/nav-links.js?id=c574008a4f65b56db91ee9ebcec8bc7f HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: application/javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=344089
etag: W/"65775288-54019"
expires: Tue, 10 Dec 2024 18:24:44 GMT
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6039011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L7GYPGjaJbCFedjHlfSD74YXBeDR0KLV2dRClFjYC4vaM053E84vEgV%2FAZIbDdIXNiE%2BwixtJYWr18D93W6pE56fOPLPx4oG63GgzAPWrKZ1cSKBJlCkslV8naaGuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb205e984070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/js/public/layouts/app.js?id=413725349eaa53956714377fb2a85476

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /js/public/layouts/app.js?id=413725349eaa53956714377fb2a85476 HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 30766
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-782e"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FgdP%2F9NNoH239B09ISgNWy1g%2FqQF88Q0%2FRsVuBH7NGA0OK0OOo5%2FVIPyv7DUfY5KC%2BPXWkSMaYaG8GnVjP1eLtr0C28VQh0ZqG9O9GQoNP3YXzAIWqBxQJrJQyHiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb205e978070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/public/heading-background.png

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/public/heading-background.png HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cdn.cuty.io/css/public.css?id=a66d1b3f490ee5b9c79bc9f7135b2531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:39 GMT
content-type: image/png
content-length: 107203
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: "65775288-1a2c3"
expires: Tue, 10 Dec 2024 18:24:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038752
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AR0U%2FKRklD679NPcUuQqU5V0GD1Z3w3qXFaSbTvp9krtbdnM4KetImR6qJiNB2KT02E940E7X02E0Us8aiDgGXIVaZu7iaghhssVMDwkkT8IswG3sXHJke2CCz9CeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb20659c0070a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/images/shared/favicon.ico

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /images/shared/favicon.ico HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:42 GMT
content-type: image/x-icon
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
etag: W/"65775288-3ed"
expires: Tue, 10 Dec 2024 18:24:46 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6038748
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S21DRvSUKVUpTez1ksDFjVMZ7j4B6XzdwGctbGQlR2b23OJnAIG0qlQ%2FtjeqCQVLiqms6QCMIJtwoddBGBl7hXwo%2BGfn9DKiKSXj4peEKhVvJszxEtcylMjwyQtV1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb216f9c7070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/js/public/links/captcha.js?id=1d91e9f85ef6106056e74752e62e6eaa

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /js/public/links/captcha.js?id=1d91e9f85ef6106056e74752e62e6eaa HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: application/javascript
cache-control: max-age=31536000
cf-bgj: minify
etag: W/"65775288-56cf"
expires: Tue, 10 Dec 2024 18:24:45 GMT
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6038964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R9T77acIHf7qrqlUSEexliYUcCe24CXWYmjT%2BtYISnAIQ03GQTpjBgovOyNyVYnrf2qPJDCmDzsGlxn7OBYYPb36IXVdfTTR85Q5Cyo%2BTyL8REzOnzXo7Tx6Vkthxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2795d23070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://cdn.cuty.io/js/public/links/last.js?id=a134a4eacdff5c446f812be003f81083

msedge.exe

Remote address:

172.67.139.32:443

Request

GET /js/public/links/last.js?id=a134a4eacdff5c446f812be003f81083 HTTP/2.0
host: cdn.cuty.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:57:21 GMT
content-type: application/javascript
cache-control: max-age=31536000
cf-bgj: minify
etag: W/"65775288-12216"
expires: Tue, 10 Dec 2024 18:24:43 GMT
last-modified: Mon, 11 Dec 2023 18:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6039041
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX2L7%2FsFiMpODhwJf3AmLvxJETMiC0xa27RbZLaYTU8FB94SDApqb8%2FXTx8iNFhweD79lcbCK1uat1aUE8Bx%2BXQQY4unkcVFnKxOqRIgME7rd2rOn99ZDrJVQe7oAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb47eba29070a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.184

a1952.dscq.akamai.net

IN A

96.17.179.205
DNS

117.15.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.15.26.104.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

96.17.179.184:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 19 Feb 2024 16:55:39 GMT
Date: Mon, 19 Feb 2024 15:55:39 GMT
Connection: keep-alive
DNS

glersakr.com

msedge.exe

Remote address:

8.8.8.8:53

Request

glersakr.com

IN A

Response

glersakr.com

IN A

139.45.197.239
GET

https://glersakr.com/5/6966799/?oo=1&aab=1

msedge.exe

Remote address:

139.45.197.239:443

Request

GET /5/6966799/?oo=1&aab=1 HTTP/2.0
host: glersakr.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:40 GMT
content-type: text/javascript; charset=utf-8
content-length: 26238
content-encoding: br
x-trace-id: 9a91779ea4b1c2bbea2b959b8b2da7d8
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 19 Feb 2024 14:18:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://glersakr.com/tag.min.js

msedge.exe

Remote address:

139.45.197.239:443

Request

GET /tag.min.js HTTP/2.0
host: glersakr.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:40 GMT
content-type: application/json
x-trace-id: 5a09a989857b82adfbd9e1f4476727ec
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://exego.app
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:40 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358140; expires=Tue, 18 Feb 2025 15:55:40 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
GET

https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&m=link

msedge.exe

Remote address:

139.45.197.239:443

Request

GET /?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&m=link HTTP/2.0
host: glersakr.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=008007a0b2424049e48148b9306bbc3a
cookie: oaidts=1708358140

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:41 GMT
content-type: application/json
x-trace-id: f56745dd7eadf7f2fb611bb1bcf8d6f6
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://exego.app
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:41 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358141; expires=Tue, 18 Feb 2025 15:55:41 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=true; expires=Mon, 26 Feb 2024 15:55:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
POST

https://glersakr.com/cat.php?userId=008007a0b2424049e48148b9306bbc3a&zoneid=6966799&rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j

msedge.exe

Remote address:

139.45.197.239:443

Request

POST /cat.php?userId=008007a0b2424049e48148b9306bbc3a&zoneid=6966799&rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j HTTP/2.0
host: glersakr.com
content-length: 2149
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=008007a0b2424049e48148b9306bbc3a
cookie: oaidts=1708358141
cookie: syncedCookie=true

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:45 GMT
content-length: 0
x-trace-id: 0754b1244c81c596d2c3e05fbc8fa141
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://exego.app
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&m=link

msedge.exe

Remote address:

139.45.197.239:443

Request

GET /?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&m=link HTTP/2.0
host: glersakr.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=008007a0b2424049e48148b9306bbc3a
cookie: oaidts=1708358141
cookie: syncedCookie=true

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:45 GMT
content-type: application/json
x-trace-id: 1973e5b929b052988f4bdd2cee9218a6
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://exego.app
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:45 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358145; expires=Tue, 18 Feb 2025 15:55:45 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=true; expires=Mon, 26 Feb 2024 15:55:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
GET

https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&af=1

msedge.exe

Remote address:

139.45.197.239:443

Request

GET /?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&af=1 HTTP/2.0
host: glersakr.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=008007a0b2424049e48148b9306bbc3a
cookie: syncedCookie=true
cookie: oaidts=1708358145

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:52 GMT
content-type: text/html; charset=utf8
x-trace-id: 59e877ba70fb503fd8633952bb37515d
link: <https://yourfreshjournal.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:52 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358152; expires=Tue, 18 Feb 2025 15:55:52 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=true; expires=Mon, 26 Feb 2024 15:55:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

22.134.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.134.16.104.in-addr.arpa

IN PTR

Response
DNS

204.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.178.17.96.in-addr.arpa

IN PTR

Response

204.178.17.96.in-addr.arpa

IN PTR

a96-17-178-204deploystaticakamaitechnologiescom
DNS

0.170.109.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.170.109.23.in-addr.arpa

IN PTR

Response
DNS

232.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.179.250.142.in-addr.arpa

IN PTR

Response

232.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f81e100net
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

226.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.179.250.142.in-addr.arpa

IN PTR

Response

226.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f21e100net
DNS

32.139.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.139.67.172.in-addr.arpa

IN PTR

Response
DNS

184.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.179.17.96.in-addr.arpa

IN PTR

Response

184.179.17.96.in-addr.arpa

IN PTR

a96-17-179-184deploystaticakamaitechnologiescom
DNS

239.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.197.45.139.in-addr.arpa

IN PTR

Response
DNS

my.rtmark.net

msedge.exe

Remote address:

8.8.8.8:53

Request

my.rtmark.net

IN A

Response

my.rtmark.net

IN A

139.45.195.8
DNS

sr7pv7n5x.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sr7pv7n5x.com

IN A

Response

sr7pv7n5x.com

IN A

212.117.190.201
DNS

propeller-tracking.com

msedge.exe

Remote address:

8.8.8.8:53

Request

propeller-tracking.com

IN A

Response

propeller-tracking.com

IN A

139.45.197.240
DNS

fundingchoicesmessages.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.16.238
DNS

region1.google-analytics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
GET

https://my.rtmark.net/gid.js?userId=008007a0b2424049e48148b9306bbc3a

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=008007a0b2424049e48148b9306bbc3a HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://exego.app
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/gid.js?userId=3eb58d3cffc186a0c1fd66c22c32cdc1

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=3eb58d3cffc186a0c1fd66c22c32cdc1 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=008007a0b2424049e48148b9306bbc3a

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473434150834707&var=6966799

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473434150834707&var=6966799 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=008007a0b2424049e48148b9306bbc3a

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473481261256721&var=6966799

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473481261256721&var=6966799 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=008007a0b2424049e48148b9306bbc3a

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=008007a0b2424049e48148b9306bbc3a; expires=Tue, 18 Feb 2025 15:55:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://fundingchoicesmessages.google.com/i/339263271?ers=3

msedge.exe

Remote address:

172.217.16.238:443

Request

GET /i/339263271?ers=3 HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-GGDCMPL4QP&gtm=45je42e0v869225560za200&_p=1708358139418&gcd=13l3l3l3l1&npa=0&dma=0&cid=740424307.1708358140&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358139&sct=1&seg=0&dl=https%3A%2F%2Fexego.app%2FnlwWO&dt=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2105

msedge.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-GGDCMPL4QP&gtm=45je42e0v869225560za200&_p=1708358139418&gcd=13l3l3l3l1&npa=0&dma=0&cid=740424307.1708358140&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358139&sct=1&seg=0&dl=https%3A%2F%2Fexego.app%2FnlwWO&dt=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2105 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.204.66
DNS

66.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.204.58.216.in-addr.arpa

IN PTR

Response

66.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f21e100net

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f66�G

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f2�G
DNS

3.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.169.217.172.in-addr.arpa

IN PTR

Response

3.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f31e100net
DNS

201.190.117.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.190.117.212.in-addr.arpa

IN PTR

Response
DNS

240.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.45.139.in-addr.arpa

IN PTR

Response
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f14�I
DNS

8.195.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.195.45.139.in-addr.arpa

IN PTR

Response
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
GET

https://lh3.googleusercontent.com/tndHyatuJbmTJ0i1gxyG5r2Xy1mDwK-cZUkN8E3FMrZe40ySlgfn-JOsQzxl3fwBGf92szr9BwgYmuIKwzradwzZ5f9Daez99PWtfzSCv13VK_NMl3SkIw=h60

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /tndHyatuJbmTJ0i1gxyG5r2Xy1mDwK-cZUkN8E3FMrZe40ySlgfn-JOsQzxl3fwBGf92szr9BwgYmuIKwzradwzZ5f9Daez99PWtfzSCv13VK_NMl3SkIw=h60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f11e100net

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f97�G

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1�G
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

yourfreshjournal.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yourfreshjournal.com

IN A

Response

yourfreshjournal.com

IN A

172.64.132.4

yourfreshjournal.com

IN A

172.64.133.4
GET

https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM; expires=Mon, 19-Feb-2024 16:55:46 GMT; Max-Age=3600; path=/
set-cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1; expires=Mon, 10-Apr-2079 07:51:32 GMT; Max-Age=1739980546; path=/
set-cookie: oaidts=1708358146; expires=Mon, 10-Apr-2079 07:51:32 GMT; Max-Age=1739980546; path=/
set-cookie: syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8odjhEDfTr7p%2FrDVm72DdT9yrMMy9fWKkg2MXsdr9DsfRU61MOIZXyXVhui%2FtxGwVqcr0FTXCZOzMbWwdvhoOjj4%2B9sZugeSUdrAHtoFf6zCaEoE26xt0BrSz5zjYIUs3u8l%2BZDxRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22c9971527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=783473434150834707&var=6966799&sw=/sw-check-permissions/4662709&uhd=1

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /pfe/current/micro.tag.min.js?z=4662709&ymid=783473434150834707&var=6966799&sw=/sw-check-permissions/4662709&uhd=1 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: oaidts=1708358146

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QcWM7N9C6WGPgIaWX0LnMARNsHvxFbdVcGb0P%2F7WIo5qEmq16WEcelzEBKPsmkpGeFoYK7STGYtFWvXFhJcPxM%2Bseq0UGEPoMsf4%2BL8lox%2BatFWOHhqdTTKCkaybibR6hRLCRrvDZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22dba86527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0&mprtr=1&os_version=10.0

msedge.exe

Remote address:

172.64.132.4:443

Request

POST /?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0&mprtr=1&os_version=10.0 HTTP/2.0
host: yourfreshjournal.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: oaidts=1708358146

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/javascript
last-modified: Mon, 19 Feb 2024 15:02:29 GMT
vary: Accept-Encoding
etag: W/"65d36d85-833a"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HuySBBtksXy5WUgREHSRQyIJkrnyDn4dLTzhPo%2BPgKGgrC0bUTChWxfWIBLzX753dpyAUHcdbMJ%2Fu1T6wfHxUeJw5ilJO2w%2BS%2FuroMkb2sNer%2BwKe6a8tXYx6H25Pl6cmPy03R5t%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22d8a56527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/19/4662728/?abt_opts=1&var=6966799&var3=783473434150834707&ymid=&rhd=1&os=windows&os_version=10.0

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /19/4662728/?abt_opts=1&var=6966799&var3=783473434150834707&ymid=&rhd=1&os=windows&os_version=10.0 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: oaidts=1708358146

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: e28a1690da24745a591daf713ec5efc9
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1; expires=Tue, 18 Feb 2025 15:55:46 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358146; expires=Tue, 18 Feb 2025 15:55:46 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXEuk%2BDIm20QKxdC04qBb99We6JsVjPLmzlQwWBuVfUN53EqCOIi0N%2B94HTh6RVjPNVe%2FOs1vIYtIV52lf4Kk%2Fh3RmGv5e0sazZMLQ1bl5LI4plSgx43%2Fd3f6vioF75a9A4JyyXlOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22dca9e527e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/sw-check-permissions/4662709?var=6966799&ymid=783473434150834707&uhd=1&zoneId=4662709

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /sw-check-permissions/4662709?var=6966799&ymid=783473434150834707&uhd=1&zoneId=4662709 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvkLudkv4%2FtFER0rxoq2qZASIjWmMH8Pc%2FgmU0Q%2BfyzqNH41booIg3%2FmHTBxXq0SedkdZPCLy8Vu5rSTlBWMGID9VXTt%2FX3sUy6acdAbGBmX702GEypfc4lQZw0WOGo%2Bck6HZZh0VA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22e4b27527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473434150834707&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=114a4dd2-69d4-47c0-85aa-0a946106c08d&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

msedge.exe

Remote address:

172.64.132.4:443

Request

POST /zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473434150834707&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=114a4dd2-69d4-47c0-85aa-0a946106c08d&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ== HTTP/2.0
host: yourfreshjournal.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-length: 0
x-trace-id: b3bea76068413132cc326e682b5ad5b3
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T3p%2BdIbkw%2BnICA5aU9%2B1jzsbHP0dkVhR8IQ8ffcbZOOivXNL4S6a2y37NuZaNypBjYzVPui8qtwhvXKcp1FduqudHwECb3qy8M1agky06zGFUL8P1T68qWTiE1XU8WIlr0uBw9RWFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22e5b38527e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/favicon.ico

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /favicon.ico HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:55:46 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LcN4B5%2B1hSpa8TI2ummjz9x6IxLhlitCCBCubhgeZvEvCIePLeMTev3KH8JtF53nQECNv6b0D9ODhVma7G6jdBudyWZ%2FkHYXkzqWDRc3c%2B1UDK0FHDdGktsWT3UwmtOssUZQz7sNeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb22ecba5527e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473434150834707&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=114a4dd2-69d4-47c0-85aa-0a946106c08d&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473434150834707&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=114a4dd2-69d4-47c0-85aa-0a946106c08d&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ== HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 2e0e217f7edf675a148ebcab6e8a82be
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t03K5nryQvlhUFmVt4ULEysYPU3FNdpv754xsS4XKMsNS21%2BLsSe%2FHpFIIY1EPiG4JHg1bHhOadTym566F%2FKVvJvZyTsq3UEJpmKSlm8Yts6oYb%2FJBD%2BpK4npkevZDgGI3utV32j2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb22f4c10527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=nm7o6KgSGyYMxW_mt9ioVA-un1l7-Ho9Ru50UptsQHM
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk; expires=Mon, 19-Feb-2024 16:55:53 GMT; Max-Age=3600; path=/
set-cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1; expires=Mon, 10-Apr-2079 07:51:46 GMT; Max-Age=1739980553; path=/
set-cookie: oaidts=1708358146; expires=Mon, 10-Apr-2079 07:51:46 GMT; Max-Age=1739980553; path=/
set-cookie: syncedCookie=true; expires=Sat, 16-Apr-2078 07:51:46 GMT; Max-Age=1708962953; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRXHGXWpf2FvH8Ez8XoeeC3ScHK%2FSaiQ5WU2AmqvvXcTwUFPG1Vn%2FNd%2FuXeMBRwEVrX54mnajjZ1JkLmuxuFBnDt9KuDKU13zjrtgcOsTxXU11OLwYbO5L%2FeMS2qXGFyut4ZHKz7%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2584c2e527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=783473481261256721&var=6966799&sw=/sw-check-permissions/4662709&uhd=1

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /pfe/current/micro.tag.min.js?z=4662709&ymid=783473481261256721&var=6966799&sw=/sw-check-permissions/4662709&uhd=1 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/javascript
last-modified: Mon, 19 Feb 2024 15:02:30 GMT
vary: Accept-Encoding
etag: W/"65d36d86-833a"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWkEKyzDSkDGq2ebW4HSHQjZH%2FYBE1yqIItz2ef0jT46VbEG49h1F8cDIW%2BqxDSCw0xfTLGbnTgBsG9DXrBVvmDmc8%2BVWCT92MYFG0d6S9bBz9Cf4%2BJY2gmsRJarSs5Z3VrMUwoeqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2592cfb527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0&mprtr=1&os_version=10.0

msedge.exe

Remote address:

172.64.132.4:443

Request

POST /?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0&mprtr=1&os_version=10.0 HTTP/2.0
host: yourfreshjournal.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 72d19d6786bc75ccb869ff97b5db42a5
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1; expires=Tue, 18 Feb 2025 15:55:53 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358146; expires=Tue, 18 Feb 2025 15:55:53 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U82PgNl0FLcYS2oZ62evPdlqu2B9J1ti5%2BZz5iEcmRjTv2XUitqZe%2FyOET3ivgAtCY6h1qAxxtaqCQoQHBijsgPt2Q%2B0mZl%2FawDH%2BOsZXbqx84UtG4gVVQ9OxFHGFid8vJJ6Nqbz8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2594d11527e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/19/4662728/?abt_opts=1&var=6966799&var3=783473481261256721&ymid=&rhd=1&os=windows&os_version=10.0

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /19/4662728/?abt_opts=1&var=6966799&var3=783473481261256721&ymid=&rhd=1&os=windows&os_version=10.0 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtopiKYnELGkyKxLtIsSKV69XpuYKwty6BqQ%2BySX1AGE7B22l3GsBzoKhCQiFqsuI53ettquJBUwi8XTF8%2BEUmN3uGKd5vHb1TDDchV%2FmQGLECeW4%2BPNPErsxT4O9o%2FZ5Rm2V%2BX9WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2594d0e527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/rhd?rb=aXYD2wvsEAX0KjNnK9N7eJwAQ8fT8E3d39ORFHZSQk74totmA4xGFwMfSiTF7YztfHHeVsQ3kkeKrUJP7Xh9kBeuTDeCkfr1oD64o1EkiPH4i0vF6yy1gbFuXpdiYYk7GesiQ76vRAgkTQw7z9ZcmV4Qm43-xzQdiPoI_BW9MALs95ASlKyjfUV-tRb0rYdR6I7hDEvnTrMRl84tnmZB_1VHSX58pSFQD7EQV9Nf1b2XNNjVdPk9GhQufkCl-6qUpfh3O2-zsJ-nQ5co4dCYasfR2aHU2w5VB_h_0hSCYHIBn7pPoL7c5ZBaswTphrMFz-hwzzKdfZiwqcX7719w9_jgV3g_O7XRf18nBzgKnhjBMQEdvSL_aTFyAXlASzlZOhSYZlTW7qUR0y5T_cB1Wl-yAEHaAur1QlxD_4-RIVk2KuB7m_CXS7rHVRzHc4Il0p9YtimnBJXMwn5mWqlKkYWx_utdkm6J_VFxCnGQWLbYldt-7J3m0IUEDz66mDCB8GsAfmJ4Zb3Vtta_5YE_LARYvV5JyIWpzMRdRIdRaOpAHhBegkkoNOvSpdo%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1280&wih=609&wiw=1280&wfc=0&pl=https%3A%2F%2Fyourfreshjournal.com%2F%3Fs%3D783473481261256721%26ssk%3D5b14010e70707f8b40162eefcffae4d3%26svar%3D1708358152%26z%3D6966799%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3DUTC%26bto%3D0&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6966799&var3=783473481261256721&ymid=&rhd=1&os=windows&os_version=10.0&m=link

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /rhd?rb=aXYD2wvsEAX0KjNnK9N7eJwAQ8fT8E3d39ORFHZSQk74totmA4xGFwMfSiTF7YztfHHeVsQ3kkeKrUJP7Xh9kBeuTDeCkfr1oD64o1EkiPH4i0vF6yy1gbFuXpdiYYk7GesiQ76vRAgkTQw7z9ZcmV4Qm43-xzQdiPoI_BW9MALs95ASlKyjfUV-tRb0rYdR6I7hDEvnTrMRl84tnmZB_1VHSX58pSFQD7EQV9Nf1b2XNNjVdPk9GhQufkCl-6qUpfh3O2-zsJ-nQ5co4dCYasfR2aHU2w5VB_h_0hSCYHIBn7pPoL7c5ZBaswTphrMFz-hwzzKdfZiwqcX7719w9_jgV3g_O7XRf18nBzgKnhjBMQEdvSL_aTFyAXlASzlZOhSYZlTW7qUR0y5T_cB1Wl-yAEHaAur1QlxD_4-RIVk2KuB7m_CXS7rHVRzHc4Il0p9YtimnBJXMwn5mWqlKkYWx_utdkm6J_VFxCnGQWLbYldt-7J3m0IUEDz66mDCB8GsAfmJ4Zb3Vtta_5YE_LARYvV5JyIWpzMRdRIdRaOpAHhBegkkoNOvSpdo%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1280&wih=609&wiw=1280&wfc=0&pl=https%3A%2F%2Fyourfreshjournal.com%2F%3Fs%3D783473481261256721%26ssk%3D5b14010e70707f8b40162eefcffae4d3%26svar%3D1708358152%26z%3D6966799%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3DUTC%26bto%3D0&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6966799&var3=783473481261256721&ymid=&rhd=1&os=windows&os_version=10.0&m=link HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk
cookie: prefetchAd_4662728=true

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 1fd89be23a3dc96b0bc0df372693f5c5
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1; expires=Tue, 18 Feb 2025 15:55:53 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1708358146; expires=Tue, 18 Feb 2025 15:55:53 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phUiKwcSnrtTcI%2FFucXb5m9D2iGuVW457trnBf5ZcyeYSY6gRp6Ceryw0b384Qd6a6zOzJflXiF4Fiw1D8m6WPGNrt7Due%2FJkCe1pIBwC7zVgHUEMUj%2BK6B2YQQoJRMuFZtYdFIGow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb259dd9b527e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/sw-check-permissions/4662709?var=6966799&ymid=783473481261256721&uhd=1&zoneId=4662709

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /sw-check-permissions/4662709?var=6966799&ymid=783473481261256721&uhd=1&zoneId=4662709 HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk
cookie: prefetchAd_4662728=true

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4qulV%2BlUwoZb%2ByqwoRTvh4gT3DgAebr9lDpm8AF0WqM7Ct4UmPhf%2FviFZRgYbWJhKiMQfaCgehB%2FzJCp5IKfqTK4O9nx6Ee3CtnbdBhAMULNBYnUWqWKtyADOVTHRdDqfSRyT4reA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb259fdb9527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

msedge.exe

Remote address:

172.64.132.4:443

Request

POST /zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ== HTTP/2.0
host: yourfreshjournal.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk
cookie: prefetchAd_4662728=true

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-length: 0
x-trace-id: 5cf577ed7ae609808d4d15099e14d828
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d0ZbtJvfBOryTN1fbxNNV9XInOYo%2FJiL9YBWEnVmmV0C6TtnOy59iGplB%2Bz7WFx3LPmkGQtekYLKfXqgoiETG8uUgOurw85jxfc%2FiE2FrrVKmIDMECbYeEl9LLDcYg53kBEiP1XA6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb25a1dc2527e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

msedge.exe

Remote address:

172.64.132.4:443

Request

GET /zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ== HTTP/2.0
host: yourfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: oaidts=1708358146
cookie: syncedCookie=true
cookie: OAID=3eb58d3cffc186a0c1fd66c22c32cdc1
cookie: reverse=QJfFKKkokOgMzLy0ALbWUuB6YX2j9YDm88t2QCwN8mk
cookie: prefetchAd_4662728=true

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: faaff18cbb4463e26dc0daf4ff8cf8b1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIoqNe0SrA0OWHLAKmhMUzBXMFZGI4oy6z7IHwrI9OxXrzbtBYNZXuhVBgaXJlGLc9lr7zM4dzumT9eQbNHvIZDCJGwvtZEZDgoeZmpsYZzIMhkeW2blb0%2F5TIigK7qXP%2F17jCZiYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb25a7e1d527e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

tzegilo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tzegilo.com

IN A

Response

tzegilo.com

IN A

172.67.193.52

tzegilo.com

IN A

104.21.11.245
DNS

tzegilo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tzegilo.com

IN A

Response

tzegilo.com

IN A

172.67.193.52

tzegilo.com

IN A

104.21.11.245
GET

https://tzegilo.com/stattag.js

msedge.exe

Remote address:

172.67.193.52:443

Request

GET /stattag.js HTTP/2.0
host: tzegilo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:46 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5379
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1F2iH9NyRyM9DmJC6USUhiOx7nTvbk3%2F85%2BSs0ARysf2hwBcRxLZ8mN0w6A8s0gD9m3Fb1ktfxOMraxGCSCsYrZoB3hSVnJujTfn4VbTfFsA8lNmvzcn1nP6OBbFuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb22ecf4d63cb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

jouteetu.net

msedge.exe

Remote address:

8.8.8.8:53

Request

jouteetu.net

IN A

Response

jouteetu.net

IN A

139.45.197.251
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 445
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7b8d45ec4a80709ff7c406a509548d2d
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 447
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1fbb857e8e7c246768617273ebfaf17e
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 464
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bb1a9a8863560b73c75fc691a61c3a7f
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 448
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a4ef815943967ba4a6088a9bd066dc6d
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 450
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6593b72e08d9f78e917a824e4019a39f
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 449
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c3e8a4433427c6b068e14e8892336e40
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 457
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c1ecb3e621baf83df4de30b156c6fa41
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 470
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 890e33933041751fadbd1c4c15d433f8
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 457
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:51 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 94f7fc0fafe993587a0bce57678f7031
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 481
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:51 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b977b7d6af7a5feb9297fd85a013b521
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 445
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9f4190d9d4783e4767345c6e0b9e7730
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 448
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d9274e6ff513223e2633d3c1900780fc
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 447
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1e5941a12f9f62af393962143c1320b3
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 449
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 870833b5ab3fd78f1bb5c0956e581f86
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 450
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7b1d3ba66d6edff3242ab10a05ab8949
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 457
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9fbf7b42dea387b7d66b8623198b6735
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 463
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 84bc4b0db39dc7764ca754a96d16c95f
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 470
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://yourfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://yourfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ec4a2541c994d50e7a459c858b76cca8
access-control-allow-origin: https://yourfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
DNS

flerap.com

msedge.exe

Remote address:

8.8.8.8:53

Request

flerap.com

IN A

Response

flerap.com

IN A

139.45.195.254
DNS

fleraprt.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fleraprt.com

IN A

Response

fleraprt.com

IN A

139.45.195.254
DNS

fleraprt.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fleraprt.com

IN A
DNS

4.132.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.132.64.172.in-addr.arpa

IN PTR

Response
DNS

52.193.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.193.67.172.in-addr.arpa

IN PTR

Response
DNS

251.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

251.197.45.139.in-addr.arpa

IN PTR

Response
DNS

254.195.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.195.45.139.in-addr.arpa

IN PTR

Response
DNS

datatechonert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

datatechonert.com

IN A

Response

datatechonert.com

IN A

37.48.68.71
DNS

datatechonert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

datatechonert.com

IN A
POST

https://datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8051033a-0c0d-49d6-ba19-45ac78b2a0c7

msedge.exe

Remote address:

