hxxps://5[.]imimg[.]com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar[.]pdf

Resubmissions

22/02/2024, 22:45 UTC

240222-2pm88sga7v 1

22/02/2024, 22:40 UTC

240222-2l2mfsge47 4

Analysis

max time kernel
270s
max time network
249s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
22/02/2024, 22:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531154830339783"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000001f03918267d1a40689420928105b6cc597cd41890b42b547a480af14d0f032e2471c02b4ec2578c8f7649b0281d142287c15fc7377b02c64be87	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d402758be065da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5ca2f645e065da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{0C49A4CE-E272-44C8-8F85-0DB73DE6EAD7} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 57afc660e065da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
964	chrome.exe
964	chrome.exe

Suspicious behavior: MapViewOfSection 5 IoCs

pid	Process
1940	MicrosoftEdgeCP.exe
1940	MicrosoftEdgeCP.exe
1940	MicrosoftEdgeCP.exe
1940	MicrosoftEdgeCP.exe
1940	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4580	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4580	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4668	MicrosoftEdge.exe
Token: SeDebugPrivilege	4668	MicrosoftEdge.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4668	MicrosoftEdge.exe
1940	MicrosoftEdgeCP.exe
3940	MicrosoftEdgeCP.exe
1940	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 4860	1940	MicrosoftEdgeCP.exe	77
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 1940 wrote to memory of 2476	1940	MicrosoftEdgeCP.exe	79
PID 964 wrote to memory of 1256	964	chrome.exe	85
PID 964 wrote to memory of 1256	964	chrome.exe	85
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89
PID 964 wrote to memory of 5112	964	chrome.exe	89

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf"
1⤵
PID:2580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4668

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2476

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc4fef9758,0x7ffc4fef9768,0x7ffc4fef9778
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3592 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1864,i,15368747808080532474,17289022843054566079,131072 /prefetch:8
  2⤵
  PID:2580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2376

Network

DNS

5.imimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

5.imimg.com

IN A

Response

5.imimg.com

IN CNAME

d2tga8ssaf7pi3.cloudfront.net

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.83

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.64

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.80

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.126
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/pdf
content-length: 236391
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 84c210424bc648cf84cb9425addd241e.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: l6nIyDmSPV6AqscyXSJFTMBotjFGD2OijjcLWB-bz9L6GEgL8J00xg==
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
range: bytes=0-
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 206

content-type: application/pdf
content-length: 236391
date: Wed, 21 Feb 2024 19:13:12 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
content-range: bytes 0-236390/236391
x-cache: Hit from cloudfront
via: 1.1 84c210424bc648cf84cb9425addd241e.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: -481aAi8OMD_x8Gr6SPpEVzmYrwXW9dE9csMnhnQ5ON7Z8hAinqb8Q==
age: 98901
DNS

83.153.155.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.153.155.18.in-addr.arpa

IN PTR

Response

83.153.155.18.in-addr.arpa

IN PTR

server-18-155-153-83ham50r cloudfrontnet
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

23.149.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
GET

https://5.imimg.com/favicon.ico

MicrosoftEdge.exe

Remote address:

18.155.153.83:443

Request

GET /favicon.ico HTTP/2.0
host: 5.imimg.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 200

content-type: image/x-icon
content-length: 2155
last-modified: Wed, 12 Jul 2023 11:05:02 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Feb 2024 07:52:09 GMT
etag: "af77f7bda7f0c0709d6a24eb7c1f48c4"
x-cache: Hit from cloudfront
via: 1.1 348a653d0e85028276e2f0a42392e00e.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: f6ds4oBXy-xip0ambDjdtxnXZXDYENOWxSsynAWxcX9yO-IhY4hbNg==
age: 53572
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

209.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.178.17.96.in-addr.arpa

IN PTR

Response

209.178.17.96.in-addr.arpa

IN PTR

a96-17-178-209deploystaticakamaitechnologiescom
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

www.microsoft.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.17.5.133
DNS

133.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.5.17.2.in-addr.arpa

IN PTR

Response

133.5.17.2.in-addr.arpa

IN PTR

a2-17-5-133deploystaticakamaitechnologiescom
GET

https://www.bing.com/cortanaassist/rules?cc=US&version=6

MicrosoftEdge.exe

Remote address:

92.123.128.187:443

Request

GET /cortanaassist/rules?cc=US&version=6 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 404

cache-control: private
content-length: 51425
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-eventid: 65d7cddcb9fc4fd68e30751f3836c456
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-error-page: 404-custom
x-ua-compatible: IE=edge
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C58685F361343398278B45FAEFA6412 Ref B: LON04EDGE0711 Ref C: 2024-02-22T22:42:36Z
date: Thu, 22 Feb 2024 22:42:36 GMT
set-cookie: MUID=230D75E6436265533B5061CB42456494; domain=.bing.com; expires=Tue, 18-Mar-2025 22:42:36 GMT; path=/; secure; SameSite=None
set-cookie: MUIDB=230D75E6436265533B5061CB42456494; expires=Tue, 18-Mar-2025 22:42:36 GMT; path=/; HttpOnly
set-cookie: _EDGE_S=F=1&SID=18595FB3181F66EC265D4B9E19386754&mkt=en-us; domain=.bing.com; path=/; HttpOnly
set-cookie: _EDGE_V=1; domain=.bing.com; expires=Tue, 18-Mar-2025 22:42:36 GMT; path=/; HttpOnly
set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sun, 22-Feb-2026 22:42:36 GMT; path=/
set-cookie: SRCHUID=V=2&GUID=DA51AD23C2A04C20A7316BB8EAC96AB7&dmnchg=1; domain=.bing.com; expires=Sun, 22-Feb-2026 22:42:36 GMT; path=/
set-cookie: SRCHUSR=DOB=20240222; domain=.bing.com; expires=Sun, 22-Feb-2026 22:42:36 GMT; path=/
set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Sun, 22-Feb-2026 22:42:36 GMT; path=/
set-cookie: _SS=SID=18595FB3181F66EC265D4B9E19386754; domain=.bing.com; path=/
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.bb777b5c.1708641756.72f8cb09
DNS

187.128.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.128.123.92.in-addr.arpa

IN PTR

Response

187.128.123.92.in-addr.arpa

IN PTR

a92-123-128-187deploystaticakamaitechnologiescom
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
range: bytes=15806-
if-range: "ed9b36fbe4eb3000116b4ec046e0df61"

Response

HTTP/2.0 206

content-type: application/pdf
content-length: 220585
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
content-range: bytes 15806-236390/236391
x-cache: Hit from cloudfront
via: 1.1 aa5dfacfc06699e0f0625f72154bba68.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: cg366Jxnh2e7sg4Xd5sRlQ85CQmA9tu7ergVczU9X4WmZZdp0BvUjQ==
age: 84
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
if-modified-since: Mon, 31 Jul 2023 18:55:00 GMT
if-none-match: "ed9b36fbe4eb3000116b4ec