37.48.68.71:443

Request

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8051033a-0c0d-49d6-ba19-45ac78b2a0c7 HTTP/1.1
Host: datatechonert.com
Connection: keep-alive
Content-Length: 1977
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://exego.app
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://exego.app/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.19.10
Date: Mon, 19 Feb 2024 15:55:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://exego.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
DNS

71.68.48.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.68.48.37.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com

IN A

Response

ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.204.65
GET

https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

tpc.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

216.58.212.225
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

msedge.exe

Remote address:

216.58.212.225:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

65.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.204.58.216.in-addr.arpa

IN PTR

Response

65.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f11e100net

65.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f1�G

65.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f65�G
DNS

s0.2mdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

s0.2mdn.net

IN A

Response

s0.2mdn.net

IN A

142.250.179.230
GET

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

msedge.exe

Remote address:

142.250.179.230:443

Request

GET /879366/html_inpage_rendering_lib_200_278.js HTTP/2.0
host: s0.2mdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

bucket.cdnwebcloud.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bucket.cdnwebcloud.com

IN A

Response

bucket.cdnwebcloud.com

IN A

52.84.174.16

bucket.cdnwebcloud.com

IN A

52.84.174.53

bucket.cdnwebcloud.com

IN A

52.84.174.123

bucket.cdnwebcloud.com

IN A

52.84.174.15
DNS

bucket.cdnwebcloud.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bucket.cdnwebcloud.com

IN A

Response

bucket.cdnwebcloud.com

IN A

52.84.174.53

bucket.cdnwebcloud.com

IN A

52.84.174.16

bucket.cdnwebcloud.com

IN A

52.84.174.15

bucket.cdnwebcloud.com

IN A

52.84.174.123
DNS

225.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.212.58.216.in-addr.arpa

IN PTR

Response

225.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f11e100net

225.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f1�H

225.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f225�H
DNS

230.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.179.250.142.in-addr.arpa

IN PTR

Response

230.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f61e100net
DNS

googleads4.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads4.g.doubleclick.net

IN A

Response

googleads4.g.doubleclick.net

IN A

172.217.169.66
DNS

pubtrky.com

msedge.exe

Remote address:

8.8.8.8:53

Request

pubtrky.com

IN A

Response

pubtrky.com

IN A

104.21.8.108

pubtrky.com

IN A

172.67.188.110
GET

https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=279148819&ord=3229820468

msedge.exe

Remote address:

52.84.174.16:443

Request

GET /n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=279148819&ord=3229820468 HTTP/2.0
host: bucket.cdnwebcloud.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Fri, 20 Dec 2019 13:03:10 GMT
server: AmazonS3
content-encoding: gzip
date: Mon, 19 Feb 2024 11:42:36 GMT
etag: W/"9748fb959a7ee41d8aebb52473ace3d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7279057aafa9070c677136c3d9c68912.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
x-amz-cf-id: 0MoMc_iJEn3bqpA1IdMGXWr2tdI-lUdBu6KdZjip_Ijl6iK2Wmfdxg==
age: 15202
GET

https://bucket.cdnwebcloud.com/noah.min.js?1708358156245

msedge.exe

Remote address:

52.84.174.16:443

Request

GET /noah.min.js?1708358156245 HTTP/2.0
host: bucket.cdnwebcloud.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Mon, 04 Sep 2023 14:02:49 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 19 Feb 2024 07:28:00 GMT
etag: W/"3c5a63b88b693279fc4d9dcff91d29c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7279057aafa9070c677136c3d9c68912.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
x-amz-cf-id: V3UZsgG0RWeT-WQv01Np0jjQHnT8eDRyauCIxboKOSdNo8LFvVc1sg==
age: 30478
GET

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgCcuPtPvJhKne575CdI_eQI0-7FnAAJshSzkn45m0I19ndzOgW-mQmYXHtK0nom0_fQ1V_m3dzwmAW_jky_-3gnFeicDq6yb1d_nePyWBYIE1lHe3zQ0YTsnLj00fpr9hKbBHuqy9Hl2tbKkeG4XVRXDjXTlEYM_TSxj6A7W0X1DAoH-PBEJ0SycyaQTj_NsuLTXM84Qbrf4ubTtN24G4CA2LTRydUg7MRNRlPBquglUQhOX8-pcMn8uD9m6XiW0A3GJ3ptW-eRRO0j50r4eXIf5FD0ETi9ZtdPxNHsNiW0uEwt2tSGiq-IPHoZuBJpOdM1Ln278sgAWZPOL_gIHNFvhW6wGrATqGkwtTpRFrqAQJCiJ6vOTz_enZ3LiHOJYpK6Qa9gUeV5psC3ZVwN3LhFk_aKTqKhIGSzUhTKLyvG9lmxwrrH4HsOfxLOoDCyhfRzvvyb8GkWsVzSr4bdWAMNsFtuV_sgA3xmoIWArcBXK6lGzoAsm6oomUt3s5o4P-IHIGO6YHc47lU0oi3h1BNeoq-4CEgp-x51aQAdggrsS1Nv1csMLpv2-7Hljt76DuDoLIDdqal5coYISHhmsYV3_LbGKtQkV3g4WYJKOOZj7VzH05qM0-99V0YsjQQG1qt-ka2gf8gUbm8cQtv46PXHr-ru0pXPgefD6pSEUw5kY8g0t_RPMYHuY6dxQZ0uo3xp6iwnV2nkHkwxf2P-oxDBLWmo3sWifP4cNljBcWDYK_HGlUVQGuYY1sCMZj6S283ZpUW21fXnFPFrzbP58lsFkCIz05riRjCukPopjdd7GZ8LyUU4w2JfmsWEO-GsvZtP60rZUpjTWU3TnLZ51TEc94T_uJJ8FTi2TDUTcL5lP7zgb6AkT6bp0BuMXigem1W_Hmv-0yfQvzLKMmeNkT2m50Pa47YTLY_zHUzNJAL7kf6L7EC7CRKYUP2O15FAOOa2rGpjF7z4cAhV_afQv9X1SoMtNeuk_bouYsVADhWfmXeMKJfAKACYFMH-0SnevAjJSgDYl71tZb1IPzo_-kq3LKwxQ0dtX7oGl1pmwFO8rNntmiur-zm-M6qdUoA509i7zBGv8S5HXTwA-9lBV-v4MfR0SRs7tw5uuKdfhTlmsg2iyqdaU7P1NQ-hlPyyiqgjH2ZxGrymRHxubo1kE6ueeNFk_NSv0Y4XqV_-_KRWbcl7sz6LaYYifIYCJRdMdGIMUR1fOcmNxwE9eIC9RSEVTMh3IlI30mgr7er9vuiWRJLIuvBcAY7oLTrPKXpUQ15-f5Hk9PlBlhBUmPaTZvEeGeRJ0MRnnbS6mO__Ia49gGU1nSLbPJqRVNcblbQcErCfPawQ&sai=AMfl-YSKGxTHzFaAeFyLJlKffd7QM79omvQFBOs0-TSMTuAGSS8mp0HaFVks5ZtTSfr0hSnVCV6Rum6sJCyD9GD9qTsavrRKiKntP7eWlfHOuaCprRSGbBSzyG5WAjwGbdvpdVaBHMyDbdfjCZudmlDDLiPuSqY_VWSpftWgBet2UCTTXP6TGkPiZz0UT8V7WRqI1AaF3ahkWqZYGG3jQtNjc5tfnYAJoflst3y-r6GPJtnJzDcWBKu7LloCdsvs_PpRK_ejFShcuN-7o2hHt8Ok_XG_WczD-pFeMhv5Ay7seKvh0VEadGtaAlaY5U7ZY_yMTvq1KRdttOLnROG9M-VSbNfN5NlsCAHEVm23Qu1n9d4198RDeNHyTyBpcF6p_hKNvpAVFgbJ_sflMstnkCJm2HR8qR4D8O6aJncL0XenP3u0_qYzcKRreOCuAW-OUy6uMzy9KQ_ByA-xXGICMjLdQnK0rnW60vrt6CrxEX4cLazTltRFUF6tJvY&sig=Cg0ArKJSzPj67RaJSlQlEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=423&cbvp=1&cstd=388&cisv=r20240215.86619&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkyLjAuOTAyLjY3IixudWxsLDAsbnVsbCwiIixudWxsLDBd&arae=0&ftch=1&adurl=

msedge.exe

Remote address:

172.217.169.66:443

Request

GET /pcs/view?xai=AKAOjssgCcuPtPvJhKne575CdI_eQI0-7FnAAJshSzkn45m0I19ndzOgW-mQmYXHtK0nom0_fQ1V_m3dzwmAW_jky_-3gnFeicDq6yb1d_nePyWBYIE1lHe3zQ0YTsnLj00fpr9hKbBHuqy9Hl2tbKkeG4XVRXDjXTlEYM_TSxj6A7W0X1DAoH-PBEJ0SycyaQTj_NsuLTXM84Qbrf4ubTtN24G4CA2LTRydUg7MRNRlPBquglUQhOX8-pcMn8uD9m6XiW0A3GJ3ptW-eRRO0j50r4eXIf5FD0ETi9ZtdPxNHsNiW0uEwt2tSGiq-IPHoZuBJpOdM1Ln278sgAWZPOL_gIHNFvhW6wGrATqGkwtTpRFrqAQJCiJ6vOTz_enZ3LiHOJYpK6Qa9gUeV5psC3ZVwN3LhFk_aKTqKhIGSzUhTKLyvG9lmxwrrH4HsOfxLOoDCyhfRzvvyb8GkWsVzSr4bdWAMNsFtuV_sgA3xmoIWArcBXK6lGzoAsm6oomUt3s5o4P-IHIGO6YHc47lU0oi3h1BNeoq-4CEgp-x51aQAdggrsS1Nv1csMLpv2-7Hljt76DuDoLIDdqal5coYISHhmsYV3_LbGKtQkV3g4WYJKOOZj7VzH05qM0-99V0YsjQQG1qt-ka2gf8gUbm8cQtv46PXHr-ru0pXPgefD6pSEUw5kY8g0t_RPMYHuY6dxQZ0uo3xp6iwnV2nkHkwxf2P-oxDBLWmo3sWifP4cNljBcWDYK_HGlUVQGuYY1sCMZj6S283ZpUW21fXnFPFrzbP58lsFkCIz05riRjCukPopjdd7GZ8LyUU4w2JfmsWEO-GsvZtP60rZUpjTWU3TnLZ51TEc94T_uJJ8FTi2TDUTcL5lP7zgb6AkT6bp0BuMXigem1W_Hmv-0yfQvzLKMmeNkT2m50Pa47YTLY_zHUzNJAL7kf6L7EC7CRKYUP2O15FAOOa2rGpjF7z4cAhV_afQv9X1SoMtNeuk_bouYsVADhWfmXeMKJfAKACYFMH-0SnevAjJSgDYl71tZb1IPzo_-kq3LKwxQ0dtX7oGl1pmwFO8rNntmiur-zm-M6qdUoA509i7zBGv8S5HXTwA-9lBV-v4MfR0SRs7tw5uuKdfhTlmsg2iyqdaU7P1NQ-hlPyyiqgjH2ZxGrymRHxubo1kE6ueeNFk_NSv0Y4XqV_-_KRWbcl7sz6LaYYifIYCJRdMdGIMUR1fOcmNxwE9eIC9RSEVTMh3IlI30mgr7er9vuiWRJLIuvBcAY7oLTrPKXpUQ15-f5Hk9PlBlhBUmPaTZvEeGeRJ0MRnnbS6mO__Ia49gGU1nSLbPJqRVNcblbQcErCfPawQ&sai=AMfl-YSKGxTHzFaAeFyLJlKffd7QM79omvQFBOs0-TSMTuAGSS8mp0HaFVks5ZtTSfr0hSnVCV6Rum6sJCyD9GD9qTsavrRKiKntP7eWlfHOuaCprRSGbBSzyG5WAjwGbdvpdVaBHMyDbdfjCZudmlDDLiPuSqY_VWSpftWgBet2UCTTXP6TGkPiZz0UT8V7WRqI1AaF3ahkWqZYGG3jQtNjc5tfnYAJoflst3y-r6GPJtnJzDcWBKu7LloCdsvs_PpRK_ejFShcuN-7o2hHt8Ok_XG_WczD-pFeMhv5Ay7seKvh0VEadGtaAlaY5U7ZY_yMTvq1KRdttOLnROG9M-VSbNfN5NlsCAHEVm23Qu1n9d4198RDeNHyTyBpcF6p_hKNvpAVFgbJ_sflMstnkCJm2HR8qR4D8O6aJncL0XenP3u0_qYzcKRreOCuAW-OUy6uMzy9KQ_ByA-xXGICMjLdQnK0rnW60vrt6CrxEX4cLazTltRFUF6tJvY&sig=Cg0ArKJSzPj67RaJSlQlEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=423&cbvp=1&cstd=388&cisv=r20240215.86619&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkyLjAuOTAyLjY3IixudWxsLDAsbnVsbCwiIixudWxsLDBd&arae=0&ftch=1&adurl= HTTP/2.0
host: googleads4.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

cdn.doubleverify.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.doubleverify.com

IN A

Response

cdn.doubleverify.com

IN CNAME

cdn.doubleverify.com.edgesuite.net

cdn.doubleverify.com.edgesuite.net

IN CNAME

a1241.dsct.akamai.net

a1241.dsct.akamai.net

IN A

95.101.143.17

a1241.dsct.akamai.net

IN A

95.101.143.16
DNS

cdn.doubleverify.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.doubleverify.com

IN A

Response

cdn.doubleverify.com

IN CNAME

cdn.doubleverify.com.edgesuite.net

cdn.doubleverify.com.edgesuite.net

IN CNAME

a1241.dsct.akamai.net

a1241.dsct.akamai.net

IN A

95.101.143.17

a1241.dsct.akamai.net

IN A

95.101.143.16
GET

https://cdn.doubleverify.com/dvbs_src.js?ctx=29615901&cmp=225320&plc=7894353&sid=18330&dvregion=0&unit=728x90

msedge.exe

Remote address:

95.101.143.17:443

Request

GET /dvbs_src.js?ctx=29615901&cmp=225320&plc=7894353&sid=18330&dvregion=0&unit=728x90 HTTP/1.1
Host: cdn.doubleverify.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 17 Dec 2023 15:12:34 GMT
ETag: "a8006a511aee2e57196f5e8bee81dde8"
Content-Type: application/javascript
Content-Encoding: gzip
Accept-Ranges: bytes
Content-Length: 932
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Server: UploadServer
Vary: Accept-Encoding
Cache-Control: no-transform, max-age=86400
Expires: Tue, 20 Feb 2024 15:55:57 GMT
Date: Mon, 19 Feb 2024 15:55:57 GMT
Connection: keep-alive
GET

https://cdn.doubleverify.com/dvbs_src_internal125.js

msedge.exe

Remote address:

95.101.143.17:443

Request

GET /dvbs_src_internal125.js HTTP/1.1
Host: cdn.doubleverify.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 17 Dec 2023 15:12:36 GMT
ETag: "8188d451e0a669939fa9ed400c00d127"
Content-Type: application/javascript
Content-Encoding: gzip
Accept-Ranges: bytes
Content-Length: 19695
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Server: UploadServer
Vary: Accept-Encoding
Cache-Control: no-transform, max-age=31536000
Expires: Tue, 18 Feb 2025 15:55:57 GMT
Date: Mon, 19 Feb 2024 15:55:57 GMT
Connection: keep-alive
GET

https://cdn.doubleverify.com/dvbs_src.js?ctx=29615901&cmp=225320&plc=7887512&sid=18330&dvregion=0&unit=728x90

msedge.exe

Remote address:

95.101.143.17:443

Request

GET /dvbs_src.js?ctx=29615901&cmp=225320&plc=7887512&sid=18330&dvregion=0&unit=728x90 HTTP/1.1
Host: cdn.doubleverify.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Last-Modified: Sun, 17 Dec 2023 15:12:34 GMT
ETag: "a8006a511aee2e57196f5e8bee81dde8"
Content-Type: application/javascript
Content-Encoding: gzip
Accept-Ranges: bytes
Content-Length: 932
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Server: UploadServer
Vary: Accept-Encoding
Cache-Control: no-transform, max-age=86400
Expires: Tue, 20 Feb 2024 15:57:21 GMT
Date: Mon, 19 Feb 2024 15:57:21 GMT
Connection: keep-alive
DNS

neural40.cdnwebcloud.com

msedge.exe

Remote address:

8.8.8.8:53

Request

neural40.cdnwebcloud.com

IN A

Response

neural40.cdnwebcloud.com

IN A

52.19.166.238

neural40.cdnwebcloud.com

IN A

54.229.120.192

neural40.cdnwebcloud.com

IN A

54.72.180.133
DNS

rtb0.doubleverify.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rtb0.doubleverify.com

IN A

Response

rtb0.doubleverify.com

IN CNAME

bs-geo.dvgtm.akadns.net

bs-geo.dvgtm.akadns.net

IN CNAME

bs-wlb-eu.dvgtm.akadns.net

bs-wlb-eu.dvgtm.akadns.net

IN CNAME

rtbc-ew1.doubleverify.com

rtbc-ew1.doubleverify.com

IN A

130.211.44.5
DNS

rtb0.doubleverify.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rtb0.doubleverify.com

IN A

Response

rtb0.doubleverify.com

IN CNAME

bs-geo.dvgtm.akadns.net

bs-geo.dvgtm.akadns.net

IN CNAME

bs-wlb-eu.dvgtm.akadns.net

bs-wlb-eu.dvgtm.akadns.net

IN CNAME

rtbc-ew1.doubleverify.com

rtbc-ew1.doubleverify.com

IN A

130.211.44.5
GET

https://neural40.cdnwebcloud.com/atp?472497141961=&n_o_aut_tc=279148819&nonhm=true&gdpr_consent=CMP_NOT_FOUND

msedge.exe

Remote address:

52.19.166.238:443

Request

GET /atp?472497141961=&n_o_aut_tc=279148819&nonhm=true&gdpr_consent=CMP_NOT_FOUND HTTP/2.0
host: neural40.cdnwebcloud.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:57 GMT
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
GET

https://neural40.cdnwebcloud.com/avw?330146858275&n_o_aut_tc=279148819

msedge.exe

Remote address:

52.19.166.238:443

Request

GET /avw?330146858275&n_o_aut_tc=279148819 HTTP/2.0
host: neural40.cdnwebcloud.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:57 GMT
content-type: image/png
content-length: 74
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
GET

https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_475321266758&jsTagObjCallback=__tagObject_callback_475321266758&num=6&ctx=29615901&cmp=225320&plc=7894353&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=475321266758&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=11&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau66faagc4eeac54%60%60%60g6_62_24a2hbh4a%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=9.00&callbackName=__verify_callback_475321266758

msedge.exe

Remote address:

130.211.44.5:443

Request

GET /verify.js?flvr=0&jsCallback=__verify_callback_475321266758&jsTagObjCallback=__tagObject_callback_475321266758&num=6&ctx=29615901&cmp=225320&plc=7894353&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=475321266758&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=11&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau66faagc4eeac54%60%60%60g6_62_24a2hbh4a%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=9.00&callbackName=__verify_callback_475321266758 HTTP/1.1
Host: rtb0.doubleverify.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 15:55:57 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 02/18/2024 15:55:57
Pragma: no-cache
Vary: Accept-Encoding
Timing-Allow-Origin: *
X-DV-Response: 1
DNS

rtbc-ew1.doubleverify.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rtbc-ew1.doubleverify.com

IN A

Response

rtbc-ew1.doubleverify.com

IN A

130.211.44.5
DNS

www.googletagservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.179.226
DNS

www.googletagservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A
DNS

16.174.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.174.84.52.in-addr.arpa

IN PTR

Response

16.174.84.52.in-addr.arpa

IN PTR

server-52-84-174-16cdg50r cloudfrontnet
DNS

16.174.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.174.84.52.in-addr.arpa

IN PTR
DNS

17.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.143.101.95.in-addr.arpa

IN PTR

Response

17.143.101.95.in-addr.arpa

IN PTR

a95-101-143-17deploystaticakamaitechnologiescom
DNS

17.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.143.101.95.in-addr.arpa

IN PTR
DNS

66.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.169.217.172.in-addr.arpa

IN PTR

Response

66.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f21e100net
DNS

51.201.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.201.222.52.in-addr.arpa

IN PTR

Response

51.201.222.52.in-addr.arpa

IN PTR

server-52-222-201-51cdg50r cloudfrontnet
DNS

51.201.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.201.222.52.in-addr.arpa

IN PTR
DNS

198.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.250.142.in-addr.arpa

IN PTR

Response

198.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f61e100net
DNS

198.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.250.142.in-addr.arpa

IN PTR
DNS

238.166.19.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.166.19.52.in-addr.arpa

IN PTR

Response

238.166.19.52.in-addr.arpa

IN PTR

ec2-52-19-166-238 eu-west-1compute amazonawscom
DNS

238.166.19.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.166.19.52.in-addr.arpa

IN PTR
DNS

5.44.211.130.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.44.211.130.in-addr.arpa

IN PTR

Response

5.44.211.130.in-addr.arpa

IN PTR

544211130bcgoogleusercontentcom
DNS

5.44.211.130.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.44.211.130.in-addr.arpa

IN PTR
POST

https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=4f48e7fa4ab841a59b22a214903aa261&vfdur=275&cbust=1708358156714711

msedge.exe

Remote address:

130.211.44.5:443

Request

POST /bsevent.gif?flvr=0&impid=4f48e7fa4ab841a59b22a214903aa261&vfdur=275&cbust=1708358156714711 HTTP/1.1
Host: rtbc-ew1.doubleverify.com
Connection: keep-alive
Content-Length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Date: Mon, 19 Feb 2024 15:55:57 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Expires: 2024-02-18T15:55:57
Pragma: no-cache
Cache-Control: max-age=0
DNS

asacdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

asacdn.com

IN A

Response

asacdn.com

IN A

104.21.56.184

asacdn.com

IN A

172.67.155.72
DNS

cdntechone.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdntechone.com

IN A

Response

cdntechone.com

IN A

104.21.36.146

cdntechone.com

IN A

172.67.195.28
GET

https://cdntechone.com/stattag.js

msedge.exe

Remote address:

104.21.36.146:443

Request

GET /stattag.js HTTP/2.0
host: cdntechone.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=viMUKKIEIn%2FeP41OgsIKC2YWs3t8E1v8llSvIKvlYPdz%2F%2F6qUtMtBdVylOOxIBOMCFLloCNC9z7ePkTeNQAAdFYkBxXFYdEChn3LDyqdCmfJdo00SzRvLaX83IHrMA%2B2GA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb27a59a748bf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://asacdn.com/script/suv4.js

msedge.exe

Remote address:

104.21.56.184:443

Request

GET /script/suv4.js HTTP/2.0
host: asacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPqCz8Q4vFN0AkmrxzyRPMuoPLZXtejP-R847CPd1YZkbR5ZCClGyj7JWA-N1vT1viWpWOVzAKA6PQ
x-goog-generation: 1708006551344308
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 170231
x-goog-hash: crc32c=xnHxKQ==
x-goog-hash: md5=mHlfm40byVHOUpy8z+HuzA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Mon, 19 Feb 2024 16:40:09 GMT
cache-control: public, max-age=14400
age: 304
last-modified: Thu, 15 Feb 2024 14:15:51 GMT
etag: W/"98795f9b8d1bc951ce529cbccfe1eecc"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96CYutRIJH9ubSDMhuO4vhMxlog%2BVGtFjGlchcL4F4tgnG73k5RscfCrN%2BcYapq5i48IgDBJ3R2qH4bTIVMcBiuExKvFrfn9H859Xzi%2BHHZyeqJ%2BiTyuEYhoo%2FTA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb27a7a9223ba-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://asacdn.com/script/ut.js?cb=1708358157632

msedge.exe

Remote address:

104.21.56.184:443

Request

GET /script/ut.js?cb=1708358157632 HTTP/2.0
host: asacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPruY8tagxHuF5acXg8QSS-BerqNjBzl1NyOzkScWPFD1x9lrCms61X9tnO9wSanBEL5sho
x-goog-generation: 1708006565806041
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 103574
x-goog-hash: crc32c=yKysnw==
x-goog-hash: md5=dZ2LOMCFr5YGVxBKjRnBog==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Mon, 19 Feb 2024 15:22:54 GMT
cache-control: public, max-age=14400
age: 2653
last-modified: Thu, 15 Feb 2024 14:16:05 GMT
etag: W/"759d8b38c085af960657104a8d19c1a2"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ij2plLQ6Ry0iv7H7NQm%2FAz7W3ilbwot5Wsi9KEyGRDLX0vVrQ3i%2B%2F5Wv7f2Dti%2F5T0kJv%2BMOnGMZbL8ZBACIvcDT%2BrxexSaTuxcNgvD6wNlAEhXS6o7qqUPmbKWF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb27bfcde23ba-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://asacdn.com/script/suv5.js

msedge.exe

Remote address:

104.21.56.184:443

Request

GET /script/suv5.js HTTP/2.0
host: asacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:58 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPqwikfNERLnMPdJX1B1Aa-lphDJ1SHN42JtRRKbGv_aU6yNJEFepXvSD04UUdaWK1pLlxM
x-goog-generation: 1705569075555153
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89230
x-goog-hash: crc32c=0sa7rw==
x-goog-hash: md5=94JzgV/8zAEmvT6D0oE/fA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Mon, 19 Feb 2024 16:10:13 GMT
cache-control: public, max-age=14400
last-modified: Thu, 18 Jan 2024 09:11:15 GMT
etag: W/"f78273815ffccc0126bd3e83d2813f7c"
age: 1929
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aenVqqZ28WbZ6LfK3FrD7mGuG6EXyc1MfhS6M3%2FD6xjh9FcZnyN3%2ByNHjbC5plSFLkaLAg26yF4usfMur3289rd3s9qAgIbikibj2ObKfSfOQGZVQ3%2BA77%2Fh1ESb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 857fb27bfcdc23ba-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

datatechone.com

msedge.exe

Remote address:

8.8.8.8:53

Request

datatechone.com

IN A

Response

datatechone.com

IN A

139.45.195.253
POST

https://datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697&ruid=15b21f84-1a51-49c1-8488-16ff0fb0b0fd

msedge.exe

Remote address:

139.45.195.253:443

Request

POST /log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697&ruid=15b21f84-1a51-49c1-8488-16ff0fb0b0fd HTTP/1.1
Host: datatechone.com
Connection: keep-alive
Content-Length: 1963
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://exego.app
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://exego.app/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.19.10
Date: Mon, 19 Feb 2024 15:55:58 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://exego.app
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
DNS

eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com

IN A

Response

eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.204.65
DNS

ade.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ade.googlesyndication.com

IN A

Response

ade.googlesyndication.com

IN A

216.58.201.98
GET

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI0suHiOK3hAMVY1NBAh0b4AQ8EAEYACDruKtN;dc_eps=AHas8cDHrecq4J9UvM8-fLrUlSLKpF7NOdtUteHYkSMzexIrWL28pOj80kaVmG_RCfrXuXF8xC-Qvn3pmWjtP5fyrB7e;met=1;&timestamp=1708358157580;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;

msedge.exe

Remote address:

216.58.201.98:443

Request

GET /ddm/activity/dc_oe=ChMI0suHiOK3hAMVY1NBAh0b4AQ8EAEYACDruKtN;dc_eps=AHas8cDHrecq4J9UvM8-fLrUlSLKpF7NOdtUteHYkSMzexIrWL28pOj80kaVmG_RCfrXuXF8xC-Qvn3pmWjtP5fyrB7e;met=1;&timestamp=1708358157580;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1; HTTP/2.0
host: ade.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
cache-control: max-age=0
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

youradexchange.com

msedge.exe

Remote address:

8.8.8.8:53

Request

youradexchange.com

IN A

Response

youradexchange.com

IN A

172.64.135.28

youradexchange.com

IN A

172.64.134.28
DNS

146.36.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.36.21.104.in-addr.arpa

IN PTR

Response
DNS

184.56.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.56.21.104.in-addr.arpa

IN PTR

Response
DNS

253.195.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

253.195.45.139.in-addr.arpa

IN PTR

Response
DNS

98.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.201.58.216.in-addr.arpa

IN PTR

Response

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f981e100net

98.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f2�H

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f2�H
DNS

ctrtrk.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctrtrk.com

IN A

Response

ctrtrk.com

IN A

104.21.85.92

ctrtrk.com

IN A

172.67.204.62
GET

https://youradexchange.com/script/suurl5.php?r=5890046&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.2513468839006867&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358157822&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5

msedge.exe

Remote address:

172.64.135.28:443

Request

GET /script/suurl5.php?r=5890046&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.2513468839006867&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358157822&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5 HTTP/2.0
host: youradexchange.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:59 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvH9CA8YpMXCRdtaIEvAVX4va4T2%2FJ%2FRA4BAQ3aJu8xBnFadL1vKLsrO0kd9OqUHqlRfnhx8WwOmjzoZ51HtvBQG8CXp8Dm2WfnsVeRWlLk%2B1TbEn3z6tom9pWlovozPTbjEDgk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb27e0ab76537-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://youradexchange.com/script/suurl5.php?r=5890046&rbd=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.6556161102365501&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358166309&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5

msedge.exe

Remote address:

172.64.135.28:443

Request

GET /script/suurl5.php?r=5890046&rbd=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.6556161102365501&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358166309&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5 HTTP/2.0
host: youradexchange.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

date: Mon, 19 Feb 2024 15:56:07 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTqbaajGB8Lp6HJzd96jheFOaFc84EETwKr%2BiUPJvZkXLRfMw7%2BKX%2B8cDbCU7cw9feEXRpaijzYaW6urklR38WCi%2FdI8xCqF1g7MBHfhbrY4zRilh%2FTxjPV2Whsqvhn4nhNYUDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2b22e1e6537-LHR
alt-svc: h3=":443"; ma=86400
GET

https://ctrtrk.com/ut/ctr.php

msedge.exe

Remote address:

104.21.85.92:443

Request

GET /ut/ctr.php HTTP/2.0
host: ctrtrk.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:55:59 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
set-cookie: uniqid=c51102f4-1482-4ab9-9c7b-c98a38ba3a76; path=/; SameSite=None; Secure; Max-Age=1739894159; HttpOnly
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y9XkFE3r3YW%2BPLoz%2BKjXzvn7DVWobrY61igJ%2FX%2B96W9VsDm3kbUIrXxMok0ZfDN9skRInF%2FP%2BulXesEPtVzUXSxgEtGj3WPKSOWWn6vIKtfCKlKzVYYqvlIdmpio"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb27e2ff67750-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://pubtrky.com/ut/hb.php?cb=0.15210725654388013&v=1

msedge.exe

Remote address:

104.21.8.108:443

Request

POST /ut/hb.php?cb=0.15210725654388013&v=1 HTTP/2.0
host: pubtrky.com
content-length: 1608
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain; charset=utf-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:55:59 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qB8JbsFEfbqTRJPTvNAfkpt3OLqnOkflyqVBkinaOePsEQKlPR%2B6SFuACES7cxIDcm0AhIVYCTnn%2BBUknIG%2BlLNwV9Jdiq4YJkqQYFYcASJFVTCxRsOuYZLitjNqxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb27e796d654d-LHR
alt-svc: h3=":443"; ma=86400
POST

https://pubtrky.com/ut/hb.php?cb=0.2975931010103232&v=1

msedge.exe

Remote address:

104.21.8.108:443

Request

POST /ut/hb.php?cb=0.2975931010103232&v=1 HTTP/2.0
host: pubtrky.com
content-length: 1644
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain; charset=utf-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:56:02 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5OZiIUke10JU1WXEFDwASc2YkxnvBvN67tEhvhLa4s2XMWt4Up6pV%2Fmwb4k80ThiOcJWeISJ%2F4urw%2FIoylAwv9xIpw5XBTajzOD1pdXNv7BWhZKTlRrYHXQzIgiTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb291dbe1654d-LHR
alt-svc: h3=":443"; ma=86400
POST

https://pubtrky.com/ut/hb.php?cb=0.562476075905936&v=1

msedge.exe

Remote address:

104.21.8.108:443

Request

POST /ut/hb.php?cb=0.562476075905936&v=1 HTTP/2.0
host: pubtrky.com
content-length: 1645
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain; charset=utf-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:57:03 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBJ%2FITnr55jdrEmjCFPYFdwsn%2Fet3MvJ3hFazuvGpZOISj59jgPamdz4g141m9NO3TkMH4deUxp1NhsmPwL6uLYF%2Fefy20HW5cIlDf4xnCOIDYhUuEt18mD0yi%2FpHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb40e3eb0654d-LHR
alt-svc: h3=":443"; ma=86400
POST

https://pubtrky.com/ut/hb.php?cb=0.484435072903181&v=1

msedge.exe

Remote address:

104.21.8.108:443

Request

POST /ut/hb.php?cb=0.484435072903181&v=1 HTTP/2.0
host: pubtrky.com
content-length: 1645
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain; charset=utf-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:57:20 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovCU4yfNYBOu%2FWoGvtq%2BZmLrNaCl3lvr5%2BBrmnZ77BDKDG%2FKoHdP5DGV6sJuDv2OgTg%2BZsy5mMMIVgAYAhb1rMusFY8gW9Gl6MlJMwxTJvXs3Td9lBsyxkgIHTLCVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb47c6d9c654d-LHR
alt-svc: h3=":443"; ma=86400
POST

https://pubtrky.com/ut/hb.php?cb=0.18224008874617192&v=1

msedge.exe

Remote address:

104.21.8.108:443

Request

POST /ut/hb.php?cb=0.18224008874617192&v=1 HTTP/2.0
host: pubtrky.com
content-length: 1645
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain; charset=utf-8
accept: */*
origin: https://exego.app
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:57:21 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXY6bRdtNxUMLMbGvfM%2FdflRewuXQsQFz8yHKvjgG5X%2FTCqsa6VJaJ9EwnjXTTyBBLLII%2Fhpw%2B5zEu1arWm%2BzL3nge2TvEYAjI81M%2BHLvjGG6UlGJ6UNe01x3IpcZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb47e4a71654d-LHR
alt-svc: h3=":443"; ma=86400
DNS

28.135.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.135.64.172.in-addr.arpa

IN PTR

Response
DNS

28.135.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.135.64.172.in-addr.arpa

IN PTR

Response
DNS

92.85.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.85.21.104.in-addr.arpa

IN PTR

Response
DNS

92.85.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.85.21.104.in-addr.arpa

IN PTR

Response
DNS

108.8.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.8.21.104.in-addr.arpa

IN PTR

Response
DNS

108.8.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.8.21.104.in-addr.arpa

IN PTR

Response
DNS

maroola.aditms.me

msedge.exe

Remote address:

8.8.8.8:53

Request

maroola.aditms.me

IN A

Response

maroola.aditms.me

IN CNAME

aditmedia.go2affise.com

aditmedia.go2affise.com

IN A

34.91.234.242

aditmedia.go2affise.com

IN A

34.141.179.97
GET

https://maroola.aditms.me/click?pid=10&offer_id=21670&sub1=170835815910000TUKTV415029430354V72&sub2=5890046&sub3=86077

msedge.exe

Remote address:

34.91.234.242:443

Request

GET /click?pid=10&offer_id=21670&sub1=170835815910000TUKTV415029430354V72&sub2=5890046&sub3=86077 HTTP/2.0
host: maroola.aditms.me
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Mon, 19 Feb 2024 15:56:02 GMT
content-length: 0
location: http://track.cntclaim.com/4WB1QC/22Q72K9/?sub1=65d37a1280a0a000012c657a&source_id=10_5890046
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=65d37a1280a0a000012c657a; expires=Tue, 18 Feb 2025 15:56:02 GMT; secure; SameSite=None
set-cookie: afoffers={"21670":1708358162}; expires=Tue, 18 Feb 2025 15:56:02 GMT; secure; SameSite=None
access-control-allow-origin: *
GET

https://youradexchange.com/script/i.php?t=1&c=23780516&stamat=m%257C%252C%252CQja3o2FmoGU3BJ-GH0dEdHP3xP.da1%252CdHliE_IJuXpzZzO5Kqob2pavinhUulGenPZDXlMzUL4AYx84Lzx9WNDtZjvHf5XHn0SOPbRMlXxVb7JVOsYD-OZ84E_9P4IxPUbLsl3BqZsoVsm7Fm1TYX47VUJ6kMuBwx9CCxYVRjfVB7pcGSqpPq1vQah6JyXd__VizLK4uYE13UEWRIEMzrGQOLrhsfHDW_-oq0MwMvPpqy9q5mzKgEGPfPMs6yXYf14V6DI_cHyIBX8Zub7fqZcPAg5Z5h_h6E6mQU0J4KAsNcbFGMP2X0FG06mMw5gls3U094oBeXaWFrOS_lxIktE9CrQR_zw8kQOaMWDo-LuLI8sjcV1h9Kkj7u4z9KMyCha_C-28f-D1L0awRxq8bngst_MVum8GAME0b2Df98HV3AsIm9Hmj9v4q7eQbQ3JYsZFLavnZwe1QiNQxTv-tAh0yB3_jXboIrG-xmUF4HoZlW-humYA42iBPA2_D9ELGu8FDTlmb09JF-7Tzu5cEq18aM9YmhR8hPkZjFbVK-co_zc8ztc8PxQG1xiEwY46IIjHp9uWTekkHERvwfp_mTNsj85_0tAW-zJX44uOpu7On7MGNyiymHv2qh3gbfgZ5j60pYJ9ri2cDaQcRB6TDzsiZUvTR28WJV3DgiCpuMAuvbBFz_KWZA%252C%252C&wo=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&utsid=0bba19ac2ab1ed4e0d28b47dede70055

msedge.exe

Remote address:

172.64.135.28:443

Request

GET /script/i.php?t=1&c=23780516&stamat=m%257C%252C%252CQja3o2FmoGU3BJ-GH0dEdHP3xP.da1%252CdHliE_IJuXpzZzO5Kqob2pavinhUulGenPZDXlMzUL4AYx84Lzx9WNDtZjvHf5XHn0SOPbRMlXxVb7JVOsYD-OZ84E_9P4IxPUbLsl3BqZsoVsm7Fm1TYX47VUJ6kMuBwx9CCxYVRjfVB7pcGSqpPq1vQah6JyXd__VizLK4uYE13UEWRIEMzrGQOLrhsfHDW_-oq0MwMvPpqy9q5mzKgEGPfPMs6yXYf14V6DI_cHyIBX8Zub7fqZcPAg5Z5h_h6E6mQU0J4KAsNcbFGMP2X0FG06mMw5gls3U094oBeXaWFrOS_lxIktE9CrQR_zw8kQOaMWDo-LuLI8sjcV1h9Kkj7u4z9KMyCha_C-28f-D1L0awRxq8bngst_MVum8GAME0b2Df98HV3AsIm9Hmj9v4q7eQbQ3JYsZFLavnZwe1QiNQxTv-tAh0yB3_jXboIrG-xmUF4HoZlW-humYA42iBPA2_D9ELGu8FDTlmb09JF-7Tzu5cEq18aM9YmhR8hPkZjFbVK-co_zc8ztc8PxQG1xiEwY46IIjHp9uWTekkHERvwfp_mTNsj85_0tAW-zJX44uOpu7On7MGNyiymHv2qh3gbfgZ5j60pYJ9ri2cDaQcRB6TDzsiZUvTR28WJV3DgiCpuMAuvbBFz_KWZA%252C%252C&wo=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&utsid=0bba19ac2ab1ed4e0d28b47dede70055 HTTP/2.0
host: youradexchange.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 19 Feb 2024 15:56:02 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k0PjccB71x0dS4%2BynP6O38DkLgnOnfIJssBUSi%2B2l5BwDoZeazg5lHzupMuo4fv6LHOJc%2FsWdI%2Bgz1jAa3pdN5QpGIqdUKsUVfwo7vciAEueaHQeDjc7wLAbb%2FZaC3jJ2Pqiwxs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 857fb2956e554165-LHR
alt-svc: h3=":443"; ma=86400
DNS

track.cntclaim.com

msedge.exe

Remote address:

8.8.8.8:53

Request

track.cntclaim.com

IN A

Response

track.cntclaim.com

IN A

54.196.173.211
GET

http://track.cntclaim.com/4WB1QC/22Q72K9/?sub1=65d37a1280a0a000012c657a&source_id=10_5890046

msedge.exe

Remote address:

54.196.173.211:80

Request

GET /4WB1QC/22Q72K9/?sub1=65d37a1280a0a000012c657a&source_id=10_5890046 HTTP/1.1
Host: track.cntclaim.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

server: nginx
date: Mon, 19 Feb 2024 15:56:02 GMT
content-type: text/html; charset=utf-8
content-length: 155
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://brswntech.com/click.php?key=tk0numhywqb801k7dq1l&transaction_id=6ad0c2a44d06440ea757ae6908c7cd83&affiliate_id=4WB1QC
set-cookie: uniqueClick_22Q72K9=4964ef8d-4a76-4c8a-82bf-554a70040d43:1708358162; Path=/; Expires=Tue, 20 Feb 2024 15:56:02 GMT; SameSite=None
set-cookie: transaction_id=6ad0c2a44d06440ea757ae6908c7cd83; Path=/; Expires=Sun, 19 May 2024 15:56:02 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 66944562-1ca9-4ae0-9ddd-5a6004a2fa1e
DNS

242.234.91.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

242.234.91.34.in-addr.arpa

IN PTR

Response

242.234.91.34.in-addr.arpa

IN PTR

2422349134bcgoogleusercontentcom
DNS

36.249.124.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.249.124.192.in-addr.arpa

IN PTR

Response

36.249.124.192.in-addr.arpa

IN PTR

cloudproxy10036sucurinet
DNS

brswntech.com

msedge.exe

Remote address:

8.8.8.8:53

Request

brswntech.com

IN A

Response

brswntech.com

IN A

157.230.52.75
GET

https://brswntech.com/click.php?key=tk0numhywqb801k7dq1l&transaction_id=6ad0c2a44d06440ea757ae6908c7cd83&affiliate_id=4WB1QC

msedge.exe

Remote address:

157.230.52.75:443

Request

GET /click.php?key=tk0numhywqb801k7dq1l&transaction_id=6ad0c2a44d06440ea757ae6908c7cd83&affiliate_id=4WB1QC HTTP/2.0
host: brswntech.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx/1.18.0
date: Mon, 19 Feb 2024 15:56:03 GMT
content-type: text/html; charset=UTF-8
location: https://www.getgx.net/65WLXC1/KM15N5P/?uid=4887&sub1=1990&sub2=29240g5c8j64p2a0&sub3=bin
set-cookie: uclick=g5c8j64p; expires=Tue, 20-Feb-2024 15:56:03 GMT; Max-Age=86400; path=/
strict-transport-security: max-age=31536000
DNS

www.getgx.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.getgx.net

IN A

Response

www.getgx.net

IN A

3.231.192.129

www.getgx.net

IN A

54.147.64.115
GET

https://www.getgx.net/65WLXC1/KM15N5P/?uid=4887&sub1=1990&sub2=29240g5c8j64p2a0&sub3=bin

msedge.exe

Remote address:

3.231.192.129:443

Request

GET /65WLXC1/KM15N5P/?uid=4887&sub1=1990&sub2=29240g5c8j64p2a0&sub3=bin HTTP/2.0
host: www.getgx.net
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:56:03 GMT
content-type: text/html
content-length: 473
apigw-requestid: TZADIhCzIAMEauw=
DNS

211.173.196.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.173.196.54.in-addr.arpa

IN PTR

Response

211.173.196.54.in-addr.arpa

IN PTR

ec2-54-196-173-211 compute-1 amazonawscom
DNS

75.52.230.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.52.230.157.in-addr.arpa

IN PTR

Response
DNS

75.52.230.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.52.230.157.in-addr.arpa

IN PTR

Response
DNS

129.192.231.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.192.231.3.in-addr.arpa

IN PTR

Response

129.192.231.3.in-addr.arpa

IN PTR

ec2-3-231-192-129 compute-1 amazonawscom
DNS

www.opera.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.opera.com

IN A

Response

www.opera.com

IN CNAME

front-geo.production.opera-website.route53.opera.com

front-geo.production.opera-website.route53.opera.com

IN A

3.127.11.50

front-geo.production.opera-website.route53.opera.com

IN A

18.158.202.86
GET

https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1

msedge.exe

Remote address:

3.127.11.50:443

Request

GET /gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1 HTTP/2.0
host: www.opera.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:56:04 GMT
content-type: text/html; charset=utf-8
content-language: en
referrer-policy: strict-origin-when-cross-origin
cache-control: max-age=3600
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
accept-ranges: bytes
GET

https://www.opera.com/api/geolocation/

msedge.exe

Remote address:

3.127.11.50:443

Request

GET /api/geolocation/ HTTP/2.0
host: www.opera.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gcl_au=1.1.1269488379.1708358164
cookie: opref=source%3DPWNgames3%26medium%3Dpa%26campaign%3DPWN_GB_LVR_OOM%26edition%3Dstd-1%26content%3D%26id%3Dfe861f9c436b4bf7af66001b14d63cd5%26referrer%3D%26site%3Dopera_com%26sub%3D
cookie: _ga_T18E1GTPQG=GS1.1.1708358165.1.0.1708358165.60.0.0
cookie: _ga=GA1.2.278108075.1708358165
cookie: _gid=GA1.2.1713131193.1708358166
cookie: _gat_UA-4118503-39=1
cookie: _rdt_uuid=1708358165739.f2a7e1e9-8276-4525-b4c6-553f686c15a8
cookie: __rtbh.lid=%7B%22eventType%22%3A%22lid%22%2C%22id%22%3A%22j3HDhpPUDOk0GHlEaOWP%22%7D

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:56:07 GMT
content-type: application/json
content-length: 102
content-language: en
referrer-policy: strict-origin-when-cross-origin
cache-control: max-age=3600
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
accept-ranges: bytes
DNS

cdn-production-opera-website.operacdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn-production-opera-website.operacdn.com

IN A

Response

cdn-production-opera-website.operacdn.com

IN CNAME

cdn-production-opera-website.operacdn.com.edgekey.net

cdn-production-opera-website.operacdn.com.edgekey.net

IN CNAME

e11604.dscf.akamaiedge.net

e11604.dscf.akamaiedge.net

IN A

104.84.85.174
DNS

www.googleoptimize.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googleoptimize.com

IN A

Response

www.googleoptimize.com

IN A

172.217.169.14
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/embedVideo.4fdce408f883.css

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/embedVideo.4fdce408f883.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: J5AYyJxzUVg+Sr5DuqcMEeyLQXz/CY58ecGCEPGIygQsagwcY34JRzQI/MLelfRh1aZoVwHrLho=
x-amz-request-id: 7G9ADR0ZH6YSG5AK
last-modified: Fri, 16 Feb 2024 12:24:12 GMT
etag: "4fdce408f883e877033fc2abc0ef6304"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
content-length: 1111
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/gxMain.2143dd96c917.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/gxMain.2143dd96c917.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Fhh82UM/h6s8zVTfQlu2t1OYXIO4x+7830KSNbpQD2dW9RRwwbU1ydrdvom4lREK+LXDXNxpX3A=
x-amz-request-id: SHFNBX9Y4PKM8Q8B
last-modified: Fri, 16 Feb 2024 12:24:16 GMT
etag: "2143dd96c917f0df588ca60c71dde109"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
content-length: 25536
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/gxMain.ef932ec0fbca.css

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/gxMain.ef932ec0fbca.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: ZLV+cEfCB3QTwQPhTjKfToIKGINyhQr3FInKav0pV4nIsJ6kdYkEiyKCVBeWcpRia4u9phzAj3k=
x-amz-request-id: N8TBT0ST7K1EYQQY
last-modified: Mon, 19 Feb 2024 13:07:09 GMT
etag: "ef932ec0fbcab8d134df82df2aa5636d"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
content-length: 13950
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/gx2021.44fadad10c07.css

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/gx2021.44fadad10c07.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: b7jgDEEaDOsU9ZJ3tAaNyfC+AHyl1sIkMoIOxuKWEAc0rfpuwS86GCYWVDOya/ZCP+10y/ZpVvg=
x-amz-request-id: NR4Z3Z5VD8VJY1A8
last-modified: Fri, 16 Feb 2024 12:24:13 GMT
etag: "44fadad10c072b299403287b37ec3790"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
content-length: 17339
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/logo/logo-o.a069885fbe7c.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/logo/logo-o.a069885fbe7c.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 2X51lh4M+FhsUIJwKeX2ReaUKJqNve5v0R3HSz14pMSkMpHSdE2JqyYG8tHHKF2+Hd+HQu2ncOo=
x-amz-request-id: QBTSJ35RGQNQ8Y28
last-modified: Fri, 16 Feb 2024 12:22:23 GMT
etag: "a069885fbe7ce02feecf2d2ee57c7546"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 1685
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/logo/logo-and-name--white.8877a4c85063.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/logo/logo-and-name--white.8877a4c85063.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: egtb+QuosWNX2n+Z7k1BisU/1g6fUrtSilHMbdn1Rewhv6/Fdk9KJf8XWYzsOmFVB1fetDP7Qbs=
x-amz-request-id: EJ06AW7R3D7JAT5Z
last-modified: Fri, 16 Feb 2024 12:22:23 GMT
etag: "8877a4c85063db32e55bc700b92fb7ef"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 4513
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/1x1px.91e42db1c66c.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/1x1px.91e42db1c66c.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: j6VUpFY8rBnjhgQeMs0bXN7DqiEC4QPY1OnmBK48+XyrTks5THNU2k1Aoz7L9mH76vPXboMgRjY=
x-amz-request-id: QQ39V16A4ZRYS2C8
last-modified: Fri, 16 Feb 2024 12:22:01 GMT
etag: "91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 68
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/icons/arrows/right.9bd90c944fec.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/icons/arrows/right.9bd90c944fec.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: SCPJcg9WNfRQnAHbSKETeODdAHkfjfbdbNxFDOGcnCLV/1kdROwEwnyE0KrOXNf5XnG+TS8ls9o=
x-amz-request-id: V27KG5DT89EJJGXQ
last-modified: Fri, 16 Feb 2024 12:22:20 GMT
etag: "9bd90c944fec88ff59f279f9c6c01d60"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 284
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/components/download/googleplay/google-play--en.510db0066052.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/components/download/googleplay/google-play--en.510db0066052.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: zKpuNoSaPodRjHBpCB9EBKNHOxO0S6ROYKXoe5fptfzbIicl1rJui3QPVpRT04WtuSoe+PuZVps=
x-amz-request-id: FH55FS2FVK121XAP
last-modified: Fri, 16 Feb 2024 12:22:04 GMT
etag: "510db0066052c3af060442b839359691"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 5474
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/components/download/appstore/app-store--en.4c2de0665c3e.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/components/download/appstore/app-store--en.4c2de0665c3e.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: bMWkUpQsk6K42rKUB+GJjOHwLeH2WF96+yRpdSHnmsXE3Kx8ukMPirxGnMUyJvGvJpYLDw/hUrk=
x-amz-request-id: FH54FXVMREZ4BY0E
last-modified: Fri, 16 Feb 2024 12:22:03 GMT
etag: "4c2de0665c3e8f1304adcd90fcb430cd"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 2577
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--mobile@2x.dad38e627140.webp

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--mobile@2x.dad38e627140.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: hJ1zEdem+/VkSVjqUfSjE4ZnvAp0sVL7bNXOeW5ZNonZ67gFFnQjUtF5EGMLZSEoWUdZBYuv6i8=
x-amz-request-id: XJ955QRCVJC19TNB
last-modified: Fri, 16 Feb 2024 12:23:07 GMT
etag: "dad38e627140ad0b2d578c37f20e2421"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 47722
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--home.a3a32725c8c8.webp

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--home.a3a32725c8c8.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 244Dok9FFaqycBOSMwSe6JD3Yy3y+rZoHSN+qYJL5MtyQM7C1nDBTLlROn1EMFvkU3Gkd9XejZM=
x-amz-request-id: 6X21A9EHQM8BR1RY
last-modified: Fri, 16 Feb 2024 12:23:07 GMT
etag: "a3a32725c8c8d27c18b89017f2e0689c"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 42264
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:04 GMT
date: Mon, 19 Feb 2024 15:56:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__mobile--hero-section@2x.105801afec18.webp

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/hero-top/gx/gx__mobile--hero-section@2x.105801afec18.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 955JQNQFE8PCiK6McMPfP73tSaGJl5lWGQShUE+q9+KMNCze8jPLTM1sTxZLR5XMSo5XRocPdjE=
x-amz-request-id: 5FG5HZ103VVHGDSE
last-modified: Fri, 16 Feb 2024 12:23:07 GMT
etag: "105801afec185e88bf124ad6d2618d02"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 109740
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--gx-mobile@2x.4aa1a438e946.webp

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--gx-mobile@2x.4aa1a438e946.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: vjPzHHEl7G/kRkOlmJ49XBMhI81Yk7ltPqRuP8TvzDCCCokDCvVzDND9L78zDhFZSmkMMrtJBMw=
x-amz-request-id: XJ9A1WWWPVZ4JVNC
last-modified: Fri, 16 Feb 2024 12:23:07 GMT
etag: "4aa1a438e946907970930b7f2e04f644"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 37600
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--gx-cleaner@2x.43ff34bf1a7b.webp

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--gx-cleaner@2x.43ff34bf1a7b.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: eGtkUEcMEJBKm92Un078yiGCyuldrYoI7aWa+DScQ96Vov3Y3JMAIdFKa5iAWJl1KE5lW2hXMbc=
x-amz-request-id: H7V2TD2YQ18JD0SQ
last-modified: Fri, 16 Feb 2024 12:23:06 GMT
etag: "43ff34bf1a7b9da9262052869fdfe267"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 82120
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx-mobile__android-iOS@2x.d190a54a25f9.webp

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/hero-top/gx/gx-mobile__android-iOS@2x.d190a54a25f9.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: SpHRQf53Q05GepEFiYCGLbQE25czYRqyCQelrg1yomAZQYBRtMOjAhMCVi8kdiP/EBB13FU9nO8=
x-amz-request-id: HQMZY3Q417A4T8X5
last-modified: Fri, 16 Feb 2024 12:23:06 GMT
etag: "d190a54a25f96e1356a94e2a868bd5be"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 112954
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/feature-promo/awesome-features--gx__mobile.c8ecc394b852.jpg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/feature-promo/awesome-features--gx__mobile.c8ecc394b852.jpg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: OPSvXf6b9ND0pYaB+NWrcY7eVxRPkGE4j5HQPDZKQrj+1SnXH610P5VtmgQKlvKj1tmVJt68LFE=
x-amz-request-id: XJ9E0MBHVDDQV08F
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "c8ecc394b852869c3f8d196e06a15b44"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/jpeg
server: AmazonS3
content-length: 64529
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/feature-promo/awesome-features--gx.e698406b3212.jpg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/feature-promo/awesome-features--gx.e698406b3212.jpg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: RWket0QEJrTVnfCNKQxbUoKn8HhgQUVOmr7MqT3e/YqTT4pRguniZm6RlKU1KkpeXaKyl8RURTg=
x-amz-request-id: XJ9FCZKH273XYT3R
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "e698406b3212a86ef5ad559ae9149132"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/jpeg
server: AmazonS3
content-length: 165077
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/theme-switcher/gx__color-theme--classic.1b752fb481b6.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/theme-switcher/gx__color-theme--classic.1b752fb481b6.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: xM4ulgNsa5LB6mGixV0xd8V3pjSIVtbJ37DYL3OnoNIeIzdCTNnu3pCZstnw4/A4hoB8oJMn/xk=
x-amz-request-id: XJ98N3G1A2DW4HH8
last-modified: Fri, 16 Feb 2024 12:23:19 GMT
etag: "1b752fb481b6970908fc8ff04e7b1d1c"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 408229
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-light-mode.ae3068ee8c01.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-light-mode.ae3068ee8c01.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: FO3Eoj9sbTGJLZcxW/GvIsgXe8Tx9mD/+OiPNT2K8Fn/sU+m+oR59kUzmXiqrx1EVpMMXc9jdXs=
x-amz-request-id: XJ9DW98BN023DF7J
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "ae3068ee8c01ecefc4b734ff83d72d2a"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 365
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--light-mode.01aad9997fb5.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--light-mode.01aad9997fb5.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: DhdoK8ezxEoDH7jgtSXePCAGqY5vGea2UmPDax8biPGZgxZeOgB9r1YAi96ZZFF1npI4p+wkZD0=
x-amz-request-id: 75YNTHQ9XMHVAPVK
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "01aad9997fb508b7a5c60ecc88207cad"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 80560
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-corner.be1333483846.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-corner.be1333483846.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 3+6bhSzSgwxtffh2MEByX9TkVwkArSh+cvWxZG330hjpduZOaD4knQMPL3qJiZGAILRz8Ak3vNA=
x-amz-request-id: XJ94HKJ1JJEKQW4C
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "be133348384697b6ece777f20cabcb28"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 653
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--gx-corner.b44c9289e362.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--gx-corner.b44c9289e362.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: W0hdg52WuynPG0fmpEC7dT983i8k2nfSyR3Gd4r0VqtZnMkGVbE57rh4eFchFWjRhp+9MU7NvGc=
x-amz-request-id: 75YRTQZ7JS6BZSY8
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "b44c9289e36226ff9c0c8e7b9be6b2ee"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 144786
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-twitch.8902d1ec9cef.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-twitch.8902d1ec9cef.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Lq4hl7b2jgAqX4Bu1vRZFbobFmjMLzzKLBHcimzMwtffXCjQw5DLDNrtUcS1xyh0Gse/213tGLQ=
x-amz-request-id: XJ98EZRRTSZDNHZZ
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "8902d1ec9cef36358778a96db8b2408c"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 1000
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--twitch.5f4495877f47.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--twitch.5f4495877f47.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: RoLfITlfXikeV3JjfdqVfoWOnEvhXxtJb/67AmsEWLVAEpSIm8lL4kpcJrW+N23+UnGervrdw1U=
x-amz-request-id: 75YTJM767JW3DJ1E
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "5f4495877f47d6a908eb85cf0297c225"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 65601
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-discord.513c7c78f5c8.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-discord.513c7c78f5c8.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: xfsf7Q0tNd1BaFVQKxPPTu0C+mtOwK9inVjB59nFSYEzDlU2CyNzK7aAi8Piigi1O29nljMSLSc=
x-amz-request-id: XJ9BKQVGS1C5ABB4
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "513c7c78f5c85b2e1d971bc3496daa4b"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 2240
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--discord.3e893cef8784.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--discord.3e893cef8784.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: QME242c4DrFCEp1UsWS/SNek/y9v7wVWuOOih6e5bbmufF6u32IxQccoVhW2FgE+ITbKAKIIXck=
x-amz-request-id: 75YPY9B17JQRZ238
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "3e893cef87841d8861644972257666ec"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 92620
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-player.416a8e402db6.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-player.416a8e402db6.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: WxI0EIqBgZx9nflyrNhX/N8mfIIQ6kPC0m7Txcc/NnDBUmZaxZgyb46KjbYVSZU2y6Nl/dxqUOg=
x-amz-request-id: H68QJTJJ74ZX1WA0
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "416a8e402db66ca80a5b249f3a38dc4b"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 553
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--player.694659842717.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--player.694659842717.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 0bLfPYfcMJ8rTgC5LTVmPxZ77h5jOX254ucZ2jNRh9Ia5noegvcvrnVc6sTsBaa7HuQojsEcXhQ=
x-amz-request-id: 75YWCQ0RB2ZYT02K
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "6946598427171d947cd62f826208d2f3"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 69121
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-messengers.9bd35388afd6.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-messengers.9bd35388afd6.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Xd2HxxB+eTtXca8f4kIL9PiWojS6I8kSbtHi4ZwsJUYYTXsSxxWMEB7FqOhOVPaXQRXUhMTrWwU=
x-amz-request-id: XJ9FT5TYRQRTAAS9
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "9bd35388afd67f431e55b7f197d83ae2"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 1188
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--messengers.e491d059f927.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--messengers.e491d059f927.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: jOK+n+A8vY5Q6HILFeuLEInyMsh3Cn0zWwJVDcagvgUVknNYPf2wCR3KVopwYgNSytMJHRiEOrQ=
x-amz-request-id: 75YW1C19S7047K1R
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "e491d059f92781879420ebd8fa8bf776"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 60100
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-pinboards.7e83626e788a.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-pinboards.7e83626e788a.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: hFvOzsMQ4VTaWd1zlBDi7q4u2TbnPmTgNM8OkLf2zVHqemO3CRK5W4ovm4l5VG1UpzPoTZKdHu0=
x-amz-request-id: XJ9BTWFMXCASXBZT
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "7e83626e788aa964254ae8244207d8f7"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 553
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--pinboards.aaecb2a9fc24.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--pinboards.aaecb2a9fc24.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: wmOznyLveOOj00Sr0LsBPkmLg6hZ6R0tt3B/iBpwpJ3M8g5XdzR4ME3bqK5IVrX6EJ+v+ZQUdXk=
x-amz-request-id: 75YG8KNWRDDBEQ7N
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "aaecb2a9fc24d89805e640eab2bee122"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 114060
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:05 GMT
date: Mon, 19 Feb 2024 15:56:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-flow.736ea0e793e4.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-flow.736ea0e793e4.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: jWsspnyarsA8MSZ/llmyV43zCemT2HPHEzpXDIq1Wzs1a8vpKxLDCw0g2x+FTes6MP2fp+pBH7c=
x-amz-request-id: QYR3NWAYJZV38SE4
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "736ea0e793e4ae9e757818c2628c8177"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 291
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--flow.3dafb84d8d14.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--flow.3dafb84d8d14.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: JxM2W4jo3rX2Jd1TXk/Z95vxiyDzLuffEtm0uU4Ha4BxQNrahoih2wLJ7M+kfq3qGXq4OHvJ02s=
x-amz-request-id: 75YP87QWW1ZKWWK7
last-modified: Fri, 16 Feb 2024 12:23:02 GMT
etag: "3dafb84d8d14fdd8c1a7825f36387dbf"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 90470
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-fast-navigation.53111f7a4633.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx-fast-navigation.53111f7a4633.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Bl0zqMwXl97i8PruKFiEm8P1eEmtG1uzDLS0J8MKJD4SBk/brqYJsQ8YINHRcH2zYWb6uP4tiwk=
x-amz-request-id: QYR9Q5XXZS1QX9J7
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "53111f7a4633fda3965a3172d92aa798"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 279
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--fast-navigation.cd994c62ac97.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--fast-navigation.cd994c62ac97.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: zuAUXjRk3//P8Eew/i6jWqZgNL+WiiANogwXmh2dYz4VP8Io7C/HwnEzUA7YFZ/kVOmsdA989Qg=
x-amz-request-id: FJ1Q5H4S17BSNYME
last-modified: Fri, 16 Feb 2024 12:23:01 GMT
etag: "cd994c62ac977197fb4119ece99302f1"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 45477
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/gx/images/gx2021/gaming-inspired-features-bg.cdcfd5388fec.jpg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/gx/images/gx2021/gaming-inspired-features-bg.cdcfd5388fec.jpg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: qB8tXjCFfcwYfVvt8uR+k/ysFq1LOTb5vTiSZu5ehEWPodeV3FbUD9H+hMkgCLeplojGVimQtT0=
x-amz-request-id: FJ1Q5P0K61Q8TRQQ
last-modified: Fri, 16 Feb 2024 12:21:52 GMT
etag: "cdcfd5388fecb2af10a46ee71e9ff5a5"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/jpeg
server: AmazonS3
content-length: 274315
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/logo/logo-and-name-negative.51c8dfe30ee2.png

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/assets/images/logo/logo-and-name-negative.51c8dfe30ee2.png HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: iL9qJjLaoicOHTb7IOdjkE/TMa54Mf5LcJOUVbng6IacGtH/b9VfKruf/2MUJ/H3pcJk5OEFUb4=
x-amz-request-id: QYR373CNJ808AYE7
last-modified: Fri, 16 Feb 2024 12:22:23 GMT
etag: "51c8dfe30ee29e9f86622fedcebfe4fb"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/png
server: AmazonS3
content-length: 7249
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/themeSwitcher.2752d37895fc.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/themeSwitcher.2752d37895fc.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: H7XJuCnWc+7wEMNFX1uRHAbBn97BL8LSiqF7Ja7nFE46R3ny1L+LddOg12omJsYqQV4P+xN1AMY=
x-amz-request-id: 2TET6CEPE3G2JNDD
last-modified: Fri, 16 Feb 2024 12:24:19 GMT
etag: "2752d37895fcf6630e4b4b82bbd913ca"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
content-length: 17592
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/1cb6d11c2c491cd2f1fd.4bf5cf63e125.jpg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/1cb6d11c2c491cd2f1fd.4bf5cf63e125.jpg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cdn-production-opera-website.operacdn.com/staticfiles/gx2021.44fadad10c07.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: RsLS6YtPFyOwW5Jf70McsggGX5I/NV9aa7w430abfCj11HLPHpO88j71zoNrYrOV7iLzSMiVs0k=
x-amz-request-id: QYRDJ0Y2SHCW25TB
last-modified: Fri, 16 Feb 2024 12:20:44 GMT
etag: "4bf5cf63e12582c4ded0a4b9c4e677c8"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/jpeg
server: AmazonS3
content-length: 257276
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/67e772f5c7c0ff691b84.d5b84517520e.svg

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/67e772f5c7c0ff691b84.d5b84517520e.svg HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cdn-production-opera-website.operacdn.com/staticfiles/gx2021.44fadad10c07.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 6Jf5s27CtEbXnw7G5aEnhRNJpwdUiTb5fnrk4iImIETZv3+5MNijo8OdPJ9DigELgbYuhcJz+nQ=
x-amz-request-id: HWV25KH73XE4TQ9F
last-modified: Fri, 16 Feb 2024 12:20:54 GMT
etag: "d5b84517520e30d992662e722f94d68e"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
content-length: 472
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:06 GMT
date: Mon, 19 Feb 2024 15:56:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-max-age: 0
access-control-allow-credentials: false
access-control-allow-methods: GET,HEAD
access-control-allow-origin: *
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/3773-26fd20533ee40c5737d4.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/3773-26fd20533ee40c5737d4.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: U+5VlTVFgS2NQiGImb2Y2MA610RDiHJephJyEUe5Hpt3hSrMXmja5D3IF0327QxaDhNeAZ2hkyE=
x-amz-request-id: ERBQ1APZSK81ZPYE
last-modified: Fri, 16 Feb 2024 12:20:46 GMT
etag: "58b4016c02acf71cd0c06d1de8cdeef1"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
content-length: 587
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/3140-70751f2063c9179acc1d.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/3140-70751f2063c9179acc1d.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: MPHy/zSicb/lj9SFQcqhKcS4NKaJ/knhxFSGoLZPmG/KFC2W38fFY1maHojuWeqlIL3qmS4tnT0=
x-amz-request-id: ERBHMMQQHPPBXFMM
last-modified: Fri, 16 Feb 2024 12:20:59 GMT
etag: "6ed3cdf950b82b35a0d3e3d4616a06bc"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
content-length: 1630
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/9625-18069e9f042dd22a20fe.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/9625-18069e9f042dd22a20fe.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: OMcMFcA+1G1694zZ+8V6tmkdbPe0xIRmXADLGSJWIbB+byPtUVipcad0c50IpwTvVtv13nYggE8=
x-amz-request-id: V2EXYA4MXMAYDFR1
last-modified: Fri, 16 Feb 2024 12:20:47 GMT
etag: "a841e86a979db9111df9156e9f1f07dd"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
content-length: 791
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/5844-623e2e6730954e1631f0.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/5844-623e2e6730954e1631f0.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: HBbhYpACPLmuoNXDOg96PmfzxBxiR2A6LmluU/zbKXCdlcdGXjOrXOS6jtPCsrZzVZtf0PeyROA=
x-amz-request-id: V2EVDP2TPQGK2M2T
last-modified: Fri, 16 Feb 2024 12:20:58 GMT
etag: "21238be293b96670b72f0c1002441fc5"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
content-length: 2994
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/8402-a5e99fbf49d748a487fc.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/8402-a5e99fbf49d748a487fc.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: ocREV4DzSwTWfRfHjqlHtzrSeHs6QESsTp6FH5XrFXsiaxyX3jMK6XDYIV5ff6cGXw5W7XJqzCQ=
x-amz-request-id: V2EQFKSY2BR1MQ45
last-modified: Fri, 16 Feb 2024 12:20:45 GMT
etag: "07dc40ac70541b775ad27167aa8b7e6e"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
content-length: 1100
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/253-5ac5fd1814a931050623.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/253-5ac5fd1814a931050623.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Yaw/xHLaU8agavcwwqquSpeAPORCSAIk8FHUC103LyH3MFpJdgu4skMfRPAID5rz3pNMwsmoKJM=
x-amz-request-id: V2ESXM71D5M6FFNB
last-modified: Fri, 16 Feb 2024 12:20:52 GMT
etag: "baaa6b45ef3f64a0a30bbc28a00bbb57"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/554-98f3fe68b9deb1db7052.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/554-98f3fe68b9deb1db7052.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: DwBIUJHR51y0Pg7+l2HT/xNgmO6nvVG186/jOmwS2tuRCJ95ZeS4Fh2OeKhbGYxfLkhjhwccIOA=
x-amz-request-id: V2EXQK42XCZ6S7TD
last-modified: Fri, 16 Feb 2024 12:20:51 GMT
etag: "5b09e4f1b3fe5d91a5dd9f846f73c5ea"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
content-length: 847
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/2723-07bfab34c572816854b8.js

msedge.exe

Remote address:

104.84.85.174:443

Request

GET /staticfiles/2723-07bfab34c572816854b8.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 3+IWkUQcK90iMtqRFDgcLA9mwBhkiBid6laPozqPZnV44krYnz+6G1RJo8KkDfhbT1zInMSmyXM=
x-amz-request-id: V2ES54M48CQ4P3EN
last-modified: Fri, 16 Feb 2024 12:20:45 GMT
etag: "5e8f7690156d04441cae32789c210053"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Tue, 18 Feb 2025 15:56:07 GMT
date: Mon, 19 Feb 2024 15:56:07 GMT
content-length: 1690
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://www.googleoptimize.com/optimize.js?id=GTM-5HKZ2H4

msedge.exe

Remote address:

172.217.169.14:443

Request

GET /optimize.js?id=GTM-5HKZ2H4 HTTP/2.0
host: www.googleoptimize.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www-static.operacdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www-static.operacdn.com

IN A

Response
DNS

50.11.127.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.11.127.3.in-addr.arpa

IN PTR

Response

50.11.127.3.in-addr.arpa

IN PTR

ec2-3-127-11-50eu-central-1compute amazonawscom
DNS

14.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.169.217.172.in-addr.arpa

IN PTR

Response

14.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f141e100net
DNS

174.85.84.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.85.84.104.in-addr.arpa

IN PTR

Response

174.85.84.104.in-addr.arpa

IN PTR

a104-84-85-174deploystaticakamaitechnologiescom
DNS

region1.analytics.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.32.36

region1.analytics.google.com

IN A

216.239.34.36
DNS

stats.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.155

stats.g.doubleclick.net

IN A

64.233.184.156

stats.g.doubleclick.net

IN A

64.233.184.154

stats.g.doubleclick.net

IN A

64.233.184.157
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-T18E1GTPQG&cid=278108075.1708358165&gtm=45je42e0v878149888z8811573329za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0

msedge.exe

Remote address:

64.233.184.155:443

Request

POST /g/collect?v=2&tid=G-T18E1GTPQG&cid=278108075.1708358165&gtm=45je42e0v878149888z8811573329za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.opera.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-T18E1GTPQG&gtm=45je42e0v878149888z8811573329za200&_p=1708358163296&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=278108075.1708358165&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358165&sct=1&seg=0&dl=https%3A%2F%2Fwww.opera.com%2Fgx%3Futm_source%3DPWNgames3%26utm_medium%3Dpa%26utm_campaign%3DPWN_GB_LVR_OOM%26utm_id%3Dfe861f9c436b4bf7af66001b14d63cd5%26edition%3Dstd-1&dt=Opera%20GX%20%7C%20Gaming%20Browser%20%7C%20Opera&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2488

msedge.exe

Remote address:

216.239.32.36:443

Request

POST /g/collect?v=2&tid=G-T18E1GTPQG&gtm=45je42e0v878149888z8811573329za200&_p=1708358163296&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=278108075.1708358165&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358165&sct=1&seg=0&dl=https%3A%2F%2Fwww.opera.com%2Fgx%3Futm_source%3DPWNgames3%26utm_medium%3Dpa%26utm_campaign%3DPWN_GB_LVR_OOM%26utm_id%3Dfe861f9c436b4bf7af66001b14d63cd5%26edition%3Dstd-1&dt=Opera%20GX%20%7C%20Gaming%20Browser%20%7C%20Opera&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2488 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.opera.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www.redditstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.redditstatic.com

IN A

Response

www.redditstatic.com

IN CNAME

dualstack.reddit.map.fastly.net

dualstack.reddit.map.fastly.net

IN A

151.101.1.140

dualstack.reddit.map.fastly.net

IN A

151.101.65.140

dualstack.reddit.map.fastly.net

IN A

151.101.129.140

dualstack.reddit.map.fastly.net

IN A

151.101.193.140
GET

https://www.redditstatic.com/ads/pixel.js

msedge.exe

Remote address:

151.101.1.140:443

Request

GET /ads/pixel.js HTTP/2.0
host: www.redditstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 15 Feb 2024 20:38:48 GMT
etag: "9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 19 Feb 2024 15:56:06 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 8702
DNS

static.hotjar.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.hotjar.com

IN A

Response

static.hotjar.com

IN CNAME

static-cdn.hotjar.com

static-cdn.hotjar.com

IN A

3.162.38.9

static-cdn.hotjar.com

IN A

3.162.38.8

static-cdn.hotjar.com

IN A

3.162.38.31

static-cdn.hotjar.com

IN A

3.162.38.26
DNS

cdn.taboola.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.taboola.com

IN A

Response

cdn.taboola.com

IN CNAME

tls13.taboola.map.fastly.net

tls13.taboola.map.fastly.net

IN A

151.101.1.44

tls13.taboola.map.fastly.net

IN A

151.101.65.44

tls13.taboola.map.fastly.net

IN A

151.101.129.44

tls13.taboola.map.fastly.net

IN A

151.101.193.44
GET

https://cdn.taboola.com/libtrc/unip/1410119/tfa.js

msedge.exe

Remote address:

151.101.1.44:443

Request

GET /libtrc/unip/1410119/tfa.js HTTP/2.0
host: cdn.taboola.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: HBPGMLjesxqxu8iaW8p0EdrBJbYqGVQdxZvUXrmWQEGo/KQRm1o58MpEX7X6TXmz6PR5Dc+w7YM=
x-amz-request-id: NGXAXG0764NYSDBE
x-amz-replication-status: PENDING
last-modified: Sun, 18 Feb 2024 11:15:15 GMT
etag: "14f77044b896cdd22ed991f53d754093"
x-amz-server-side-encryption: AES256
x-amz-version-id: rBHu3CfwB98M153ArVMeHFcIt9lfgA7C
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Mon, 19 Feb 2024 15:56:06 GMT
via: 1.1 varnish
age: 121
x-served-by: cache-lcy-eglc8600051-LCY
x-cache: HIT
x-cache-hits: 1
x-timer: S1708358167.890417,VS0,VE2
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 81
access-control-allow-origin: *
content-length: 21562
GET

https://static.hotjar.com/c/hotjar-445451.js?sv=7

msedge.exe

Remote address:

3.162.38.9:443

Request

GET /c/hotjar-445451.js?sv=7 HTTP/2.0
host: static.hotjar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Mon, 19 Feb 2024 15:55:25 GMT
cache-control: max-age=60
etag: W/3c769c7ca41056241b13912266db45d2
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c7deb8fcb33ecb1e5a3a6d85b3f06e68.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P6
x-amz-cf-id: aEPYWTwHN1ChQ544D5_I0Cw3qtOYHtHd8tio8RiAKvy8taGSzy0lEw==
age: 41
DNS

snap.licdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

snap.licdn.com

IN A

Response

snap.licdn.com

IN CNAME

od.linkedin.edgesuite.net

od.linkedin.edgesuite.net

IN CNAME

a1916.dscg2.akamai.net

a1916.dscg2.akamai.net

IN A

88.221.134.138

a1916.dscg2.akamai.net

IN A

88.221.134.88

a1916.dscg2.akamai.net

IN A

88.221.134.112

a1916.dscg2.akamai.net

IN A

88.221.135.96
GET

https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_378pcjv6_telemetry

msedge.exe

Remote address:

151.101.1.140:443

Request

GET /ads/conversions-config/v1/pixel/config/t2_378pcjv6_telemetry HTTP/2.0
host: www.redditstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.opera.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: max-age=300
content-type: application/json
content-encoding: gzip
accept-ranges: bytes
date: Mon, 19 Feb 2024 15:56:06 GMT
via: 1.1 varnish
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 98
DNS

14.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.178.250.142.in-addr.arpa

IN PTR

Response

14.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f141e100net
DNS

155.184.233.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.184.233.64.in-addr.arpa

IN PTR

Response

155.184.233.64.in-addr.arpa

IN PTR

wa-in-f1551e100net
DNS

36.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.32.239.216.in-addr.arpa

IN PTR

Response
DNS

140.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.1.101.151.in-addr.arpa

IN PTR

Response
GET

https://snap.licdn.com/li.lms-analytics/insight.min.js

msedge.exe

Remote address:

88.221.134.138:443

Request

GET /li.lms-analytics/insight.min.js HTTP/2.0
host: snap.licdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Sun, 18 Feb 2024 12:29:37 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript;charset=utf-8
content-encoding: gzip
content-length: 624
cache-control: max-age=65500
date: Mon, 19 Feb 2024 15:56:07 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-cdn: AKAM
DNS

connect.facebook.net

msedge.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.147.23
DNS

s.yimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s.yimg.com

IN A

Response

s.yimg.com

IN CNAME

edge.gycpi.b.yahoodns.net

edge.gycpi.b.yahoodns.net

IN A

87.248.114.12

edge.gycpi.b.yahoodns.net

IN A

87.248.114.11
GET

https://s.yimg.com/wi/ytc.js

msedge.exe

Remote address:

87.248.114.12:443

Request

GET /wi/ytc.js HTTP/2.0
host: s.yimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://s.yimg.com/wi/config/10176867.json

msedge.exe

Remote address:

87.248.114.12:443

Request

GET /wi/config/10176867.json HTTP/2.0
host: s.yimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.opera.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

tags.creativecdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tags.creativecdn.com

IN A

Response

tags.creativecdn.com

IN CNAME

1589314308.rsc.cdn77.org

1589314308.rsc.cdn77.org

IN A

195.181.164.17

1589314308.rsc.cdn77.org

IN A

89.187.167.5
GET

https://tags.creativecdn.com/1gnG4zGXkPW95vXqyMLu.js

msedge.exe

Remote address:

195.181.164.17:443

Request

GET /1gnG4zGXkPW95vXqyMLu.js HTTP/2.0
host: tags.creativecdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:56:07 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: ADPycdv7W2W5BMzGzMraYCRWZHKXhK0Z5Nn1qI4sA2lQCeWCZvNNiq1D0zMem1k2NHbteJIgEvC6ALQMpfvmNaWLwjYycA
cache-control: public, max-age=3600
expires: Thu, 19 Oct 2023 07:25:05 GMT
last-modified: Wed, 12 Oct 2022 07:41:11 GMT
etag: W/"7dd71e4b922b44d4a1b639cea2047fcd"
vary: Accept-Encoding
x-goog-generation: 1665560471627068
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1741
x-goog-hash: crc32c=U/iOdA==
x-goog-hash: md5=fdceS5IrRNShtjnOogR/zQ==
x-goog-storage-class: STANDARD
x-guploader-response-body-transformations: gunzipped
warning: 214 UploadServer gunzipped
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
server: CDN77-Turbo
x-77-nzt: EQwBw7WkDQH3eQYAAA
x-77-nzt-ray: d09eba0f868d99dd177ad36543a1a610
x-accel-expires: @1708360108
x-accel-date: 1708356510
x-cache: HIT
x-age: 1657
x-77-pop: londonGB
x-77-cache: HIT
x-77-age: 1657
content-encoding: gzip
DNS

ams.creativecdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ams.creativecdn.com

IN A

Response

ams.creativecdn.com

IN A

185.184.8.90
OPTIONS

https://ams.creativecdn.com/tags/v2?type=json

msedge.exe

Remote address:

185.184.8.90:443

Request

OPTIONS /tags/v2?type=json HTTP/2.0
host: ams.creativecdn.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://www.opera.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:56:07 GMT
access-control-allow-origin: https://www.opera.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-max-age: 3600
vary: Origin
access-control-allow-headers: content-type
content-length: 0
POST

https://ams.creativecdn.com/tags/v2?type=json

msedge.exe

Remote address:

185.184.8.90:443

Request

POST /tags/v2?type=json HTTP/2.0
host: ams.creativecdn.com
content-length: 256
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.opera.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 307

date: Mon, 19 Feb 2024 15:56:07 GMT
vary: Origin
access-control-allow-origin: https://www.opera.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-max-age: 3600
set-cookie: g=ohPj0yPIjOmr9Qn1spzs_1708358167535;Path=/;Domain=.creativecdn.com;Expires=Tue, 18-Feb-2025 15:56:07 GMT;Max-Age=31536000;Secure;SameSite=None
set-cookie: c=ohPj0yPIjOmr9Qn1spzs_1gnG4zGXkPW95vXqyMLu_1708358167535;Path=/;Domain=.creativecdn.com;Expires=Tue, 18-Feb-2025 15:56:07 GMT;Max-Age=31536000;Secure;SameSite=None;Partitioned
set-cookie: ts=1708358167;Path=/;Domain=.creativecdn.com;Expires=Tue, 18-Feb-2025 15:56:07 GMT;Max-Age=31536000;Secure;SameSite=None;Partitioned
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ams.creativecdn.com/tags/v2?type=json&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
date: Mon, 19 Feb 2024 15:56:07 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0
OPTIONS

https://ams.creativecdn.com/tags/v2?type=json&tc=1

msedge.exe

Remote address:

185.184.8.90:443

Request

OPTIONS /tags/v2?type=json&tc=1 HTTP/2.0
host: ams.creativecdn.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://www.opera.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 19 Feb 2024 15:56:07 GMT
access-control-allow-origin: https://www.opera.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-max-age: 3600
vary: Origin
access-control-allow-headers: content-type
content-length: 0
DNS

44.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.1.101.151.in-addr.arpa

IN PTR

Response
DNS

138.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.134.221.88.in-addr.arpa

IN PTR

Response

138.134.221.88.in-addr.arpa

IN PTR

a88-221-134-138deploystaticakamaitechnologiescom
DNS

9.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.38.162.3.in-addr.arpa

IN PTR

Response

9.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-9cdg52r cloudfrontnet
DNS

23.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.147.70.163.in-addr.arpa

IN PTR

Response

23.147.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-lhr6fbcdnnet
DNS

17.164.181.195.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.164.181.195.in-addr.arpa

IN PTR

Response

17.164.181.195.in-addr.arpa

IN PTR

263888592loncdn77com
DNS

90.8.184.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.8.184.185.in-addr.arpa

IN PTR

Response

90.8.184.185.in-addr.arpa

IN PTR

ip-185-184-8-90rtbhousenet
DNS

12.114.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.114.248.87.in-addr.arpa

IN PTR

Response

12.114.248.87.in-addr.arpa

IN PTR

e2ycpiviplobyahoocom
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR
DNS

198.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.178.17.96.in-addr.arpa

IN PTR

Response

198.178.17.96.in-addr.arpa

IN PTR

a96-17-178-198deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

cobwebzincdelicacy.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cobwebzincdelicacy.com

IN A

Response

cobwebzincdelicacy.com

IN A

172.240.108.76

cobwebzincdelicacy.com

IN A

192.243.59.12

cobwebzincdelicacy.com

IN A

192.243.61.225

cobwebzincdelicacy.com

IN A

192.243.61.227

cobwebzincdelicacy.com

IN A

172.240.108.68
DNS

cobwebzincdelicacy.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cobwebzincdelicacy.com

IN A

Response

cobwebzincdelicacy.com

IN A

172.240.108.76

cobwebzincdelicacy.com

IN A

192.243.59.12

cobwebzincdelicacy.com

IN A

192.243.61.225

cobwebzincdelicacy.com

IN A

192.243.61.227

cobwebzincdelicacy.com

IN A

172.240.108.68
GET

https://cobwebzincdelicacy.com/c4/6f/3c/c46f3cca8a7de322a2f433e4f3412421.js

msedge.exe

Remote address:

172.240.108.76:443

Request

GET /c4/6f/3c/c46f3cca8a7de322a2f433e4f3412421.js HTTP/1.1
Host: cobwebzincdelicacy.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://exego.app/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx/1.21.6
Date: Mon, 19 Feb 2024 15:57:21 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
DNS

abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com

IN A

Response

abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.204.65
DNS

rtb0.doubleverify.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rtb0.doubleverify.com

IN A

Response

rtb0.doubleverify.com

IN CNAME

bs-geo.dvgtm.akadns.net

bs-geo.dvgtm.akadns.net

IN CNAME

bs-wlb-eu.dvgtm.akadns.net

bs-wlb-eu.dvgtm.akadns.net

IN CNAME

rtbc-ew1.doubleverify.com

rtbc-ew1.doubleverify.com

IN A

130.211.44.5
GET

https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_153538009178&jsTagObjCallback=__tagObject_callback_153538009178&num=6&ctx=29615901&cmp=225320&plc=7887512&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=153538009178&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=6&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau2327a_c4ec2ahhbbad7_b5_f%602%60ba722%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=7.00&callbackName=__verify_callback_153538009178

msedge.exe

Remote address:

130.211.44.5:443

Request

GET /verify.js?flvr=0&jsCallback=__verify_callback_153538009178&jsTagObjCallback=__tagObject_callback_153538009178&num=6&ctx=29615901&cmp=225320&plc=7887512&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=153538009178&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=6&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau2327a_c4ec2ahhbbad7_b5_f%602%60ba722%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=7.00&callbackName=__verify_callback_153538009178 HTTP/1.1
Host: rtb0.doubleverify.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Mon, 19 Feb 2024 15:57:22 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 02/18/2024 15:57:22
Pragma: no-cache
Vary: Accept-Encoding
Timing-Allow-Origin: *
X-DV-Response: 1
POST

https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=69c9d9db07114936a6db4013c8219a53&vfdur=247&cbust=1708358241083439

msedge.exe

Remote address:

130.211.44.5:443

Request

POST /bsevent.gif?flvr=0&impid=69c9d9db07114936a6db4013c8219a53&vfdur=247&cbust=1708358241083439 HTTP/1.1
Host: rtbc-ew1.doubleverify.com
Connection: keep-alive
Content-Length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Date: Mon, 19 Feb 2024 15:57:22 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Expires: 2024-02-18T15:57:22
Pragma: no-cache
Cache-Control: max-age=0
DNS

76.108.240.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.108.240.172.in-addr.arpa

IN PTR

Response
DNS

76.108.240.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.108.240.172.in-addr.arpa

IN PTR

Response
DNS

cdn.ampproject.org

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

142.250.187.193
GET

https://cdn.ampproject.org/rtv/012402060239000/amp4ads-v0.js

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /rtv/012402060239000/amp4ads-v0.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-ad-exit-0.1.js

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /rtv/012402060239000/v0/amp-ad-exit-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-analytics-0.1.js

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /rtv/012402060239000/v0/amp-analytics-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-fit-text-0.1.js

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /rtv/012402060239000/v0/amp-fit-text-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-form-0.1.js

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /rtv/012402060239000/v0/amp-form-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://exego.app/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

193.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.187.250.142.in-addr.arpa

IN PTR

Response

193.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f11e100net
DNS

mega.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

mega.nz

IN A

Response

mega.nz

IN A

31.216.144.5

mega.nz

IN A

31.216.145.5
GET

https://mega.nz/file/R5Z30JAa

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /file/R5Z30JAa HTTP/1.1
Host: mega.nz
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Referer: https://exego.app/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
Content-Length: 909
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Robots-Tag: noindex
Set-Cookie: geoip=RO
Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
Connection: Keep-Alive
GET

https://mega.nz/secureboot.js?r=1707957972

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /secureboot.js?r=1707957972 HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 61212
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/loading-sprite_v4.png

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /loading-sprite_v4.png HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 3414
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
GET

https://mega.nz/favicon.ico?v=3

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /favicon.ico?v=3 HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon
Content-Length: 1029
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/android-chrome-144x144.png

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /android-chrome-144x144.png HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 7057
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
GET

https://mega.nz/sw.js?v=1

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /sw.js?v=1 HTTP/1.1
Host: mega.nz
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Service-Worker: script
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: serviceworker
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 1208
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/decrypter.js

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /decrypter.js HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: worker
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 817
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/aesasm.js

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /aesasm.js HTTP/1.1
Host: mega.nz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://mega.nz/decrypter.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 17915
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
GET

https://mega.nz/manifest.json

msedge.exe

Remote address:

31.216.144.5:443

Request

GET /manifest.json HTTP/1.1
Host: mega.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: manifest
Referer: https://mega.nz/file/R5Z30JAa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Content-Length: 275
Cache-Control: max-age=8640000
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Content-Encoding: gzip
DNS

eu.static.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

eu.static.mega.co.nz

IN A

Response

eu.static.mega.co.nz

IN A

66.203.127.11

eu.static.mega.co.nz

IN A

89.44.169.132

eu.static.mega.co.nz

IN A

66.203.124.37

eu.static.mega.co.nz

IN A

66.203.127.13
DNS

5.144.216.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.144.216.31.in-addr.arpa

IN PTR

Response

5.144.216.31.in-addr.arpa

IN PTR

31-216-144-5ipdcluxcom
GET

https://eu.static.mega.co.nz/4/lang/en_c501d4baafc090d02ada944b431b23a4fde68349378e0d30ae1d11cf6212c014.json

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/lang/en_c501d4baafc090d02ada944b431b23a4fde68349378e0d30ae1d11cf6212c014.json HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:44 GMT
content-type: application/json
content-length: 95467
last-modified: Thu, 15 Feb 2024 02:39:13 GMT
vary: Accept-Encoding
etag: "65cd7951-174eb"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-1_c50e3dcd069699707a529effaf74c51009f25d8bcd430a1b009705c1604335ac.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-1_c50e3dcd069699707a529effaf74c51009f25d8bcd430a1b009705c1604335ac.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:44 GMT
content-type: application/javascript
content-length: 115421
last-modified: Thu, 15 Feb 2024 02:39:17 GMT
vary: Accept-Encoding
etag: "65cd7955-1c2dd"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-2_f781e629660d8cb1fb4cfeea91f46c4ccda5789d46b730565018aa0a0d66c82e.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-2_f781e629660d8cb1fb4cfeea91f46c4ccda5789d46b730565018aa0a0d66c82e.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 111739
last-modified: Thu, 15 Feb 2024 02:39:17 GMT
vary: Accept-Encoding
etag: "65cd7955-1b47b"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-3_83a86e908bc2a5af599550746ae626004df4567c7e3fb8d57f8ab12198311b7a.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-3_83a86e908bc2a5af599550746ae626004df4567c7e3fb8d57f8ab12198311b7a.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 113794
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-1bc82"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-4_5e85c46acd4c60f3786b9b5c8ba04379a35d0dae33f9764d2b989ed17b06006a.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-4_5e85c46acd4c60f3786b9b5c8ba04379a35d0dae33f9764d2b989ed17b06006a.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 112043
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-1b5ab"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-5_a5eb6f39cbac22a08205f410b1f6fa5ea0d06451ded24afff2a29de1245e6525.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-5_a5eb6f39cbac22a08205f410b1f6fa5ea0d06451ded24afff2a29de1245e6525.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 105821
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-19d5d"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-6_43a325a480602fa429366c9dec15dde729a796851e896d5b338ce418610b778e.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-6_43a325a480602fa429366c9dec15dde729a796851e896d5b338ce418610b778e.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 116553
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-1c749"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-7_f108a81dc17316496db33bebe94e762306db29181280c14e29a3348a5e216ece.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-7_f108a81dc17316496db33bebe94e762306db29181280c14e29a3348a5e216ece.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 86598
last-modified: Thu, 15 Feb 2024 02:39:17 GMT
vary: Accept-Encoding
etag: "65cd7955-15246"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-1_eee99e860d5f13b39c098c34b82b145f3e93ab4ef4cb05085e06bccf84cfe59f.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-1_eee99e860d5f13b39c098c34b82b145f3e93ab4ef4cb05085e06bccf84cfe59f.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/css
content-length: 77200
last-modified: Thu, 15 Feb 2024 02:39:21 GMT
vary: Accept-Encoding
etag: "65cd7959-12d90"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/html/templates_7a2adebac8a71314834b5d549a24399168e19bb41a67f5b00f731affa00eeaf2.json

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/html/templates_7a2adebac8a71314834b5d549a24399168e19bb41a67f5b00f731affa00eeaf2.json HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/json
content-length: 106941
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-1a1bd"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-8_b78d688c09f3c3f25cff3ed01c3dd0ab3e7b2b94daffc1e371fc1a6b3d26f073.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-8_b78d688c09f3c3f25cff3ed01c3dd0ab3e7b2b94daffc1e371fc1a6b3d26f073.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 84647
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-14aa7"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/bottom-pages-animations.css-postbuild_47f7d58d40f84e7fa878532d05a625c2b9700c9300276decec0cbc374c0a5644.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/bottom-pages-animations.css-postbuild_47f7d58d40f84e7fa878532d05a625c2b9700c9300276decec0cbc374c0a5644.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/css
content-length: 1485
last-modified: Thu, 15 Feb 2024 02:39:21 GMT
vary: Accept-Encoding
etag: "65cd7959-5cd"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-9_ff5a55c19e4b3cf287556d95131f98983e6fd46e395d63ff61ec0b4bc8b1c461.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-9_ff5a55c19e4b3cf287556d95131f98983e6fd46e395d63ff61ec0b4bc8b1c461.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 120511
last-modified: Thu, 15 Feb 2024 02:39:17 GMT
vary: Accept-Encoding
etag: "65cd7955-1d6bf"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-2_ba99001dc1bc99c75f4dd30d1b63b36c1c5584ae06346a22674d61fd63387596.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-2_ba99001dc1bc99c75f4dd30d1b63b36c1c5584ae06346a22674d61fd63387596.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/css
content-length: 27250
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-6a72"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-10_3e0343ad5674edde09c78c7d3e08abdefc74166ad4c6c04914bef1c881e27f5c.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-10_3e0343ad5674edde09c78c7d3e08abdefc74166ad4c6c04914bef1c881e27f5c.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 102989
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-1924d"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-11_179782de516cf96401b843f2a8ff1dd09475b50a13daf1b59b36013bda2d63ad.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-11_179782de516cf96401b843f2a8ff1dd09475b50a13daf1b59b36013bda2d63ad.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 62332
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-f37c"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-3_41e2e309277e57073fb6e4df2e62d034e2390dd2762dc194a8e3d5c61fd1dc2a.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-3_41e2e309277e57073fb6e4df2e62d034e2390dd2762dc194a8e3d5c61fd1dc2a.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/css
content-length: 123249
last-modified: Thu, 15 Feb 2024 02:39:21 GMT
vary: Accept-Encoding
etag: "65cd7959-1e171"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-12_4a49fd10b4f147f6c5eb87933c9129da84aab3d6c3d8549eb76d790bf174eee3.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-12_4a49fd10b4f147f6c5eb87933c9129da84aab3d6c3d8549eb76d790bf174eee3.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 102643
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-190f3"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-13_a9e02f07a133445ba0dc2960cf438cf5fbd65c14d3fcb0dd627b1a21cc92ab61.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-13_a9e02f07a133445ba0dc2960cf438cf5fbd65c14d3fcb0dd627b1a21cc92ab61.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 86608
last-modified: Thu, 15 Feb 2024 02:39:17 GMT
vary: Accept-Encoding
etag: "65cd7955-15250"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-14_fd345aa6c0c6d8de19f225bb86d2325a750ee58e1a9b82dc0b0094fe4430d186.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-14_fd345aa6c0c6d8de19f225bb86d2325a750ee58e1a9b82dc0b0094fe4430d186.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 81734
last-modified: Thu, 15 Feb 2024 02:39:17 GMT
vary: Accept-Encoding
etag: "65cd7955-13f46"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-4_66d99c0587154d017d3d6f10a9912b24c92944cb2df2322cb7592a32c8801527.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-4_66d99c0587154d017d3d6f10a9912b24c92944cb2df2322cb7592a32c8801527.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/css
content-length: 39888
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-9bd0"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-15_7351caccb12c5c5be2c609bebd954a8358d152ad8f4987f81dda5292e3c148eb.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-15_7351caccb12c5c5be2c609bebd954a8358d152ad8f4987f81dda5292e3c148eb.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 119268
last-modified: Thu, 15 Feb 2024 02:39:18 GMT
vary: Accept-Encoding
etag: "65cd7956-1d1e4"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/mega-16_ba61ee809c68e46113a1c69a6af08d6fd214863c9acdc41151262b41a5370388.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/mega-16_ba61ee809c68e46113a1c69a6af08d6fd214863c9acdc41151262b41a5370388.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 66925
last-modified: Thu, 15 Feb 2024 02:39:19 GMT
vary: Accept-Encoding
etag: "65cd7957-1056d"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/css/mega-7_289d5da5a0346475062230668e174896960dd23b9ec5a144400c37e66e07a71e.css

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/css/mega-7_289d5da5a0346475062230668e174896960dd23b9ec5a144400c37e66e07a71e.css HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/css
content-length: 9390
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-24ae"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 49762
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-c262"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/html/download.html-postbuild_39a68dc795f6c634d669c0a954f0d4ab38d7ad3cc58ebce9d0fec9c89aba9e71.html

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/html/download.html-postbuild_39a68dc795f6c634d669c0a954f0d4ab38d7ad3cc58ebce9d0fec9c89aba9e71.html HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: text/html
content-length: 2415
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-96f"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/html/js/download_ed9dc57f008d4cb04416885987187605ffe7a269d739192dc5c0efbe0f6ea52e.js

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/html/js/download_ed9dc57f008d4cb04416885987187605ffe7a269d739192dc5c0efbe0f6ea52e.js HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://mega.nz
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:45 GMT
content-type: application/javascript
content-length: 8157
last-modified: Thu, 15 Feb 2024 02:39:20 GMT
vary: Accept-Encoding
etag: "65cd7958-1fdd"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-mono.7f20799585227921.woff2?t=1705956699888

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/sprites-fm-mono.7f20799585227921.woff2?t=1705956699888 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: font/woff2
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
vary: Accept-Encoding
etag: W/"65cd5f84-f4f8"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/fonts/Lato-Regular.woff2?v=6343dd45044b0726

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/fonts/Lato-Regular.woff2?v=6343dd45044b0726 HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: font/woff2
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
vary: Accept-Encoding
etag: W/"65cd5f84-2c9b4"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/fonts/Lato-Semibold.woff2?v=7194963095272d0e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: font/woff2
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
vary: Accept-Encoding
etag: W/"65cd5f84-2cf0c"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
GET

https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://mega.nz
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: font/woff2
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
vary: Accept-Encoding
etag: W/"65cd5f84-16014"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: gzip
DNS

g.api.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

g.api.mega.co.nz

IN A

Response

g.api.mega.co.nz

IN CNAME

lu.api.mega.co.nz

lu.api.mega.co.nz

IN A

66.203.125.12

lu.api.mega.co.nz

IN A

66.203.125.14

lu.api.mega.co.nz

IN A

66.203.125.16

lu.api.mega.co.nz

IN A

66.203.125.15

lu.api.mega.co.nz

IN A

66.203.125.13

lu.api.mega.co.nz

IN A

66.203.125.11
POST

https://g.api.mega.co.nz/cs?id=0

msedge.exe

Remote address:

66.203.125.12:443

Request

POST /cs?id=0 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 13
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 99
Content-Length: 99
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=0

msedge.exe

Remote address:

66.203.125.12:443

Request

POST /cs?id=0 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 33
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 147
Content-Length: 147
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=58810126&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.12:443

Request

POST /cs?id=58810126&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 20
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 4
Content-Length: 4
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=58810127&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.12:443

Request

POST /cs?id=58810127&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 13
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 3
Content-Length: 3
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=58810128&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.12:443

Request

POST /cs?id=58810128&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 43
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 3
Content-Length: 3
Connection: keep-alive
POST

https://g.api.mega.co.nz/cs?id=58810129&v=3&lang=en&domain=meganz&bb=3

msedge.exe

Remote address:

66.203.125.12:443

Request

POST /cs?id=58810129&v=3&lang=en&domain=meganz&bb=3 HTTP/1.1
Host: g.api.mega.co.nz
Connection: keep-alive
Content-Length: 46
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, MEGA-Chrome-Antileak
Access-Control-Expose-Headers: Original-Content-Length
Access-Control-Max-Age: 86400
Cache-Control: no-store
Original-Content-Length: 1407
Content-Encoding: gzip
Content-Length: 940
Connection: keep-alive
DNS

11.127.203.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.127.203.66.in-addr.arpa

IN PTR

Response
DNS

12.125.203.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.125.203.66.in-addr.arpa

IN PTR

Response

12.125.203.66.in-addr.arpa

IN PTR

bt2apimegaconz
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-illustration-sprite-wide.e397e234dc118de4.svg

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/sprites-fm-illustration-sprite-wide.e397e234dc118de4.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: image/svg+xml
content-length: 22186
last-modified: Thu, 15 Feb 2024 02:39:15 GMT
vary: Accept-Encoding
etag: "65cd7953-56aa"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/imagery/mega-download-dialog.cf6daa0027e27782.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-download-dialog.cf6daa0027e27782.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: image/png
content-length: 70369
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
etag: "65cd5f84-112e1"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/mega-files-icons.d0eb3dca90ed2246.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-files-icons.d0eb3dca90ed2246.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: image/png
content-length: 109786
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
etag: "65cd5f84-1acda"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/mobile-button-loader-green.b175f7d362d2b4af.gif

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mobile-button-loader-green.b175f7d362d2b4af.gif HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mega.nz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: image/gif
content-length: 8787
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
etag: "65cd5f84-2253"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/sprites-fm-uni-uni.13e2c92f21f9ba07.svg

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/sprites-fm-uni-uni.13e2c92f21f9ba07.svg HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: image/svg+xml
content-length: 78164
last-modified: Thu, 15 Feb 2024 02:39:15 GMT
vary: Accept-Encoding
etag: "65cd7953-13154"
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
GET

https://eu.static.mega.co.nz/4/imagery/mega-dialog-sprite.57a6bd1346996955.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-dialog-sprite.57a6bd1346996955.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:46 GMT
content-type: image/png
content-length: 30699
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
etag: "65cd5f84-77eb"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
GET

https://eu.static.mega.co.nz/4/imagery/mega-icons-sprite.48528e60724d858e.png

msedge.exe

Remote address:

66.203.127.11:443

Request

GET /4/imagery/mega-icons-sprite.48528e60724d858e.png HTTP/2.0
host: eu.static.mega.co.nz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 19 Feb 2024 15:57:49 GMT
content-type: image/png
content-length: 118009
last-modified: Thu, 15 Feb 2024 00:49:08 GMT
etag: "65cd5f84-1ccf9"
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
accept-ranges: bytes
DNS

gfs302n105.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs302n105.userstorage.mega.co.nz

IN A

Response

gfs302n105.userstorage.mega.co.nz

IN A

162.208.16.15
DNS

gfs270n356.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs270n356.userstorage.mega.co.nz

IN A

Response

gfs270n356.userstorage.mega.co.nz

IN A

89.44.168.66
DNS

gfs208n105.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs208n105.userstorage.mega.co.nz

IN A

Response

gfs208n105.userstorage.mega.co.nz

IN A

185.206.26.15
DNS

gfs214n105.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs214n105.userstorage.mega.co.nz

IN A

Response

gfs214n105.userstorage.mega.co.nz

IN A

185.206.27.15
DNS

gfs204n115.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs204n115.userstorage.mega.co.nz

IN A

Response

gfs204n115.userstorage.mega.co.nz

IN A

185.206.24.17
DNS

gfs206n195.userstorage.mega.co.nz

msedge.exe

Remote address:

8.8.8.8:53

Request

gfs206n195.userstorage.mega.co.nz

IN A

Response

gfs206n195.userstorage.mega.co.nz

IN A

94.24.37.105
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/26208-78655

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/26208-78655 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 52448
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/550496-734015

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/550496-734015 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 183520
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/7235168-9332335

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/7235168-9332335 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/15623776-17339087

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/15623776-17339087 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 1715312
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/78640-157295

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/78640-157295 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 78656
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/262144-393215

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/262144-393215 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 131072
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/943712-3040879

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/943712-3040879 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/11429472-13526639

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/11429472-13526639 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/0-26223

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/0-26223 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 26224
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/734000-943727

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/734000-943727 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 209728
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/5138016-7235183

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/5138016-7235183 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/157280-262143

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/157280-262143 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 104864
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/393216-550511

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/393216-550511 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 157296
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/3040864-5138031

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/3040864-5138031 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/9332320-11429487

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/9332320-11429487 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/13526624-15623791

msedge.exe

Remote address:

162.208.16.15:443

Request

GET /dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/13526624-15623791 HTTP/1.1
Host: gfs302n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/78640-157295

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/78640-157295 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 78656
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/393216-550511

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/393216-550511 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 157296
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/3040864-5138031

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/3040864-5138031 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/9332320-11429487

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/9332320-11429487 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/13526624-15623791

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/13526624-15623791 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/0-26223

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/0-26223 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 26224
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/734000-943727

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/734000-943727 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 209728
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/7235168-9332335

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/7235168-9332335 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/15623776-17339100

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/15623776-17339100 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 1715325
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/26208-78655

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/26208-78655 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 52448
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/550496-734015

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/550496-734015 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 183520
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/5138016-7235183

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/5138016-7235183 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/157280-262143

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/157280-262143 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 104864
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/262144-393215

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/262144-393215 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 131072
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/943712-3040879

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/943712-3040879 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/11429472-13526639

msedge.exe

Remote address:

185.206.24.17:443

Request

GET /dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/11429472-13526639 HTTP/1.1
Host: gfs204n115.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/26208-78655

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/26208-78655 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 52448
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/550496-734015

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/550496-734015 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 183520
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/7235168-9332335

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/7235168-9332335 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/15623776-17339103

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/15623776-17339103 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 1715328
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/0-26223

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/0-26223 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 26224
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/734000-943727

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/734000-943727 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 209728
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/5138016-7235183

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/5138016-7235183 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/78640-157295

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/78640-157295 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 78656
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/393216-550511

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/393216-550511 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 157296
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/3040864-5138031

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/3040864-5138031 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/9332320-11429487

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/9332320-11429487 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/13526624-15623791

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/13526624-15623791 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/157280-262143

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/157280-262143 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 104864
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/262144-393215

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/262144-393215 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 131072
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/943712-3040879

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/943712-3040879 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/11429472-13526639

msedge.exe

Remote address:

94.24.37.105:443

Request

GET /dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/11429472-13526639 HTTP/1.1
Host: gfs206n195.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/0-26223

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/0-26223 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 26224
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/262144-393215

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/262144-393215 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 131072
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/3040864-5138031

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/3040864-5138031 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/9332320-11429487

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/9332320-11429487 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/13526624-15623791

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/13526624-15623791 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/26208-78655

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/26208-78655 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 52448
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/393216-550511

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/393216-550511 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 157296
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/943712-3040879

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/943712-3040879 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/11429472-13526639

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/11429472-13526639 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/157280-262143

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/157280-262143 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 104864
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/734000-943727

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/734000-943727 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 209728
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/5138016-7235183

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/5138016-7235183 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/15623776-17339103

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/15623776-17339103 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 1715328
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/78640-157295

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/78640-157295 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 78656
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/550496-734015

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/550496-734015 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 183520
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/7235168-9332335

msedge.exe

Remote address:

89.44.168.66:443

Request

GET /dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/7235168-9332335 HTTP/1.1
Host: gfs270n356.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/0-26223

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/0-26223 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 26224
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/734000-943727

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/734000-943727 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 209728
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/943712-3040879

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/943712-3040879 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/11429472-13526639

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/11429472-13526639 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/157280-262143

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/157280-262143 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 104864
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/262144-393215

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/262144-393215 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 131072
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/5138016-7235183

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/5138016-7235183 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/15623776-17339103

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/15623776-17339103 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 1715328
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/26208-78655

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/26208-78655 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 52448
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/550496-734015

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/550496-734015 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 183520
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/3040864-5138031

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/3040864-5138031 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/9332320-11429487

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/9332320-11429487 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/13526624-15623791

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/13526624-15623791 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/78640-157295

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/78640-157295 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 78656
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/393216-550511

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/393216-550511 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 157296
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/7235168-9332335

msedge.exe

Remote address:

185.206.27.15:443

Request

GET /dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/7235168-9332335 HTTP/1.1
Host: gfs214n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 2097168
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/157280-262143

msedge.exe

Remote address:

185.206.26.15:443

Request

GET /dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/157280-262143 HTTP/1.1
Host: gfs208n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 104864
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/78640-157295

msedge.exe

Remote address:

185.206.26.15:443

Request

GET /dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/78640-157295 HTTP/1.1
Host: gfs208n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 78656
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/0-26223

msedge.exe

Remote address:

185.206.26.15:443

Request

GET /dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/0-26223 HTTP/1.1
Host: gfs208n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 26224
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
GET

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/26208-78655

msedge.exe

Remote address:

185.206.26.15:443

Request

GET /dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/26208-78655 HTTP/1.1
Host: gfs208n105.userstorage.mega.co.nz
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: https://mega.nz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mega.nz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 52448
Content-Type: application/octet-stream
Content-Disposition: attachment
Cache-Control: private
Content-Transfer-Encoding: binary
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Cache-Control: no-store
DNS

17.24.206.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.24.206.185.in-addr.arpa

IN PTR

Response
DNS

105.37.24.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.37.24.94.in-addr.arpa

IN PTR

Response
DNS

105.37.24.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.37.24.94.in-addr.arpa

IN PTR
DNS

15.26.206.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.26.206.185.in-addr.arpa

IN PTR

Response
DNS

66.168.44.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.168.44.89.in-addr.arpa

IN PTR

Response

66.168.44.89.in-addr.arpa

IN PTR

89-44-168-66ipdcluxcom
DNS

15.16.208.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.16.208.162.in-addr.arpa

IN PTR

Response
DNS

15.16.208.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.16.208.162.in-addr.arpa

IN PTR
DNS

208.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.143.182.52.in-addr.arpa

IN PTR

Response

104.26.15.117:443

https://exego.app/go/nlwWO

tls, http2

msedge.exe

27.3kB
96.3kB
90
122

HTTP Request

GET https://exego.app/nlwWO

HTTP Response

200

HTTP Request

HEAD https://exego.app/nlwWO

HTTP Response

200

HTTP Request

GET https://exego.app/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://exego.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js

HTTP Response

200

HTTP Request

POST https://exego.app/cdn-cgi/challenge-platform/h/b/jsd/r/857fb2015d29dd7b

HTTP Response

200

HTTP Request

POST https://exego.app/nlwWO

HTTP Response

200

HTTP Request

POST https://exego.app/nlwWO

HTTP Response

200

HTTP Request

POST https://exego.app/go/nlwWO

HTTP Response

302
23.109.170.0:443

https://arglingpistole.com/1clkn/60028

tls, http

msedge.exe

3.0kB
6.1kB
13
11

HTTP Request

GET https://arglingpistole.com/1clkn/60028

HTTP Response

200
104.16.134.22:443

https://live.demand.supply/up.js

tls, http2

msedge.exe

2.5kB
9.5kB
26
28

HTTP Request

GET https://live.demand.supply/up.js

HTTP Response

403

HTTP Request

GET https://live.demand.supply/up.js

HTTP Response

403

HTTP Request

GET https://live.demand.supply/up.js

HTTP Response

403
142.250.178.4:443

https://www.google.com/recaptcha/api.js

tls, http2

msedge.exe

1.8kB
7.5kB
16
17

HTTP Request

GET https://www.google.com/recaptcha/api.js
142.250.179.226:443

https://www.googletagservices.com/dcm/dcmads.js

tls, http2

msedge.exe

7.8kB
191.4kB
122
155

HTTP Request

GET https://securepubads.g.doubleclick.net/tag/js/gpt.js

HTTP Request

GET https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402150101/pubads_impl.js?cb=31081246

HTTP Request

GET https://www.googletagservices.com/dcm/dcmads.js
172.67.139.32:443

cdn.cuty.io

tls, http2

msedge.exe

989 B
5.1kB
9
8
172.67.139.32:443

https://cdn.cuty.io/js/public/links/last.js?id=a134a4eacdff5c446f812be003f81083

tls, http2

msedge.exe

36.1kB
1.1MB
630
805

HTTP Request

GET https://cdn.cuty.io/css/public.css?id=a66d1b3f490ee5b9c79bc9f7135b2531

HTTP Request

GET https://cdn.cuty.io/images/shared/logo.svg

HTTP Request

GET https://cdn.cuty.io/images/shared/locale-en.png

HTTP Request

GET https://cdn.cuty.io/images/shared/arrow-down.svg

HTTP Request

GET https://cdn.cuty.io/images/shared/locale-es.png

HTTP Request

GET https://cdn.cuty.io/images/shared/locale-ar.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.cuty.io/js/layouts/base.js?id=c0d86b5cf94285825c0fac448a45514b

HTTP Response

200

HTTP Request

GET https://cdn.cuty.io/images/shared/locale-fr.png

HTTP Request

GET https://cdn.cuty.io/images/shared/burger.svg

HTTP Request

GET https://cdn.cuty.io/images/shared/x.svg

HTTP Request

GET https://cdn.cuty.io/images/shared/facebook-icon.png

HTTP Request

GET https://cdn.cuty.io/images/shared/twitter-icon.png

HTTP Request

GET https://cdn.cuty.io/images/shared/linkedin-icon.png

HTTP Request

GET https://cdn.cuty.io/images/public/step-1.svg

HTTP Request

GET https://cdn.cuty.io/images/public/step-2.svg

HTTP Request

GET https://cdn.cuty.io/images/public/step-3.svg

HTTP Request

GET https://cdn.cuty.io/images/public/money-tree.png

HTTP Request

GET https://cdn.cuty.io/images/public/bitcoin.png

HTTP Request

GET https://cdn.cuty.io/images/public/payeer.png

HTTP Request

GET https://cdn.cuty.io/images/public/paypal.png

HTTP Request

GET https://cdn.cuty.io/images/public/perfectMoney.png

HTTP Request

GET https://cdn.cuty.io/images/public/advcash.png

HTTP Request

GET https://cdn.cuty.io/images/public/airtm.png

HTTP Request

GET https://cdn.cuty.io/images/public/usdt.png

HTTP Request

GET https://cdn.cuty.io/js/public/links/first.js?id=f4f40786c2f5a4811aab233657310538

HTTP Request

GET https://cdn.cuty.io/js/public/layouts/_partials/nav-links.js?id=c574008a4f65b56db91ee9ebcec8bc7f

HTTP Request

GET https://cdn.cuty.io/js/public/layouts/app.js?id=413725349eaa53956714377fb2a85476

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.cuty.io/images/public/heading-background.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.cuty.io/images/shared/favicon.ico

HTTP Response

200

HTTP Request

GET https://cdn.cuty.io/js/public/links/captcha.js?id=1d91e9f85ef6106056e74752e62e6eaa

HTTP Response

200

HTTP Request

GET https://cdn.cuty.io/js/public/links/last.js?id=a134a4eacdff5c446f812be003f81083

HTTP Response

200
172.67.139.32:443

cdn.cuty.io

tls, http2

msedge.exe

989 B
5.1kB
9
8
172.67.139.32:443

cdn.cuty.io

tls, http2

msedge.exe

989 B
5.1kB
9
8
172.67.139.32:443

cdn.cuty.io

tls, http2

msedge.exe

989 B
5.1kB
9
8
172.67.139.32:443

cdn.cuty.io

tls

msedge.exe

885 B
4.5kB
8
6
96.17.179.184:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
139.45.197.239:443

https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&af=1

tls, http2

msedge.exe

9.2kB
44.8kB
45
48

HTTP Request

GET https://glersakr.com/5/6966799/?oo=1&aab=1

HTTP Request

GET https://glersakr.com/tag.min.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&m=link

HTTP Response

200

HTTP Request

POST https://glersakr.com/cat.php?userId=008007a0b2424049e48148b9306bbc3a&zoneid=6966799&rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j

HTTP Response

200

HTTP Request

GET https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&m=link

HTTP Response

200

HTTP Request

GET https://glersakr.com/?rb=NEGVxR2IYArrqmWkCnwI88Ly7mFgmtVwTCGjiDofkhsMTaUVG83u3UiQABav0QU9RqSzFagPEdbPB2IogT1RyXvMtJWehkEi4_hb0zLokwTO6K7NzyQ7rN6kKkXIDHZnB2xKgWBsHXSan5h5ImGIZdQy3DQT5YmFOa6q_3hgVwnSLBJC_Dxk6g8lRa1ppuYc1ZW17fBi1krUI17LVdbOjM26AO39dptxgse7Pt0yl08dhKawomoFuC_BQg8kxEkHIJQo-43vzXVusYomUGvL4bBLP8DNAKLonoIWrafuPAmyJHXZh5YKGH9d3ENgXFNTciPF1_T59oZnTv_j&request_ab2=0&zoneid=6966799&js_build=iclick-v1.694.0&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1263&wih=609&wiw=1280&wfc=3&pl=https%3A%2F%2Fexego.app%2FnlwWO&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.19041.546)&js_build=iclick-v1.694.0&navlng=en-US&pnt=0&pnrc=0&bs=8051033a-0c0d-49d6-ba19-45ac78b2a0c7&userId=008007a0b2424049e48148b9306bbc3a&os=windows&os_version=10.0&browser_version=92.0.902.67&af=1

HTTP Response

200
139.45.197.239:443

glersakr.com

tls

msedge.exe

1.1kB
5.0kB
9
9
139.45.197.240:443

propeller-tracking.com

tls, http2

msedge.exe

1.2kB
5.4kB
12
14
212.117.190.201:443

sr7pv7n5x.com

tls, http2

msedge.exe

1.2kB
4.5kB
13
12
139.45.195.8:443

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473481261256721&var=6966799

tls, http2

msedge.exe

2.5kB
8.5kB
21
20

HTTP Request

GET https://my.rtmark.net/gid.js?userId=008007a0b2424049e48148b9306bbc3a

HTTP Response

200

HTTP Request

GET https://my.rtmark.net/gid.js?userId=3eb58d3cffc186a0c1fd66c22c32cdc1

HTTP Response

200

HTTP Request

GET https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473434150834707&var=6966799

HTTP Response

200

HTTP Request

GET https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=783473481261256721&var=6966799

HTTP Response

200
172.217.16.238:443

https://fundingchoicesmessages.google.com/i/339263271?ers=3

tls, http2

msedge.exe

3.0kB
75.3kB
42
64

HTTP Request

GET https://fundingchoicesmessages.google.com/i/339263271?ers=3
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-GGDCMPL4QP&gtm=45je42e0v869225560za200&_p=1708358139418&gcd=13l3l3l3l1&npa=0&dma=0&cid=740424307.1708358140&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358139&sct=1&seg=0&dl=https%3A%2F%2Fexego.app%2FnlwWO&dt=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2105

tls, http2

msedge.exe

2.1kB
7.1kB
15
15

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-GGDCMPL4QP&gtm=45je42e0v869225560za200&_p=1708358139418&gcd=13l3l3l3l1&npa=0&dma=0&cid=740424307.1708358140&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358139&sct=1&seg=0&dl=https%3A%2F%2Fexego.app%2FnlwWO&dt=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2105
216.58.201.97:443

https://lh3.googleusercontent.com/tndHyatuJbmTJ0i1gxyG5r2Xy1mDwK-cZUkN8E3FMrZe40ySlgfn-JOsQzxl3fwBGf92szr9BwgYmuIKwzradwzZ5f9Daez99PWtfzSCv13VK_NMl3SkIw=h60

tls, http2

msedge.exe

2.1kB
16.6kB
20
22

HTTP Request

GET https://lh3.googleusercontent.com/tndHyatuJbmTJ0i1gxyG5r2Xy1mDwK-cZUkN8E3FMrZe40ySlgfn-JOsQzxl3fwBGf92szr9BwgYmuIKwzradwzZ5f9Daez99PWtfzSCv13VK_NMl3SkIw=h60
172.64.132.4:443

yourfreshjournal.com

tls, http2

msedge.exe

1.6kB
5.2kB
12
10
172.64.132.4:443

https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

tls, http2

msedge.exe

8.2kB
76.4kB
66
97

HTTP Request

GET https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=783473434150834707&var=6966799&sw=/sw-check-permissions/4662709&uhd=1

HTTP Request

POST https://yourfreshjournal.com/?s=783473434150834707&ssk=3f83115850e5c43a6c4698feb5763987&svar=1708358141&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0&mprtr=1&os_version=10.0

HTTP Request

GET https://yourfreshjournal.com/19/4662728/?abt_opts=1&var=6966799&var3=783473434150834707&ymid=&rhd=1&os=windows&os_version=10.0

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/sw-check-permissions/4662709?var=6966799&ymid=783473434150834707&uhd=1&zoneId=4662709

HTTP Request

POST https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473434150834707&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=114a4dd2-69d4-47c0-85aa-0a946106c08d&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/favicon.ico

HTTP Response

204

HTTP Request

GET https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473434150834707&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=114a4dd2-69d4-47c0-85aa-0a946106c08d&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/pfe/current/micro.tag.min.js?z=4662709&ymid=783473481261256721&var=6966799&sw=/sw-check-permissions/4662709&uhd=1

HTTP Request

POST https://yourfreshjournal.com/?s=783473481261256721&ssk=5b14010e70707f8b40162eefcffae4d3&svar=1708358152&z=6966799&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=UTC&bto=0&mprtr=1&os_version=10.0

HTTP Request

GET https://yourfreshjournal.com/19/4662728/?abt_opts=1&var=6966799&var3=783473481261256721&ymid=&rhd=1&os=windows&os_version=10.0

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/rhd?rb=aXYD2wvsEAX0KjNnK9N7eJwAQ8fT8E3d39ORFHZSQk74totmA4xGFwMfSiTF7YztfHHeVsQ3kkeKrUJP7Xh9kBeuTDeCkfr1oD64o1EkiPH4i0vF6yy1gbFuXpdiYYk7GesiQ76vRAgkTQw7z9ZcmV4Qm43-xzQdiPoI_BW9MALs95ASlKyjfUV-tRb0rYdR6I7hDEvnTrMRl84tnmZB_1VHSX58pSFQD7EQV9Nf1b2XNNjVdPk9GhQufkCl-6qUpfh3O2-zsJ-nQ5co4dCYasfR2aHU2w5VB_h_0hSCYHIBn7pPoL7c5ZBaswTphrMFz-hwzzKdfZiwqcX7719w9_jgV3g_O7XRf18nBzgKnhjBMQEdvSL_aTFyAXlASzlZOhSYZlTW7qUR0y5T_cB1Wl-yAEHaAur1QlxD_4-RIVk2KuB7m_CXS7rHVRzHc4Il0p9YtimnBJXMwn5mWqlKkYWx_utdkm6J_VFxCnGQWLbYldt-7J3m0IUEDz66mDCB8GsAfmJ4Zb3Vtta_5YE_LARYvV5JyIWpzMRdRIdRaOpAHhBegkkoNOvSpdo%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1280&wih=609&wiw=1280&wfc=0&pl=https%3A%2F%2Fyourfreshjournal.com%2F%3Fs%3D783473481261256721%26ssk%3D5b14010e70707f8b40162eefcffae4d3%26svar%3D1708358152%26z%3D6966799%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3DUTC%26bto%3D0&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6966799&var3=783473481261256721&ymid=&rhd=1&os=windows&os_version=10.0&m=link

HTTP Request

GET https://yourfreshjournal.com/sw-check-permissions/4662709?var=6966799&ymid=783473481261256721&uhd=1&zoneId=4662709

HTTP Request

POST https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://yourfreshjournal.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=yourfreshjournal.com&var=6966799&ymid=783473481261256721&var_3=&var_4=&dsig=&tg=1&sw=3.1.485&trace_id=6a9b7176-c161-425b-9735-71bc4ed5bb1e&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

HTTP Response

200
172.67.193.52:443

https://tzegilo.com/stattag.js

tls, http2

msedge.exe

2.6kB
14.0kB
22
24

HTTP Request

GET https://tzegilo.com/stattag.js

HTTP Response

200
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.5kB
5.6kB
10
6
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.5kB
5.6kB
10
6
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.4kB
4.2kB
9
5
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.4kB
4.2kB
9
5
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.4kB
4.2kB
9
5
139.45.197.251:443

https://jouteetu.net/custom

tls, http2

msedge.exe

22.1kB
15.1kB
84
54

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200
139.45.195.254:443

flerap.com

tls

msedge.exe

1.1kB
6.8kB
10
11
139.45.195.254:443

fleraprt.com

tls

msedge.exe

1.1kB
6.8kB
9
11
37.48.68.71:443

https://datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8051033a-0c0d-49d6-ba19-45ac78b2a0c7

tls, http

msedge.exe

4.0kB
7.5kB
15
15

HTTP Request

POST https://datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8051033a-0c0d-49d6-ba19-45ac78b2a0c7

HTTP Response

200
37.48.68.71:443

datatechonert.com

tls

msedge.exe

936 B
507 B
8
8
216.58.204.65:443

https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

tls, http2

msedge.exe

2.7kB
16.1kB
25
31

HTTP Request

GET https://ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

HTTP Request

GET https://eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

HTTP Request

GET https://abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
216.58.212.225:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

msedge.exe

1.9kB
13.4kB
18
20

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
142.250.179.230:443

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

tls, http2

msedge.exe

3.3kB
71.1kB
46
58

HTTP Request

GET https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
52.84.174.16:443

https://bucket.cdnwebcloud.com/noah.min.js?1708358156245

tls, http2

msedge.exe

2.0kB
15.5kB
18
23

HTTP Request

GET https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=279148819&ord=3229820468

HTTP Response

200

HTTP Request

GET https://bucket.cdnwebcloud.com/noah.min.js?1708358156245

HTTP Response

200
172.217.169.66:443

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgCcuPtPvJhKne575CdI_eQI0-7FnAAJshSzkn45m0I19ndzOgW-mQmYXHtK0nom0_fQ1V_m3dzwmAW_jky_-3gnFeicDq6yb1d_nePyWBYIE1lHe3zQ0YTsnLj00fpr9hKbBHuqy9Hl2tbKkeG4XVRXDjXTlEYM_TSxj6A7W0X1DAoH-PBEJ0SycyaQTj_NsuLTXM84Qbrf4ubTtN24G4CA2LTRydUg7MRNRlPBquglUQhOX8-pcMn8uD9m6XiW0A3GJ3ptW-eRRO0j50r4eXIf5FD0ETi9ZtdPxNHsNiW0uEwt2tSGiq-IPHoZuBJpOdM1Ln278sgAWZPOL_gIHNFvhW6wGrATqGkwtTpRFrqAQJCiJ6vOTz_enZ3LiHOJYpK6Qa9gUeV5psC3ZVwN3LhFk_aKTqKhIGSzUhTKLyvG9lmxwrrH4HsOfxLOoDCyhfRzvvyb8GkWsVzSr4bdWAMNsFtuV_sgA3xmoIWArcBXK6lGzoAsm6oomUt3s5o4P-IHIGO6YHc47lU0oi3h1BNeoq-4CEgp-x51aQAdggrsS1Nv1csMLpv2-7Hljt76DuDoLIDdqal5coYISHhmsYV3_LbGKtQkV3g4WYJKOOZj7VzH05qM0-99V0YsjQQG1qt-ka2gf8gUbm8cQtv46PXHr-ru0pXPgefD6pSEUw5kY8g0t_RPMYHuY6dxQZ0uo3xp6iwnV2nkHkwxf2P-oxDBLWmo3sWifP4cNljBcWDYK_HGlUVQGuYY1sCMZj6S283ZpUW21fXnFPFrzbP58lsFkCIz05riRjCukPopjdd7GZ8LyUU4w2JfmsWEO-GsvZtP60rZUpjTWU3TnLZ51TEc94T_uJJ8FTi2TDUTcL5lP7zgb6AkT6bp0BuMXigem1W_Hmv-0yfQvzLKMmeNkT2m50Pa47YTLY_zHUzNJAL7kf6L7EC7CRKYUP2O15FAOOa2rGpjF7z4cAhV_afQv9X1SoMtNeuk_bouYsVADhWfmXeMKJfAKACYFMH-0SnevAjJSgDYl71tZb1IPzo_-kq3LKwxQ0dtX7oGl1pmwFO8rNntmiur-zm-M6qdUoA509i7zBGv8S5HXTwA-9lBV-v4MfR0SRs7tw5uuKdfhTlmsg2iyqdaU7P1NQ-hlPyyiqgjH2ZxGrymRHxubo1kE6ueeNFk_NSv0Y4XqV_-_KRWbcl7sz6LaYYifIYCJRdMdGIMUR1fOcmNxwE9eIC9RSEVTMh3IlI30mgr7er9vuiWRJLIuvBcAY7oLTrPKXpUQ15-f5Hk9PlBlhBUmPaTZvEeGeRJ0MRnnbS6mO__Ia49gGU1nSLbPJqRVNcblbQcErCfPawQ&sai=AMfl-YSKGxTHzFaAeFyLJlKffd7QM79omvQFBOs0-TSMTuAGSS8mp0HaFVks5ZtTSfr0hSnVCV6Rum6sJCyD9GD9qTsavrRKiKntP7eWlfHOuaCprRSGbBSzyG5WAjwGbdvpdVaBHMyDbdfjCZudmlDDLiPuSqY_VWSpftWgBet2UCTTXP6TGkPiZz0UT8V7WRqI1AaF3ahkWqZYGG3jQtNjc5tfnYAJoflst3y-r6GPJtnJzDcWBKu7LloCdsvs_PpRK_ejFShcuN-7o2hHt8Ok_XG_WczD-pFeMhv5Ay7seKvh0VEadGtaAlaY5U7ZY_yMTvq1KRdttOLnROG9M-VSbNfN5NlsCAHEVm23Qu1n9d4198RDeNHyTyBpcF6p_hKNvpAVFgbJ_sflMstnkCJm2HR8qR4D8O6aJncL0XenP3u0_qYzcKRreOCuAW-OUy6uMzy9KQ_ByA-xXGICMjLdQnK0rnW60vrt6CrxEX4cLazTltRFUF6tJvY&sig=Cg0ArKJSzPj67RaJSlQlEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=423&cbvp=1&cstd=388&cisv=r20240215.86619&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkyLjAuOTAyLjY3IixudWxsLDAsbnVsbCwiIixudWxsLDBd&arae=0&ftch=1&adurl=

tls, http2

msedge.exe

3.5kB
7.2kB
15
16

HTTP Request

GET https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgCcuPtPvJhKne575CdI_eQI0-7FnAAJshSzkn45m0I19ndzOgW-mQmYXHtK0nom0_fQ1V_m3dzwmAW_jky_-3gnFeicDq6yb1d_nePyWBYIE1lHe3zQ0YTsnLj00fpr9hKbBHuqy9Hl2tbKkeG4XVRXDjXTlEYM_TSxj6A7W0X1DAoH-PBEJ0SycyaQTj_NsuLTXM84Qbrf4ubTtN24G4CA2LTRydUg7MRNRlPBquglUQhOX8-pcMn8uD9m6XiW0A3GJ3ptW-eRRO0j50r4eXIf5FD0ETi9ZtdPxNHsNiW0uEwt2tSGiq-IPHoZuBJpOdM1Ln278sgAWZPOL_gIHNFvhW6wGrATqGkwtTpRFrqAQJCiJ6vOTz_enZ3LiHOJYpK6Qa9gUeV5psC3ZVwN3LhFk_aKTqKhIGSzUhTKLyvG9lmxwrrH4HsOfxLOoDCyhfRzvvyb8GkWsVzSr4bdWAMNsFtuV_sgA3xmoIWArcBXK6lGzoAsm6oomUt3s5o4P-IHIGO6YHc47lU0oi3h1BNeoq-4CEgp-x51aQAdggrsS1Nv1csMLpv2-7Hljt76DuDoLIDdqal5coYISHhmsYV3_LbGKtQkV3g4WYJKOOZj7VzH05qM0-99V0YsjQQG1qt-ka2gf8gUbm8cQtv46PXHr-ru0pXPgefD6pSEUw5kY8g0t_RPMYHuY6dxQZ0uo3xp6iwnV2nkHkwxf2P-oxDBLWmo3sWifP4cNljBcWDYK_HGlUVQGuYY1sCMZj6S283ZpUW21fXnFPFrzbP58lsFkCIz05riRjCukPopjdd7GZ8LyUU4w2JfmsWEO-GsvZtP60rZUpjTWU3TnLZ51TEc94T_uJJ8FTi2TDUTcL5lP7zgb6AkT6bp0BuMXigem1W_Hmv-0yfQvzLKMmeNkT2m50Pa47YTLY_zHUzNJAL7kf6L7EC7CRKYUP2O15FAOOa2rGpjF7z4cAhV_afQv9X1SoMtNeuk_bouYsVADhWfmXeMKJfAKACYFMH-0SnevAjJSgDYl71tZb1IPzo_-kq3LKwxQ0dtX7oGl1pmwFO8rNntmiur-zm-M6qdUoA509i7zBGv8S5HXTwA-9lBV-v4MfR0SRs7tw5uuKdfhTlmsg2iyqdaU7P1NQ-hlPyyiqgjH2ZxGrymRHxubo1kE6ueeNFk_NSv0Y4XqV_-_KRWbcl7sz6LaYYifIYCJRdMdGIMUR1fOcmNxwE9eIC9RSEVTMh3IlI30mgr7er9vuiWRJLIuvBcAY7oLTrPKXpUQ15-f5Hk9PlBlhBUmPaTZvEeGeRJ0MRnnbS6mO__Ia49gGU1nSLbPJqRVNcblbQcErCfPawQ&sai=AMfl-YSKGxTHzFaAeFyLJlKffd7QM79omvQFBOs0-TSMTuAGSS8mp0HaFVks5ZtTSfr0hSnVCV6Rum6sJCyD9GD9qTsavrRKiKntP7eWlfHOuaCprRSGbBSzyG5WAjwGbdvpdVaBHMyDbdfjCZudmlDDLiPuSqY_VWSpftWgBet2UCTTXP6TGkPiZz0UT8V7WRqI1AaF3ahkWqZYGG3jQtNjc5tfnYAJoflst3y-r6GPJtnJzDcWBKu7LloCdsvs_PpRK_ejFShcuN-7o2hHt8Ok_XG_WczD-pFeMhv5Ay7seKvh0VEadGtaAlaY5U7ZY_yMTvq1KRdttOLnROG9M-VSbNfN5NlsCAHEVm23Qu1n9d4198RDeNHyTyBpcF6p_hKNvpAVFgbJ_sflMstnkCJm2HR8qR4D8O6aJncL0XenP3u0_qYzcKRreOCuAW-OUy6uMzy9KQ_ByA-xXGICMjLdQnK0rnW60vrt6CrxEX4cLazTltRFUF6tJvY&sig=Cg0ArKJSzPj67RaJSlQlEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=423&cbvp=1&cstd=388&cisv=r20240215.86619&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkyLjAuOTAyLjY3IixudWxsLDAsbnVsbCwiIixudWxsLDBd&arae=0&ftch=1&adurl=
95.101.143.17:443

https://cdn.doubleverify.com/dvbs_src.js?ctx=29615901&cmp=225320&plc=7887512&sid=18330&dvregion=0&unit=728x90

tls, http

msedge.exe

3.5kB
28.6kB
21
32

HTTP Request

GET https://cdn.doubleverify.com/dvbs_src.js?ctx=29615901&cmp=225320&plc=7894353&sid=18330&dvregion=0&unit=728x90

HTTP Response

200

HTTP Request

GET https://cdn.doubleverify.com/dvbs_src_internal125.js

HTTP Response

200

HTTP Request

GET https://cdn.doubleverify.com/dvbs_src.js?ctx=29615901&cmp=225320&plc=7887512&sid=18330&dvregion=0&unit=728x90

HTTP Response

200
52.19.166.238:443

https://neural40.cdnwebcloud.com/avw?330146858275&n_o_aut_tc=279148819

tls, http2

msedge.exe

2.1kB
6.9kB
16
18

HTTP Request

GET https://neural40.cdnwebcloud.com/atp?472497141961=&n_o_aut_tc=279148819&nonhm=true&gdpr_consent=CMP_NOT_FOUND

HTTP Request

GET https://neural40.cdnwebcloud.com/avw?330146858275&n_o_aut_tc=279148819

HTTP Response

200

HTTP Response

200
130.211.44.5:443

https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_475321266758&jsTagObjCallback=__tagObject_callback_475321266758&num=6&ctx=29615901&cmp=225320&plc=7894353&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=475321266758&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=11&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau66faagc4eeac54%60%60%60g6_62_24a2hbh4a%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=9.00&callbackName=__verify_callback_475321266758

tls, http

msedge.exe

2.4kB
6.5kB
11
12

HTTP Request

GET https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_475321266758&jsTagObjCallback=__tagObject_callback_475321266758&num=6&ctx=29615901&cmp=225320&plc=7894353&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=475321266758&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=11&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau66faagc4eeac54%60%60%60g6_62_24a2hbh4a%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=9.00&callbackName=__verify_callback_475321266758

HTTP Response

200
52.19.166.238:443

neural40.cdnwebcloud.com

tls

msedge.exe

977 B
5.8kB
10
8
130.211.44.5:443

https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=4f48e7fa4ab841a59b22a214903aa261&vfdur=275&cbust=1708358156714711

tls, http

msedge.exe

1.9kB
5.8kB
10
10

HTTP Request

POST https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=4f48e7fa4ab841a59b22a214903aa261&vfdur=275&cbust=1708358156714711

HTTP Response

204
104.21.36.146:443

https://cdntechone.com/stattag.js

tls, http2

msedge.exe

2.0kB
13.9kB
20
20

HTTP Request

GET https://cdntechone.com/stattag.js

HTTP Response

200
104.21.56.184:443

https://asacdn.com/script/suv5.js

tls, http2

msedge.exe

5.9kB
126.8kB
83
114

HTTP Request

GET https://asacdn.com/script/suv4.js

HTTP Response

200

HTTP Request

GET https://asacdn.com/script/ut.js?cb=1708358157632

HTTP Request

GET https://asacdn.com/script/suv5.js

HTTP Response

200

HTTP Response

200
139.45.195.253:443

https://datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697&ruid=15b21f84-1a51-49c1-8488-16ff0fb0b0fd

tls, http

msedge.exe

3.9kB
7.4kB
12
12

HTTP Request

POST https://datatechone.com/log/add?cid=099bff94-57af-4b2b-a42c-300c65c51697&ruid=15b21f84-1a51-49c1-8488-16ff0fb0b0fd

HTTP Response

200
216.58.201.98:443

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI0suHiOK3hAMVY1NBAh0b4AQ8EAEYACDruKtN;dc_eps=AHas8cDHrecq4J9UvM8-fLrUlSLKpF7NOdtUteHYkSMzexIrWL28pOj80kaVmG_RCfrXuXF8xC-Qvn3pmWjtP5fyrB7e;met=1;&timestamp=1708358157580;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;

tls, http2

msedge.exe

2.0kB
6.9kB
16
17

HTTP Request

GET https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI0suHiOK3hAMVY1NBAh0b4AQ8EAEYACDruKtN;dc_eps=AHas8cDHrecq4J9UvM8-fLrUlSLKpF7NOdtUteHYkSMzexIrWL28pOj80kaVmG_RCfrXuXF8xC-Qvn3pmWjtP5fyrB7e;met=1;&timestamp=1708358157580;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;
172.64.135.28:443

https://youradexchange.com/script/suurl5.php?r=5890046&rbd=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.6556161102365501&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358166309&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5

tls, http2

msedge.exe

2.6kB
7.3kB
15
17

HTTP Request

GET https://youradexchange.com/script/suurl5.php?r=5890046&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.2513468839006867&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358157822&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5

HTTP Response

200

HTTP Request

GET https://youradexchange.com/script/suurl5.php?r=5890046&rbd=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbur=0.6556161102365501&cbiframe=0&cbWidth=1280&cbHeight=609&cbtitle=Shorten%20Links%20And%20Earn%20Money%20%7C%20cuty.io&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&cbdescription=&cbkeywords=cuty%2C%20url%20shortener%2C%20shorten%20urls%2C%20best%20url%20shortener%2C%20shorten%20links%20and%20earn%20money%2C%20url%20shortener%20online%2C%20earn%20money%2C%20earn%20money%20online&cbcdn=asacdn.com&ts=1708358166309&srs=0bba19ac2ab1ed4e0d28b47dede70055&atv=43.0-sw-suv5

HTTP Response

202
104.21.85.92:443

https://ctrtrk.com/ut/ctr.php

tls, http2

msedge.exe

1.7kB
6.2kB
13
15

HTTP Request

GET https://ctrtrk.com/ut/ctr.php

HTTP Response

200
104.21.8.108:443

https://pubtrky.com/ut/hb.php?cb=0.18224008874617192&v=1

tls, http2

msedge.exe

11.4kB
8.0kB
35
27

HTTP Request

POST https://pubtrky.com/ut/hb.php?cb=0.15210725654388013&v=1

HTTP Response

204

HTTP Request

POST https://pubtrky.com/ut/hb.php?cb=0.2975931010103232&v=1

HTTP Response

204

HTTP Request

POST https://pubtrky.com/ut/hb.php?cb=0.562476075905936&v=1

HTTP Response

204

HTTP Request

POST https://pubtrky.com/ut/hb.php?cb=0.484435072903181&v=1

HTTP Response

204

HTTP Request

POST https://pubtrky.com/ut/hb.php?cb=0.18224008874617192&v=1

HTTP Response

204
34.91.234.242:443

https://maroola.aditms.me/click?pid=10&offer_id=21670&sub1=170835815910000TUKTV415029430354V72&sub2=5890046&sub3=86077

tls, http2

msedge.exe

2.9kB
4.0kB
16
15

HTTP Request

GET https://maroola.aditms.me/click?pid=10&offer_id=21670&sub1=170835815910000TUKTV415029430354V72&sub2=5890046&sub3=86077

HTTP Response

302
34.91.234.242:443

maroola.aditms.me

tls

msedge.exe

2.0kB
3.2kB
10
7
172.64.135.28:443

https://youradexchange.com/script/i.php?t=1&c=23780516&stamat=m%257C%252C%252CQja3o2FmoGU3BJ-GH0dEdHP3xP.da1%252CdHliE_IJuXpzZzO5Kqob2pavinhUulGenPZDXlMzUL4AYx84Lzx9WNDtZjvHf5XHn0SOPbRMlXxVb7JVOsYD-OZ84E_9P4IxPUbLsl3BqZsoVsm7Fm1TYX47VUJ6kMuBwx9CCxYVRjfVB7pcGSqpPq1vQah6JyXd__VizLK4uYE13UEWRIEMzrGQOLrhsfHDW_-oq0MwMvPpqy9q5mzKgEGPfPMs6yXYf14V6DI_cHyIBX8Zub7fqZcPAg5Z5h_h6E6mQU0J4KAsNcbFGMP2X0FG06mMw5gls3U094oBeXaWFrOS_lxIktE9CrQR_zw8kQOaMWDo-LuLI8sjcV1h9Kkj7u4z9KMyCha_C-28f-D1L0awRxq8bngst_MVum8GAME0b2Df98HV3AsIm9Hmj9v4q7eQbQ3JYsZFLavnZwe1QiNQxTv-tAh0yB3_jXboIrG-xmUF4HoZlW-humYA42iBPA2_D9ELGu8FDTlmb09JF-7Tzu5cEq18aM9YmhR8hPkZjFbVK-co_zc8ztc8PxQG1xiEwY46IIjHp9uWTekkHERvwfp_mTNsj85_0tAW-zJX44uOpu7On7MGNyiymHv2qh3gbfgZ5j60pYJ9ri2cDaQcRB6TDzsiZUvTR28WJV3DgiCpuMAuvbBFz_KWZA%252C%252C&wo=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&utsid=0bba19ac2ab1ed4e0d28b47dede70055

tls, http2

msedge.exe

2.4kB
5.8kB
13
14

HTTP Request

GET https://youradexchange.com/script/i.php?t=1&c=23780516&stamat=m%257C%252C%252CQja3o2FmoGU3BJ-GH0dEdHP3xP.da1%252CdHliE_IJuXpzZzO5Kqob2pavinhUulGenPZDXlMzUL4AYx84Lzx9WNDtZjvHf5XHn0SOPbRMlXxVb7JVOsYD-OZ84E_9P4IxPUbLsl3BqZsoVsm7Fm1TYX47VUJ6kMuBwx9CCxYVRjfVB7pcGSqpPq1vQah6JyXd__VizLK4uYE13UEWRIEMzrGQOLrhsfHDW_-oq0MwMvPpqy9q5mzKgEGPfPMs6yXYf14V6DI_cHyIBX8Zub7fqZcPAg5Z5h_h6E6mQU0J4KAsNcbFGMP2X0FG06mMw5gls3U094oBeXaWFrOS_lxIktE9CrQR_zw8kQOaMWDo-LuLI8sjcV1h9Kkj7u4z9KMyCha_C-28f-D1L0awRxq8bngst_MVum8GAME0b2Df98HV3AsIm9Hmj9v4q7eQbQ3JYsZFLavnZwe1QiNQxTv-tAh0yB3_jXboIrG-xmUF4HoZlW-humYA42iBPA2_D9ELGu8FDTlmb09JF-7Tzu5cEq18aM9YmhR8hPkZjFbVK-co_zc8ztc8PxQG1xiEwY46IIjHp9uWTekkHERvwfp_mTNsj85_0tAW-zJX44uOpu7On7MGNyiymHv2qh3gbfgZ5j60pYJ9ri2cDaQcRB6TDzsiZUvTR28WJV3DgiCpuMAuvbBFz_KWZA%252C%252C&wo=1&chp=Windows&chpv=10.0&chuafv=92.0.902.67&cbpage=https%3A%2F%2Fexego.app%2FnlwWO&cbref=https%3A%2F%2Fexego.app%2FnlwWO&utsid=0bba19ac2ab1ed4e0d28b47dede70055

HTTP Response

204
54.196.173.211:80

http://track.cntclaim.com/4WB1QC/22Q72K9/?sub1=65d37a1280a0a000012c657a&source_id=10_5890046

http

msedge.exe

838 B
1.0kB
7
5

HTTP Request

GET http://track.cntclaim.com/4WB1QC/22Q72K9/?sub1=65d37a1280a0a000012c657a&source_id=10_5890046

HTTP Response

302
157.230.52.75:443

https://brswntech.com/click.php?key=tk0numhywqb801k7dq1l&transaction_id=6ad0c2a44d06440ea757ae6908c7cd83&affiliate_id=4WB1QC

tls, http2

msedge.exe

1.8kB
6.1kB
13
14

HTTP Request

GET https://brswntech.com/click.php?key=tk0numhywqb801k7dq1l&transaction_id=6ad0c2a44d06440ea757ae6908c7cd83&affiliate_id=4WB1QC

HTTP Response

302
3.231.192.129:443

https://www.getgx.net/65WLXC1/KM15N5P/?uid=4887&sub1=1990&sub2=29240g5c8j64p2a0&sub3=bin

tls, http2

msedge.exe

1.8kB
7.1kB
14
17

HTTP Request

GET https://www.getgx.net/65WLXC1/KM15N5P/?uid=4887&sub1=1990&sub2=29240g5c8j64p2a0&sub3=bin

HTTP Response

200
3.127.11.50:443

www.opera.com

tls

msedge.exe

1.0kB
3.6kB
8
8
3.127.11.50:443

https://www.opera.com/api/geolocation/

tls, http2

msedge.exe

3.0kB
25.5kB
24
34

HTTP Request

GET https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_GB_LVR_OOM&utm_id=fe861f9c436b4bf7af66001b14d63cd5&edition=std-1

HTTP Response

200

HTTP Request

GET https://www.opera.com/api/geolocation/

HTTP Response

200
104.84.85.174:443

cdn-production-opera-website.operacdn.com

tls, http2

msedge.exe

1.1kB
4.8kB
11
11
104.84.85.174:443

https://cdn-production-opera-website.operacdn.com/staticfiles/2723-07bfab34c572816854b8.js

tls, http2

msedge.exe

88.5kB
2.6MB
1760
1970

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/embedVideo.4fdce408f883.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/gxMain.2143dd96c917.js

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/gxMain.ef932ec0fbca.css

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/gx2021.44fadad10c07.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/logo/logo-o.a069885fbe7c.svg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/logo/logo-and-name--white.8877a4c85063.svg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/1x1px.91e42db1c66c.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/icons/arrows/right.9bd90c944fec.svg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/components/download/googleplay/google-play--en.510db0066052.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/components/download/appstore/app-store--en.4c2de0665c3e.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--mobile@2x.dad38e627140.webp

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--home.a3a32725c8c8.webp

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__mobile--hero-section@2x.105801afec18.webp

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--gx-mobile@2x.4aa1a438e946.webp

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx__feature-laptop--gx-cleaner@2x.43ff34bf1a7b.webp

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/hero-top/gx/gx-mobile__android-iOS@2x.d190a54a25f9.webp

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/feature-promo/awesome-features--gx__mobile.c8ecc394b852.jpg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/feature-promo/awesome-features--gx.e698406b3212.jpg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/theme-switcher/gx__color-theme--classic.1b752fb481b6.png

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-light-mode.ae3068ee8c01.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--light-mode.01aad9997fb5.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-corner.be1333483846.svg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--gx-corner.b44c9289e362.png

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-twitch.8902d1ec9cef.svg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--twitch.5f4495877f47.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-discord.513c7c78f5c8.svg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--discord.3e893cef8784.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-player.416a8e402db6.svg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--player.694659842717.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-messengers.9bd35388afd6.svg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--messengers.e491d059f927.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-pinboards.7e83626e788a.svg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--pinboards.aaecb2a9fc24.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-flow.736ea0e793e4.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--flow.3dafb84d8d14.png

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx-fast-navigation.53111f7a4633.svg

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2021/gx-features-slider/gx__feature--fast-navigation.cd994c62ac97.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/gx/images/gx2021/gaming-inspired-features-bg.cdcfd5388fec.jpg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/logo/logo-and-name-negative.51c8dfe30ee2.png

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/themeSwitcher.2752d37895fc.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/1cb6d11c2c491cd2f1fd.4bf5cf63e125.jpg

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/67e772f5c7c0ff691b84.d5b84517520e.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/3773-26fd20533ee40c5737d4.js

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/3140-70751f2063c9179acc1d.js

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/9625-18069e9f042dd22a20fe.js

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/5844-623e2e6730954e1631f0.js

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/8402-a5e99fbf49d748a487fc.js

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/253-5ac5fd1814a931050623.js

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/554-98f3fe68b9deb1db7052.js

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/2723-07bfab34c572816854b8.js

HTTP Response

200

HTTP Response

200

HTTP Response

200
172.217.169.14:443

https://www.googleoptimize.com/optimize.js?id=GTM-5HKZ2H4

tls, http2

msedge.exe

3.3kB
79.2kB
48
65

HTTP Request

GET https://www.googleoptimize.com/optimize.js?id=GTM-5HKZ2H4
64.233.184.155:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-T18E1GTPQG&cid=278108075.1708358165&gtm=45je42e0v878149888z8811573329za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0

tls, http2

msedge.exe

1.9kB
6.7kB
14
15

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-T18E1GTPQG&cid=278108075.1708358165&gtm=45je42e0v878149888z8811573329za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
216.239.32.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-T18E1GTPQG&gtm=45je42e0v878149888z8811573329za200&_p=1708358163296&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=278108075.1708358165&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358165&sct=1&seg=0&dl=https%3A%2F%2Fwww.opera.com%2Fgx%3Futm_source%3DPWNgames3%26utm_medium%3Dpa%26utm_campaign%3DPWN_GB_LVR_OOM%26utm_id%3Dfe861f9c436b4bf7af66001b14d63cd5%26edition%3Dstd-1&dt=Opera%20GX%20%7C%20Gaming%20Browser%20%7C%20Opera&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2488

tls, http2

msedge.exe

2.2kB
7.1kB
14
16

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-T18E1GTPQG&gtm=45je42e0v878149888z8811573329za200&_p=1708358163296&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=278108075.1708358165&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&pscdl=noapi&_s=1&sid=1708358165&sct=1&seg=0&dl=https%3A%2F%2Fwww.opera.com%2Fgx%3Futm_source%3DPWNgames3%26utm_medium%3Dpa%26utm_campaign%3DPWN_GB_LVR_OOM%26utm_id%3Dfe861f9c436b4bf7af66001b14d63cd5%26edition%3Dstd-1&dt=Opera%20GX%20%7C%20Gaming%20Browser%20%7C%20Opera&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2488
151.101.1.140:443

https://www.redditstatic.com/ads/pixel.js

tls, http2

msedge.exe

1.9kB
14.8kB
18
21

HTTP Request

GET https://www.redditstatic.com/ads/pixel.js

HTTP Response

200
151.101.1.44:443

https://cdn.taboola.com/libtrc/unip/1410119/tfa.js

tls, http2

msedge.exe

2.3kB
28.0kB
28
31

HTTP Request

GET https://cdn.taboola.com/libtrc/unip/1410119/tfa.js

HTTP Response

200
3.162.38.9:443

https://static.hotjar.com/c/hotjar-445451.js?sv=7

tls, http2

msedge.exe

1.8kB
9.7kB
16
17

HTTP Request

GET https://static.hotjar.com/c/hotjar-445451.js?sv=7

HTTP Response

200
151.101.1.140:443

https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_378pcjv6_telemetry

tls, http2

msedge.exe

1.7kB
5.6kB
12
14

HTTP Request

GET https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_378pcjv6_telemetry

HTTP Response

200
88.221.134.138:443

https://snap.licdn.com/li.lms-analytics/insight.min.js

tls, http2

msedge.exe

1.8kB
6.5kB
16
21

HTTP Request

GET https://snap.licdn.com/li.lms-analytics/insight.min.js

HTTP Response

200
163.70.147.23:443

connect.facebook.net

tls

msedge.exe

3.0kB
64.5kB
42
58
87.248.114.12:443

https://s.yimg.com/wi/config/10176867.json

tls, http2

msedge.exe

2.0kB
14.2kB
19
24

HTTP Request

GET https://s.yimg.com/wi/ytc.js

HTTP Request

GET https://s.yimg.com/wi/config/10176867.json
195.181.164.17:443

https://tags.creativecdn.com/1gnG4zGXkPW95vXqyMLu.js

tls, http2

msedge.exe

1.7kB
8.8kB
14
19

HTTP Request

GET https://tags.creativecdn.com/1gnG4zGXkPW95vXqyMLu.js

HTTP Response

200
185.184.8.90:443

https://ams.creativecdn.com/tags/v2?type=json&tc=1

tls, http2

msedge.exe

2.5kB
6.1kB
17
15

HTTP Request

OPTIONS https://ams.creativecdn.com/tags/v2?type=json

HTTP Response

200

HTTP Request

POST https://ams.creativecdn.com/tags/v2?type=json

HTTP Response

307

HTTP Request

OPTIONS https://ams.creativecdn.com/tags/v2?type=json&tc=1

HTTP Response

200
139.45.197.251:443

jouteetu.net

tls

msedge.exe

3.1kB
1.9kB
19
17
172.240.108.76:443

https://cobwebzincdelicacy.com/c4/6f/3c/c46f3cca8a7de322a2f433e4f3412421.js

tls, http

msedge.exe

1.7kB
4.3kB
11
11

HTTP Request

GET https://cobwebzincdelicacy.com/c4/6f/3c/c46f3cca8a7de322a2f433e4f3412421.js

HTTP Response

403
130.211.44.5:443

https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_153538009178&jsTagObjCallback=__tagObject_callback_153538009178&num=6&ctx=29615901&cmp=225320&plc=7887512&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=153538009178&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=6&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau2327a_c4ec2ahhbbad7_b5_f%602%60ba722%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=7.00&callbackName=__verify_callback_153538009178

tls, http

msedge.exe

2.3kB
2.0kB
8
8

HTTP Request

GET https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_153538009178&jsTagObjCallback=__tagObject_callback_153538009178&num=6&ctx=29615901&cmp=225320&plc=7887512&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=153538009178&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&brid=1&brver=92&bridua=1&dup=null&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&m1=15&noc=8&fcifrms=6&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEADTbpTauTau6I68%40%5D2AATauU2%3F4r92%3A%3Fl9EEADTbpTauTau6I68%40%5D2AATar9EEADTbpTauTau2327a_c4ec2ahhbbad7_b5_f%602%60ba722%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=7.00&callbackName=__verify_callback_153538009178

HTTP Response

200
130.211.44.5:443

https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=69c9d9db07114936a6db4013c8219a53&vfdur=247&cbust=1708358241083439

tls, http

msedge.exe

1.8kB
1.4kB
8
7

HTTP Request

POST https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=69c9d9db07114936a6db4013c8219a53&vfdur=247&cbust=1708358241083439

HTTP Response

204
142.250.187.193:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.187.193:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.187.193:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.187.193:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.187.193:443

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-form-0.1.js

tls, http2

msedge.exe

6.7kB
140.3kB
95
108

HTTP Request

GET https://cdn.ampproject.org/rtv/012402060239000/amp4ads-v0.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012402060239000/v0/amp-ad-exit-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012402060239000/v0/amp-analytics-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012402060239000/v0/amp-fit-text-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012402060239000/v0/amp-form-0.1.js
31.216.144.5:443

https://mega.nz/aesasm.js

tls, http

msedge.exe

7.3kB
103.2kB
48
81

HTTP Request

GET https://mega.nz/file/R5Z30JAa

HTTP Response

200

HTTP Request

GET https://mega.nz/secureboot.js?r=1707957972

HTTP Response

200

HTTP Request

GET https://mega.nz/loading-sprite_v4.png

HTTP Response

200

HTTP Request

GET https://mega.nz/favicon.ico?v=3

HTTP Response

200

HTTP Request

GET https://mega.nz/android-chrome-144x144.png

HTTP Response

200

HTTP Request

GET https://mega.nz/sw.js?v=1

HTTP Response

200

HTTP Request

GET https://mega.nz/decrypter.js

HTTP Response

200

HTTP Request

GET https://mega.nz/aesasm.js

HTTP Response

200
31.216.144.5:443

https://mega.nz/manifest.json

tls, http

msedge.exe

1.4kB
4.3kB
7
7

HTTP Request

GET https://mega.nz/manifest.json

HTTP Response

200
66.203.127.11:443

https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

tls, http2

msedge.exe

70.1kB
2.7MB
1364
1999

HTTP Request

GET https://eu.static.mega.co.nz/4/lang/en_c501d4baafc090d02ada944b431b23a4fde68349378e0d30ae1d11cf6212c014.json

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-1_c50e3dcd069699707a529effaf74c51009f25d8bcd430a1b009705c1604335ac.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-2_f781e629660d8cb1fb4cfeea91f46c4ccda5789d46b730565018aa0a0d66c82e.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-3_83a86e908bc2a5af599550746ae626004df4567c7e3fb8d57f8ab12198311b7a.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-4_5e85c46acd4c60f3786b9b5c8ba04379a35d0dae33f9764d2b989ed17b06006a.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-5_a5eb6f39cbac22a08205f410b1f6fa5ea0d06451ded24afff2a29de1245e6525.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-6_43a325a480602fa429366c9dec15dde729a796851e896d5b338ce418610b778e.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-7_f108a81dc17316496db33bebe94e762306db29181280c14e29a3348a5e216ece.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-1_eee99e860d5f13b39c098c34b82b145f3e93ab4ef4cb05085e06bccf84cfe59f.css

HTTP Request

GET https://eu.static.mega.co.nz/4/html/templates_7a2adebac8a71314834b5d549a24399168e19bb41a67f5b00f731affa00eeaf2.json

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-8_b78d688c09f3c3f25cff3ed01c3dd0ab3e7b2b94daffc1e371fc1a6b3d26f073.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/bottom-pages-animations.css-postbuild_47f7d58d40f84e7fa878532d05a625c2b9700c9300276decec0cbc374c0a5644.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-9_ff5a55c19e4b3cf287556d95131f98983e6fd46e395d63ff61ec0b4bc8b1c461.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-2_ba99001dc1bc99c75f4dd30d1b63b36c1c5584ae06346a22674d61fd63387596.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-10_3e0343ad5674edde09c78c7d3e08abdefc74166ad4c6c04914bef1c881e27f5c.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-11_179782de516cf96401b843f2a8ff1dd09475b50a13daf1b59b36013bda2d63ad.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-3_41e2e309277e57073fb6e4df2e62d034e2390dd2762dc194a8e3d5c61fd1dc2a.css

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-12_4a49fd10b4f147f6c5eb87933c9129da84aab3d6c3d8549eb76d790bf174eee3.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-13_a9e02f07a133445ba0dc2960cf438cf5fbd65c14d3fcb0dd627b1a21cc92ab61.js

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-14_fd345aa6c0c6d8de19f225bb86d2325a750ee58e1a9b82dc0b0094fe4430d186.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-4_66d99c0587154d017d3d6f10a9912b24c92944cb2df2322cb7592a32c8801527.css

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-15_7351caccb12c5c5be2c609bebd954a8358d152ad8f4987f81dda5292e3c148eb.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/mega-16_ba61ee809c68e46113a1c69a6af08d6fd214863c9acdc41151262b41a5370388.js

HTTP Request

GET https://eu.static.mega.co.nz/4/css/mega-7_289d5da5a0346475062230668e174896960dd23b9ec5a144400c37e66e07a71e.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/js/vendor/asmcrypto_9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7.js

HTTP Request

GET https://eu.static.mega.co.nz/4/html/download.html-postbuild_39a68dc795f6c634d669c0a954f0d4ab38d7ad3cc58ebce9d0fec9c89aba9e71.html

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/html/js/download_ed9dc57f008d4cb04416885987187605ffe7a269d739192dc5c0efbe0f6ea52e.js

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-mono.7f20799585227921.woff2?t=1705956699888

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/Lato-Regular.woff2?v=6343dd45044b0726

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/Lato-Semibold.woff2?v=7194963095272d0e

HTTP Request

GET https://eu.static.mega.co.nz/4/fonts/SourceSansPro-Regular.woff2?v=f71f612f60d5bb7e

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
66.203.127.11:443

eu.static.mega.co.nz

tls

msedge.exe

1.1kB
6.1kB
10
10
66.203.125.12:443

https://g.api.mega.co.nz/cs?id=0

tls, http

msedge.exe

1.6kB
6.3kB
8
9

HTTP Request

POST https://g.api.mega.co.nz/cs?id=0

HTTP Response

200
66.203.125.12:443

https://g.api.mega.co.nz/cs?id=58810129&v=3&lang=en&domain=meganz&bb=3

tls, http

msedge.exe

4.6kB
9.0kB
14
15

HTTP Request

POST https://g.api.mega.co.nz/cs?id=0

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=58810126&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=58810127&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=58810128&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200

HTTP Request

POST https://g.api.mega.co.nz/cs?id=58810129&v=3&lang=en&domain=meganz&bb=3

HTTP Response

200
66.203.127.11:443

https://eu.static.mega.co.nz/4/imagery/mega-icons-sprite.48528e60724d858e.png

tls, http2

msedge.exe

8.8kB
460.0kB
156
339

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-illustration-sprite-wide.e397e234dc118de4.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-download-dialog.cf6daa0027e27782.png

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-files-icons.d0eb3dca90ed2246.png

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mobile-button-loader-green.b175f7d362d2b4af.gif

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/sprites-fm-uni-uni.13e2c92f21f9ba07.svg

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-dialog-sprite.57a6bd1346996955.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eu.static.mega.co.nz/4/imagery/mega-icons-sprite.48528e60724d858e.png

HTTP Response

200
127.0.0.1:6341

msedge.exe
127.0.0.1:6341

msedge.exe
162.208.16.15:443

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/15623776-17339087

tls, http

msedge.exe

206.1kB
4.7MB
2815
3350

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/26208-78655

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/550496-734015

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/7235168-9332335

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/15623776-17339087

HTTP Response

200
162.208.16.15:443

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/11429472-13526639

tls, http

msedge.exe

133.9kB
4.9MB
2200
3537

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/78640-157295

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/262144-393215

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/943712-3040879

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/11429472-13526639

HTTP Response

200
162.208.16.15:443

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/5138016-7235183

tls, http

msedge.exe

103.8kB
2.4MB
1483
1754

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/0-26223

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/734000-943727

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/5138016-7235183

HTTP Response

200
162.208.16.15:443

https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/13526624-15623791

tls, http

msedge.exe

312.0kB
7.6MB
4311
5436

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/157280-262143

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/393216-550511

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/3040864-5138031

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/9332320-11429487

HTTP Response

200

HTTP Request

GET https://gfs302n105.userstorage.mega.co.nz/dl/NCS8Dw5JyJvluQIlFt921uaXSdLqFEFgJ34CaDyK_s29RhQuMJExtSGXh0y65sa-rdnef4JfC_vqbb1A8ObGDSF9vv2v8J-HEc4fncm7n8k8Gox5r7LMq30Hn5NC3Q/13526624-15623791

HTTP Response

200
185.206.24.17:443

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/13526624-15623791

tls, http

msedge.exe

242.0kB
7.5MB
3616
5359

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/78640-157295

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/393216-550511

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/3040864-5138031

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/9332320-11429487

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/13526624-15623791

HTTP Response

200
185.206.24.17:443

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/15623776-17339100

tls, http

msedge.exe

182.3kB
4.6MB
2708
3289

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/0-26223

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/734000-943727

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/7235168-9332335

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/15623776-17339100

HTTP Response

200
185.206.24.17:443

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/5138016-7235183

tls, http

msedge.exe

105.7kB
2.4MB
1493
1761

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/26208-78655

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/550496-734015

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/5138016-7235183

HTTP Response

200
185.206.24.17:443

https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/11429472-13526639

tls, http

msedge.exe

109.3kB
4.7MB
1934
3405

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/157280-262143

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/262144-393215

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/943712-3040879

HTTP Response

200

HTTP Request

GET https://gfs204n115.userstorage.mega.co.nz/dl/6fsokK1ss-jdMQLdVD38e4Zm1xKeQ83Fhoo2-QHdIEacYu9ULi64YtY7sxlnxlTrdbAB9HxmdzUTlGkIyhMIes4qQqL8MH9lmOYbDTrtceIU2m2SErnnRWMkqyr-Dw/11429472-13526639

HTTP Response

200
94.24.37.105:443

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/15623776-17339103

tls, http

msedge.exe

227.0kB
5.3MB
3081
3832

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/26208-78655

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/550496-734015

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/7235168-9332335

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/15623776-17339103

HTTP Response

200
94.24.37.105:443

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/5138016-7235183

tls, http

msedge.exe

92.4kB
2.5MB
1406
1782

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/0-26223

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/734000-943727

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/5138016-7235183

HTTP Response

200
94.24.37.105:443

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/13526624-15623791

tls, http

msedge.exe

353.3kB
8.0MB
4836
5720

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/78640-157295

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/393216-550511

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/3040864-5138031

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/9332320-11429487

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/13526624-15623791

HTTP Response

200
94.24.37.105:443

https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/11429472-13526639

tls, http

msedge.exe

125.8kB
4.8MB
1932
3423

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/157280-262143

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/262144-393215

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/943712-3040879

HTTP Response

200

HTTP Request

GET https://gfs206n195.userstorage.mega.co.nz/dl/0lSMH9LZTKBLdQfClNqyUo2MULXdGBr14YNJIWb3IiF-mjWCr4iAAGfg57zGSUUS-LMSjCPtDC8iQAoTucm3Fuh6SL48XVHcOU-pRqO6eB8fPkXM9PSmoWEweRl2AQ/11429472-13526639

HTTP Response

200
89.44.168.66:443

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/13526624-15623791

tls, http

msedge.exe

317.7kB
8.2MB
4532
5864

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/0-26223

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/262144-393215

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/3040864-5138031

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/9332320-11429487

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/13526624-15623791

HTTP Response

200
89.44.168.66:443

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/11429472-13526639

tls, http

msedge.exe

175.7kB
4.9MB
2685
3529

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/26208-78655

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/393216-550511

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/943712-3040879

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/11429472-13526639

HTTP Response

200
89.44.168.66:443

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/15623776-17339103

tls, http

msedge.exe

121.9kB
4.5MB
2059
3231

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/157280-262143

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/734000-943727

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/5138016-7235183

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/15623776-17339103

HTTP Response

200
89.44.168.66:443

https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/7235168-9332335

tls, http

msedge.exe

99.3kB
2.5MB
1538
1783

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/78640-157295

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/550496-734015

HTTP Response

200

HTTP Request

GET https://gfs270n356.userstorage.mega.co.nz/dl/Y0Gq0VlgD_ym5ALh6R14Ila_mmflPq7Z1ExBa0V52Qqrxf2DQ93cYQ63D7c24mwWKs3---F7sI8ZnQq061n4R0w6QIOvdmlnIA1c4EGFSfhsTodU_P1pCIYDQLTTRQ/7235168-9332335

HTTP Response

200
185.206.27.15:443

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/11429472-13526639

tls, http

msedge.exe

147.5kB
4.8MB
2362
3423

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/0-26223

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/734000-943727

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/943712-3040879

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/11429472-13526639

HTTP Response

200
185.206.27.15:443

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/15623776-17339103

tls, http

msedge.exe

157.0kB
4.4MB
2370
3173

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/157280-262143

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/262144-393215

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/5138016-7235183

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/15623776-17339103

HTTP Response

200
185.206.27.15:443

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/13526624-15623791

tls, http

msedge.exe

248.7kB
7.1MB
3765
5121

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/26208-78655

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/550496-734015

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/3040864-5138031

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/9332320-11429487

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/13526624-15623791

HTTP Response

200
185.206.27.15:443

https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/7235168-9332335

tls, http

msedge.exe

84.9kB
2.5MB
1363
1811

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/78640-157295

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/393216-550511

HTTP Response

200

HTTP Request

GET https://gfs214n105.userstorage.mega.co.nz/dl/G6keOVWJj6PeugLR6US7Aw1B6-4fFP9jVyZ7xijuTS98j0QubgqC73ESJjPmtQlVzs_Lasi7v9RiGe8QzpI7a3tg3W6yR1h43nBNmJkGly4fc8kJBgIbOBba6v6T3w/7235168-9332335

HTTP Response

200
185.206.26.15:443

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/157280-262143

tls, http

msedge.exe

2.6kB
26.2kB
23
23

HTTP Request

GET https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/157280-262143

HTTP Response

200
185.206.26.15:443

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/78640-157295

tls, http

msedge.exe

2.6kB
26.2kB
23
23

HTTP Request

GET https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/78640-157295

HTTP Response

200
185.206.26.15:443

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/0-26223

tls, http

msedge.exe

2.5kB
26.2kB
22
23

HTTP Request

GET https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/0-26223

HTTP Response

200
185.206.26.15:443

https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/26208-78655

tls, http

msedge.exe

2.5kB
26.2kB
22
23

HTTP Request

GET https://gfs208n105.userstorage.mega.co.nz/dl/B4Htha0jYlvGZgI3czViY299DeNaexuPebZnAGSu3FccWYf3qL4jUbUHd9hBgczHIlHQOxcoecZqbE7Qzbvv7k47Kqq7IJNkYDzJ-gh4L_22YwkWzeSwo2YLPE8dfA/26208-78655

HTTP Response

200

8.8.8.8:53

exego.app

dns

msedge.exe

55 B
103 B
1
1

DNS Request

exego.app

DNS Response

104.26.15.117

104.26.14.117

172.67.73.247
8.8.8.8:53

cdn.cuty.io

dns

msedge.exe

57 B
89 B
1
1

DNS Request

cdn.cuty.io

DNS Response

172.67.139.32

104.21.87.9
8.8.8.8:53

live.demand.supply

dns

msedge.exe

64 B
96 B
1
1

DNS Request

live.demand.supply

DNS Response

104.16.134.22

104.16.133.22
8.8.8.8:53

tls

64 B
80 B
1
1
8.8.8.8:53

securepubads.g.doubleclick.net

dns

msedge.exe

76 B
121 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.179.226
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.184

96.17.179.205
8.8.8.8:53

117.15.26.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

117.15.26.104.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
142.250.179.226:443

securepubads.g.doubleclick.net

https

msedge.exe

15.5kB
185.6kB
75
156
8.8.8.8:53

glersakr.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

glersakr.com

DNS Response

139.45.197.239
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

22.134.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

22.134.16.104.in-addr.arpa
8.8.8.8:53

204.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

204.178.17.96.in-addr.arpa
8.8.8.8:53

0.170.109.23.in-addr.arpa

dns

71 B
144 B
1
1

DNS Request

0.170.109.23.in-addr.arpa
8.8.8.8:53

232.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

232.179.250.142.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

226.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.179.250.142.in-addr.arpa
8.8.8.8:53

32.139.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

32.139.67.172.in-addr.arpa
8.8.8.8:53

184.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

184.179.17.96.in-addr.arpa
8.8.8.8:53

239.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

239.197.45.139.in-addr.arpa
8.8.8.8:53

my.rtmark.net

dns

msedge.exe

59 B
75 B
1
1

DNS Request

my.rtmark.net

DNS Response

139.45.195.8
8.8.8.8:53

sr7pv7n5x.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

sr7pv7n5x.com

DNS Response

212.117.190.201
8.8.8.8:53

propeller-tracking.com

dns

msedge.exe

68 B
84 B
1
1

DNS Request

propeller-tracking.com

DNS Response

139.45.197.240
8.8.8.8:53

fundingchoicesmessages.google.com

dns

msedge.exe

79 B
116 B
1
1

DNS Request

fundingchoicesmessages.google.com

DNS Response

172.217.16.238
8.8.8.8:53

region1.google-analytics.com

dns

msedge.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.204.66
172.217.16.238:443

fundingchoicesmessages.google.com

https

msedge.exe

19.4kB
161.7kB
106
195
8.8.8.8:53

66.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

66.204.58.216.in-addr.arpa
8.8.8.8:53

3.169.217.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.169.217.172.in-addr.arpa
8.8.8.8:53

201.190.117.212.in-addr.arpa

dns

74 B
147 B
1
1

DNS Request

201.190.117.212.in-addr.arpa
8.8.8.8:53

240.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

240.197.45.139.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

8.195.45.139.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

8.195.45.139.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
224.0.0.251:5353

513 B
8
8.8.8.8:53

yourfreshjournal.com

dns

msedge.exe

66 B
98 B
1
1

DNS Request

yourfreshjournal.com

DNS Response

172.64.132.4

172.64.133.4
8.8.8.8:53

tzegilo.com

dns

msedge.exe

114 B
178 B
2
2

DNS Request

tzegilo.com

DNS Request

tzegilo.com

DNS Response

172.67.193.52

104.21.11.245

DNS Response

172.67.193.52

104.21.11.245
8.8.8.8:53

jouteetu.net

dns

msedge.exe

58 B
74 B
1
1

DNS Request

jouteetu.net

DNS Response

139.45.197.251
8.8.8.8:53

flerap.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

flerap.com

DNS Response

139.45.195.254
8.8.8.8:53

fleraprt.com

dns

msedge.exe

116 B
74 B
2
1

DNS Request

fleraprt.com

DNS Request

fleraprt.com

DNS Response

139.45.195.254
8.8.8.8:53

4.132.64.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

4.132.64.172.in-addr.arpa
8.8.8.8:53

52.193.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

52.193.67.172.in-addr.arpa
8.8.8.8:53

251.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

251.197.45.139.in-addr.arpa
8.8.8.8:53

254.195.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

254.195.45.139.in-addr.arpa
8.8.8.8:53

datatechonert.com

dns

msedge.exe

126 B
79 B
2
1

DNS Request

datatechonert.com

DNS Request

datatechonert.com

DNS Response

37.48.68.71
8.8.8.8:53

71.68.48.37.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

71.68.48.37.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com

dns

msedge.exe

110 B
169 B
1
1

DNS Request

ee72284c6624dc1118e0ea0ac2a939c2.safeframe.googlesyndication.com

DNS Response

216.58.204.65
8.8.8.8:53

tpc.googlesyndication.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

216.58.212.225
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

65.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

65.204.58.216.in-addr.arpa
216.58.212.225:443

tpc.googlesyndication.com

https

msedge.exe

7.4kB
83.8kB
57
83
142.250.178.4:443

www.google.com

https

msedge.exe

40.3kB
122.9kB
102
160
8.8.8.8:53

s0.2mdn.net

dns

msedge.exe

57 B
73 B
1
1

DNS Request

s0.2mdn.net

DNS Response

142.250.179.230
142.250.179.230:443

s0.2mdn.net

https

msedge.exe

25.2kB
2.8MB
316
2074
8.8.8.8:53

bucket.cdnwebcloud.com

dns

msedge.exe

136 B
264 B
2
2

DNS Request

bucket.cdnwebcloud.com

DNS Response

52.84.174.16

52.84.174.53

52.84.174.123

52.84.174.15

DNS Request

bucket.cdnwebcloud.com

DNS Response

52.84.174.53

52.84.174.16

52.84.174.15

52.84.174.123
8.8.8.8:53

225.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

225.212.58.216.in-addr.arpa
8.8.8.8:53

230.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

230.179.250.142.in-addr.arpa
8.8.8.8:53

googleads4.g.doubleclick.net

dns

msedge.exe

131 B
179 B
2
2

DNS Request

googleads4.g.doubleclick.net

DNS Response

172.217.169.66

DNS Request

pubtrky.com

DNS Response

104.21.8.108

172.67.188.110
8.8.8.8:53

cdn.doubleverify.com

dns

msedge.exe

132 B
356 B
2
2

DNS Request

cdn.doubleverify.com

DNS Response

95.101.143.17

95.101.143.16

DNS Request

cdn.doubleverify.com

DNS Response

95.101.143.17

95.101.143.16
172.217.169.66:443

googleads4.g.doubleclick.net

https

msedge.exe

9.3kB
8.2kB
22
21
8.8.8.8:53

neural40.cdnwebcloud.com

dns

msedge.exe

70 B
118 B
1
1

DNS Request

neural40.cdnwebcloud.com

DNS Response

52.19.166.238

54.229.120.192

54.72.180.133
8.8.8.8:53

rtb0.doubleverify.com

dns

msedge.exe

134 B
334 B
2
2

DNS Request

rtb0.doubleverify.com

DNS Response

130.211.44.5

DNS Request

rtb0.doubleverify.com

DNS Response

130.211.44.5
8.8.8.8:53

rtbc-ew1.doubleverify.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

rtbc-ew1.doubleverify.com

DNS Response

130.211.44.5
8.8.8.8:53

www.googletagservices.com

dns

msedge.exe

142 B
87 B
2
1

DNS Request

www.googletagservices.com

DNS Request

www.googletagservices.com

DNS Response

142.250.179.226
8.8.8.8:53

16.174.84.52.in-addr.arpa

dns

142 B
127 B
2
1

DNS Request

16.174.84.52.in-addr.arpa

DNS Request

16.174.84.52.in-addr.arpa
8.8.8.8:53

17.143.101.95.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

17.143.101.95.in-addr.arpa

DNS Request

17.143.101.95.in-addr.arpa
8.8.8.8:53

66.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

66.169.217.172.in-addr.arpa
8.8.8.8:53

51.201.222.52.in-addr.arpa

dns

144 B
129 B
2
1

DNS Request

51.201.222.52.in-addr.arpa

DNS Request

51.201.222.52.in-addr.arpa
8.8.8.8:53

198.187.250.142.in-addr.arpa

dns

148 B
112 B
2
1

DNS Request

198.187.250.142.in-addr.arpa

DNS Request

198.187.250.142.in-addr.arpa
8.8.8.8:53

238.166.19.52.in-addr.arpa

dns

144 B
135 B
2
1

DNS Request

238.166.19.52.in-addr.arpa

DNS Request

238.166.19.52.in-addr.arpa
8.8.8.8:53

5.44.211.130.in-addr.arpa

dns

142 B
122 B
2
1

DNS Request

5.44.211.130.in-addr.arpa

DNS Request

5.44.211.130.in-addr.arpa
216.239.34.36:443

region1.google-analytics.com

https

msedge.exe

3.1kB
7.3kB
11
15
8.8.8.8:53

asacdn.com

dns

msedge.exe

56 B
88 B
1
1

DNS Request

asacdn.com

DNS Response

104.21.56.184

172.67.155.72
8.8.8.8:53

cdntechone.com

dns

msedge.exe

60 B
92 B
1
1

DNS Request

cdntechone.com

DNS Response

104.21.36.146

172.67.195.28
8.8.8.8:53

datatechone.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

datatechone.com

DNS Response

139.45.195.253
8.8.8.8:53

eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com

dns

msedge.exe

110 B
169 B
1
1

DNS Request

eb1242d71d64ba39171a776e476bb154.safeframe.googlesyndication.com

DNS Response

216.58.204.65
8.8.8.8:53

ade.googlesyndication.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

ade.googlesyndication.com

DNS Response

216.58.201.98
8.8.8.8:53

youradexchange.com

dns

msedge.exe

64 B
96 B
1
1

DNS Request

youradexchange.com

DNS Response

172.64.135.28

172.64.134.28
8.8.8.8:53

146.36.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

146.36.21.104.in-addr.arpa
8.8.8.8:53

184.56.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

184.56.21.104.in-addr.arpa
8.8.8.8:53

253.195.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

253.195.45.139.in-addr.arpa
8.8.8.8:53

98.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

98.201.58.216.in-addr.arpa
8.8.8.8:53

ctrtrk.com

dns

msedge.exe

56 B
88 B
1
1

DNS Request

ctrtrk.com

DNS Response

104.21.85.92

172.67.204.62
142.250.178.4:443

www.google.com

https

msedge.exe

3.9kB
15.2kB
10
15
8.8.8.8:53

28.135.64.172.in-addr.arpa

dns

144 B
268 B
2
2

DNS Request

28.135.64.172.in-addr.arpa

DNS Request

28.135.64.172.in-addr.arpa
8.8.8.8:53

92.85.21.104.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

92.85.21.104.in-addr.arpa

DNS Request

92.85.21.104.in-addr.arpa
8.8.8.8:53

108.8.21.104.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

108.8.21.104.in-addr.arpa

DNS Request

108.8.21.104.in-addr.arpa
8.8.8.8:53

maroola.aditms.me

dns

msedge.exe

63 B
132 B
1
1

DNS Request

maroola.aditms.me

DNS Response

34.91.234.242

34.141.179.97
8.8.8.8:53

track.cntclaim.com

dns

msedge.exe

64 B
80 B
1
1

DNS Request

track.cntclaim.com

DNS Response

54.196.173.211
8.8.8.8:53

242.234.91.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

242.234.91.34.in-addr.arpa
8.8.8.8:53

36.249.124.192.in-addr.arpa

dns

73 B
113 B
1
1

DNS Request

36.249.124.192.in-addr.arpa
8.8.8.8:53

brswntech.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

brswntech.com

DNS Response

157.230.52.75
8.8.8.8:53

www.getgx.net

dns

msedge.exe

59 B
91 B
1
1

DNS Request

www.getgx.net

DNS Response

3.231.192.129

54.147.64.115
8.8.8.8:53

211.173.196.54.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

211.173.196.54.in-addr.arpa
8.8.8.8:53

75.52.230.157.in-addr.arpa

dns

144 B
278 B
2
2

DNS Request

75.52.230.157.in-addr.arpa

DNS Request

75.52.230.157.in-addr.arpa
8.8.8.8:53

129.192.231.3.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

129.192.231.3.in-addr.arpa
8.8.8.8:53

www.opera.com

dns

msedge.exe

59 B
148 B
1
1

DNS Request

www.opera.com

DNS Response

3.127.11.50

18.158.202.86
8.8.8.8:53

cdn-production-opera-website.operacdn.com

dns

msedge.exe

87 B
207 B
1
1

DNS Request

cdn-production-opera-website.operacdn.com

DNS Response

104.84.85.174
8.8.8.8:53

www.googleoptimize.com

dns

msedge.exe

68 B
84 B
1
1

DNS Request

www.googleoptimize.com

DNS Response

172.217.169.14
8.8.8.8:53

www-static.operacdn.com

dns

msedge.exe

69 B
127 B
1
1

DNS Request

www-static.operacdn.com
8.8.8.8:53

50.11.127.3.in-addr.arpa

dns

70 B
134 B
1
1

DNS Request

50.11.127.3.in-addr.arpa
8.8.8.8:53

14.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.169.217.172.in-addr.arpa
8.8.8.8:53

174.85.84.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

174.85.84.104.in-addr.arpa
8.8.8.8:53

region1.analytics.google.com

dns

msedge.exe

74 B
106 B
1
1

DNS Request

region1.analytics.google.com

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

stats.g.doubleclick.net

dns

msedge.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

64.233.184.155

64.233.184.156

64.233.184.154

64.233.184.157
8.8.8.8:53

www.redditstatic.com

dns

msedge.exe

66 B
175 B
1
1

DNS Request

www.redditstatic.com

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

static.hotjar.com

dns

msedge.exe

63 B
152 B
1
1

DNS Request

static.hotjar.com

DNS Response

3.162.38.9

3.162.38.8

3.162.38.31

3.162.38.26
8.8.8.8:53

cdn.taboola.com

dns

msedge.exe

61 B
167 B
1
1

DNS Request

cdn.taboola.com

DNS Response

151.101.1.44

151.101.65.44

151.101.129.44

151.101.193.44
8.8.8.8:53

snap.licdn.com

dns

msedge.exe

60 B
196 B
1
1

DNS Request

snap.licdn.com

DNS Response

88.221.134.138

88.221.134.88

88.221.134.112

88.221.135.96
8.8.8.8:53

14.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.178.250.142.in-addr.arpa
8.8.8.8:53

155.184.233.64.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

155.184.233.64.in-addr.arpa
8.8.8.8:53

36.32.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.32.239.216.in-addr.arpa
8.8.8.8:53

140.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

140.1.101.151.in-addr.arpa
64.233.184.155:443

stats.g.doubleclick.net

https

msedge.exe

2.3kB
6.9kB
6
9
8.8.8.8:53

connect.facebook.net

dns

msedge.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.147.23
8.8.8.8:53

s.yimg.com

dns

msedge.exe

56 B
127 B
1
1

DNS Request

s.yimg.com

DNS Response

87.248.114.12

87.248.114.11
8.8.8.8:53

tags.creativecdn.com

dns

msedge.exe

66 B
136 B
1
1

DNS Request

tags.creativecdn.com

DNS Response

195.181.164.17

89.187.167.5
8.8.8.8:53

ams.creativecdn.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ams.creativecdn.com

DNS Response

185.184.8.90
8.8.8.8:53

44.1.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

44.1.101.151.in-addr.arpa
8.8.8.8:53

138.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

138.134.221.88.in-addr.arpa
8.8.8.8:53

9.38.162.3.in-addr.arpa

dns

69 B
123 B
1
1

DNS Request

9.38.162.3.in-addr.arpa
8.8.8.8:53

23.147.70.163.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

23.147.70.163.in-addr.arpa
8.8.8.8:53

17.164.181.195.in-addr.arpa

dns

73 B
110 B
1
1

DNS Request

17.164.181.195.in-addr.arpa
8.8.8.8:53

90.8.184.185.in-addr.arpa

dns

71 B
113 B
1
1

DNS Request

90.8.184.185.in-addr.arpa
8.8.8.8:53

12.114.248.87.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

12.114.248.87.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
216.58.201.98:443

ade.googlesyndication.com

https

msedge.exe

4.3kB
7.3kB
13
14
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

219 B
139 B
3
1

DNS Request

217.135.221.88.in-addr.arpa

DNS Request

217.135.221.88.in-addr.arpa

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

198.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

198.178.17.96.in-addr.arpa
216.58.201.98:443

ade.googlesyndication.com

https

msedge.exe

2.5kB
3.1kB
8
8
142.250.178.4:443

www.google.com

https

msedge.exe

49.0kB
94.5kB
98
135
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
216.239.34.36:443

region1.analytics.google.com

https

msedge.exe

5.0kB
3.6kB
15
18
216.58.201.98:443

ade.googlesyndication.com

https

msedge.exe

2.5kB
3.2kB
9
9
8.8.8.8:53

cobwebzincdelicacy.com

dns

msedge.exe

136 B
296 B
2
2

DNS Request

cobwebzincdelicacy.com

DNS Request

cobwebzincdelicacy.com

DNS Response

172.240.108.76

192.243.59.12

192.243.61.225

192.243.61.227

172.240.108.68

DNS Response

172.240.108.76

192.243.59.12

192.243.61.225

192.243.61.227

172.240.108.68
172.217.16.238:443

fundingchoicesmessages.google.com

https

msedge.exe

13.4kB
81.4kB
65
95
142.250.179.226:443

www.googletagservices.com

https

msedge.exe

9.4kB
41.3kB
40
49
8.8.8.8:53

abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com

dns

msedge.exe

110 B
169 B
1
1

DNS Request

abaf204c64a2993325f03d071a132faa.safeframe.googlesyndication.com

DNS Response

216.58.204.65
8.8.8.8:53

rtb0.doubleverify.com

dns

msedge.exe

67 B
167 B
1
1

DNS Request

rtb0.doubleverify.com

DNS Response

130.211.44.5
8.8.8.8:53

76.108.240.172.in-addr.arpa

dns

146 B
292 B
2
2

DNS Request

76.108.240.172.in-addr.arpa

DNS Request

76.108.240.172.in-addr.arpa
8.8.8.8:53

cdn.ampproject.org

dns

msedge.exe

64 B
106 B
1
1

DNS Request

cdn.ampproject.org

DNS Response

142.250.187.193
216.58.212.225:443

tpc.googlesyndication.com

https

msedge.exe

5.3kB
44.6kB
30
42
172.217.169.66:443

googleads4.g.doubleclick.net

https

msedge.exe

4.5kB
3.7kB
11
12
142.250.179.230:443

s0.2mdn.net

https

msedge.exe

5.2kB
152.8kB
55
116
216.58.212.225:443

tpc.googlesyndication.com

https

msedge.exe

3.1kB
6.5kB
5
7
142.250.178.4:443

www.google.com

https

msedge.exe

2.3kB
3.1kB
9
10
142.250.179.226:443

www.googletagservices.com

https

msedge.exe

3.1kB
6.6kB
5
7
8.8.8.8:53

193.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

193.187.250.142.in-addr.arpa
8.8.8.8:53

mega.nz

dns

msedge.exe

53 B
85 B
1
1

DNS Request

mega.nz

DNS Response

31.216.144.5

31.216.145.5
8.8.8.8:53

eu.static.mega.co.nz

dns

msedge.exe

66 B
130 B
1
1

DNS Request

eu.static.mega.co.nz

DNS Response

66.203.127.11

89.44.169.132

66.203.124.37

66.203.127.13
8.8.8.8:53

5.144.216.31.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

5.144.216.31.in-addr.arpa
8.8.8.8:53

g.api.mega.co.nz

dns

msedge.exe

62 B
175 B
1
1

DNS Request

g.api.mega.co.nz

DNS Response

66.203.125.12

66.203.125.14

66.203.125.16

66.203.125.15

66.203.125.13

66.203.125.11
8.8.8.8:53

11.127.203.66.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

11.127.203.66.in-addr.arpa
8.8.8.8:53

12.125.203.66.in-addr.arpa

dns

72 B
104 B
1
1

DNS Request

12.125.203.66.in-addr.arpa
8.8.8.8:53

gfs302n105.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs302n105.userstorage.mega.co.nz

DNS Response

162.208.16.15
8.8.8.8:53

gfs270n356.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs270n356.userstorage.mega.co.nz

DNS Response

89.44.168.66
8.8.8.8:53

gfs208n105.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs208n105.userstorage.mega.co.nz

DNS Response

185.206.26.15
8.8.8.8:53

gfs214n105.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs214n105.userstorage.mega.co.nz

DNS Response

185.206.27.15
8.8.8.8:53

gfs204n115.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs204n115.userstorage.mega.co.nz

DNS Response

185.206.24.17
8.8.8.8:53

gfs206n195.userstorage.mega.co.nz

dns

msedge.exe

79 B
95 B
1
1

DNS Request

gfs206n195.userstorage.mega.co.nz

DNS Response

94.24.37.105
8.8.8.8:53

17.24.206.185.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

17.24.206.185.in-addr.arpa
8.8.8.8:53

105.37.24.94.in-addr.arpa

dns

142 B
134 B
2
1

DNS Request

105.37.24.94.in-addr.arpa

DNS Request

105.37.24.94.in-addr.arpa
8.8.8.8:53

15.26.206.185.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

15.26.206.185.in-addr.arpa
8.8.8.8:53

66.168.44.89.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

66.168.44.89.in-addr.arpa
8.8.8.8:53

15.16.208.162.in-addr.arpa

dns

144 B
135 B
2
1

DNS Request

15.16.208.162.in-addr.arpa

DNS Request

15.16.208.162.in-addr.arpa
8.8.8.8:53

208.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

208.143.182.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
28KB

MD5
3453dfe7567d7cedc3614d6ce75ca0f8

SHA1
1b8a9f33190643164b7c2bf4b70afa607df640d4

SHA256
1efe8f7bfbb4023818648ee7918fab631a80e6c85996c0a3e4288998836b8c98

SHA512
7b207ba43103fd9ad03ee032f3460a44a3b8fa7fb25ecb617a82d678faa28f1af316af57bb610d69ba17e650ff41192aa9b3ffcbe6492cdd605891f420923caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
134KB

MD5
4787dd34ac59f7876fc7a3e8c4d3c01c

SHA1
0a2fa42f0b64a361f9404802fc4eea75da616df5

SHA256
cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

SHA512
fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
61KB

MD5
a1eb05b2e53b4908558d8ff04593ba0d

SHA1
cf7fc2706462d69876d05b3a8485a5b5ff71bfdd

SHA256
d95fd728438d7db547d3f5aa714b2bc81add8cce4dd03b0ce479d2dcfc61bd52

SHA512
108ab871d7bb98b5feb0fcbf6705710b34976da63ffe1033c8b3fe9ef2723238d9686f3a1d49f64b6f11dacb69953effd81badcf4ff42d3506bf0e85fcbe9b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a1e2298a7e20f427fd7bfe460c5412c3

SHA1
6de2a6c14da830ce8e92e4670f94f893ca97081a

SHA256
b41a6c613af923eecf357423ef6106d4aaaa8dfd4c223b1ccb6766cbe6e7e44f

SHA512
d6087092b32a1f35afc02a304902aefb66d1376e6770133bbfb1d2c8814e43bb4feb638b205c8ce255172154eeaa06fe1a4d01b0443c69267246108cfe88e286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ccc576129006661dd28422fd3d2da69d

SHA1
6901a518e86cecf3102dd8751038775850b07313

SHA256
9d25bef7e92330acf8b4312315ed4feab3738d8d7a12256346bb6116af493839

SHA512
606acfe0a51d6a6cfe1b050db31e1c3203dd2f02ed1e0c7c21a6cb37bb9b14d377cf39f13b6154e6bc32a00e14f25a14adfb18fe5909fcb8e2d622308e751723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
91ba9e3a40636377ae9583b5a1db8330

SHA1
dcb0cf6106d7d1ca9e4a80009d6caf3931adc603

SHA256
1622a7767bb88be72a1b7db8f361a77f1de4fdcba380815f1eedca7024f384c8

SHA512
32312c71507987ac18b0d27b833acaada8c1c24b689345a27a7f28216a7911231ddbaa76dc4f2152b7114893959dc2c0a8f150efe784dabc0b32369e9be34006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc836bf600e39c0aca9b9cea396563b5

SHA1
fd2b7a8b3ff6f57a0834ca056252bc9020334bf9

SHA256
57e906bf82403e86847fbfddd690130bdb332fc190dbb0e0339ea2134e421157

SHA512
e856d31db14e9d5c317822df908b58aa756dba9eeaf64c03a49f8ff4e431f2e704fa21eb2d70cb024ce59ad75db7ec08e8409314a19c7bdd31af38570e434a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
3e2d20f1828cb91665a7fa67e7555a16

SHA1
778a80d7e5b5730037772fb020a027674f0ac870

SHA256
2c551190b2673099d1df4d56b106527dcb9599474b1f5c5d3dd2c5ea409563bc

SHA512
a2a312fcd1863185693606055faca756183fd0294ee6afb03c1c2836154f8052084992288af7326cc893801a8b8ac4aa941d0b3a17a9a3ed6195bc1833f783df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
455aa83cda0765342bbf1f3388dcd1e7

SHA1
6835de38c220678bae091e5d91b5ac3fb1b20c3d

SHA256
79284f054094736f49094e2e9183d58ca269d693c5551290b06771ca3d032c8c

SHA512
e98b2c033905b9b3a8e5eab70566324b6392ef0f7f49ee9a7c5de200d40fbccbedad46375329e4c6ce1abffe5cf16b943bcd89d9eb52cfcf6a4750a8518c8fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3475747ef67ea2111109b2a6a0b8bdc

SHA1
203498a3826f21086cd8e5ff37c5a50202a649eb

SHA256
2b3099d706ae030dc2384f1143aaabb2ba95601fd8b455757f53f886cdad3b82

SHA512
5c52e118136795539dfd5153ea50bab601de5e02fc7783053cc93244611dd585bc600ca8b2c7ff825d6538c2ea640702c0963515838a883dac04242f09d3c0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32ad67152e547464b8ffc5c207599aaa

SHA1
2736abb3dc8f7920642b86327c532846b26c4160

SHA256
5afc769cd093d288634d4b13c35b7b87cd1b168a020155bb47b58e20eddff252

SHA512
a836a064980b3290c6730d2f6c7ad2448fbd98034942d9424fb30d83bd66ee2dffe902ee8ca7e9a673e249a2a2a4a6768f8cf7a25c4d7b10d4c104491f4aa9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
566f4615c1eaf298c96237973169944b

SHA1
1fc95dd032ad6660d48408e0b8b66c272f83af77

SHA256
9d469ff8e56ba4601b1852eb39a5e90278de1c49807493443f7524f8b4911e91

SHA512
841052a7b9eee3db42d3229bea3236bb6c9b71380c8efc4aeed594879dcc7b48ebddfd4d8a69ceb8b11f47059fab0fbee23bd1c1cc6f82945ec17145e2dccf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e26a8293c5f4c3174356b48f20d5565e

SHA1
c3cc8e774554ea212c69c55e8f7b567fd2a1a18f

SHA256
da6e65edd00ea04810b5534d679c49e03c3511da8a90ef467b5c0043f7d6fdb8

SHA512
6184dbe30b226b9cef0ff66e28540be0922142a2d8f7599320142919517baf2951a058a05df980daa24399eafd54a68d93db8cb38ca3af2e997a92adaebc177e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c235185342ebf82dcd497eca8bc210fc

SHA1
fc2b1927f506e83971e19d2fc6fd0c4700c966e5

SHA256
b4ca5203493d24e593cdaec569031d7425c50a487aeaedac8ac2f55c25e0d7bd

SHA512
dc843fec415adaa03fe57bb86baaf45b2119b5e536e81ed6ea41e4d4d1e3f58b684ca88565f6cda6c6b2a43f3d41b16d412f99baa7893fca2a42b2a7c7b43c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a2d900d3cbb24769408170e128de618c

SHA1
d71b8e69a3448f05ad49eb7f134c0b0bd2f0c603

SHA256
12864b84562f3ee80feeb842dfe4ff4987907a3ffa72788287f4f58bac522d6e

SHA512
1c1852c2441b4ce8a247b9b538c9bde23247550fa3bf17b2277b107b2775c6d990a3a505a12f8bbfb69512e645c96fb2ac7bc99da69c0187185bacc89adf8a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598ec9.TMP

Filesize
48B

MD5
352150a24d425a49801c4c352ee3d704

SHA1
5341c89486008398cef372ede8419f495fd1c0bd

SHA256
255e7cd928dcb1bb705d09e6edecb1e00c6ba30649a44f25fe0757b49c954d0f

SHA512
fd5909ce1f0d079274854dbb03e345fbd599a742feecf332757e3540591a85eba283b0045387487fd2396c2c9db6e17becd7181a8bd916a239c8b68e9db62523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c3e5d1b35618e08404c88e778c91ae4e

SHA1
f88b1c6305de572b9dda58dfc92a7d13a6a1b4cf

SHA256
60fd6daff24b960cdd0a87470a89593e634ae77badca511a9632d6c6608797a2

SHA512
403656082da71023e209c1af8f83789e274a2f1289088cf3a9956fcd7a5bcf30a1598aad06e4a55262f8320df466bf2bd7b31bbf6e586d04d5bd962006152a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c2e6b72e825295b002255e62dd6ec04c

SHA1
a1a58bbacf8516c9b026c283039e6d0636f8227a

SHA256
8e5a062ad6096a3d40635f86dc419f3a7273e4a7669770ac80712b16ea1a6a88

SHA512
7343f4bc961361a043cb18f0b32073b0befeb4b11a5d12401dd910b8da96a08cddedda672742337dc01945369c25f7048a8d380e777a7b4a745a940b265dc5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36bbe640cf6f7f6f5e001b1b58af8206

SHA1
17ce4bc0be234686d9c141d96a32fd43524e6ca3

SHA256
bacfecb0d46399aba6a677d7025da5d0c617dce0106fb274f676a4da2a0a90d7

SHA512
c7a7ffa41ff50e74babdc922a5e38f3279003ca0d9ce246bddaf6dfab3481e92e5f57d603995127f6aead3a196d6b52fe2460a400caeba6c3f2002b69c24513c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d0f4ed25361e5f179b05ec895b053b5

SHA1
3e094089fbf99f889d6355c710f64589e17483ce

SHA256
d35999a4fcf6baf3b339e0f7d302479e69e89a668027eeff9f6bf2634200a5df

SHA512
dd1a9d7c7f4f2d6df1582386cecd83c73080c1306388ea24362cf57a7e82f9b686aab3381d5eb9054d73325cff39d70982b0104bae1547c4d94761b70378e99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a79a.TMP

Filesize
1KB

MD5
f5bd504d037fb202acba91671ede8cf3

SHA1
7cd9431f3b20574937ceb22a551e7f1bc2b48ea7

SHA256
7d8b96429d18f6ae9032d377c6cefbc74337e861d3bb880e5f4752e637923dc9

SHA512
2b6ebdd944fe2250b65b52a1db454a3e69bde5191de00e2620f30b93722b75830a38c8d5095f5c20c70696aa5fc3e316bcb73479797e16cf22e7a422dc653b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
414ce1ebed0284c0a1f65272f48c2ac1

SHA1
1bb91f9f398ee9a07d82ac6fadd0f76ededaad57

SHA256
6754be450888068e89b19826c68dfad9ce557292711342dc39e81aa8002c2002

SHA512
0b41729c770de2c19e35b1e325f9945481834cc2a062955a51311566ee681bbed748a6d3619a8d49747d6393b8de8865b121ff3b53fdc82e35caca7faec48275

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
58db30d05e1e5883c5a14da6cd6d3842

SHA1
2a849bf3abb8495c66fce3a1dfcbf3533f677339

SHA256
a77f244e36cd76b0f2eaee998c834e9dd08ddbac5501e636161b4cec5250d17d

SHA512
9a12f377421b26982efe081907d7304851d0ffa9d0dd0791bf8a8efe226b035838de4a85bc350699df15f25e80351bdc75f98a3da616e53e9bd67d3aa79b1099

Download Submit
C:\Users\Admin\Downloads\Vape V4 & Lite.rar

Filesize
7.6MB

MD5
e0e316812ef29181424dd2a1736e4c1b

SHA1
7a821a56ff8925aa553a6a238aeee7bf145842ae

SHA256
cb07ea11ef0d2162b019880383e4c1fa2349f3ec594117da6f87f89514a78c85

SHA512
a687be81a726b80019df676ffe8447aee47cf32eab7e9e899894e6bb6cd7ad24c56b9bf97d15bebf0f91b62d9a27d0dd9c97f874c5202efe713284be8e8a009b

Download Submit
C:\Users\Admin\Downloads\Vape V4 & Lite.rar

Filesize
7.9MB

MD5
4c63bb23af6e63239be6468d76255476

SHA1
2aeaf68e8efc1fc731d4fa9869cf4d35a58a5b5e

SHA256
491357892b7146602a9fd95774ce5510fcbae16e3bd17ba3252ab7518d66592b

SHA512
9514c434b7f8922baffc7fbff6b7635f318f7f564c46414eb9b80832a40fdc073617cfe023ac082d9e05fd3d052fb89117fd5f340f060eb0fbf101291e5a9b4c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response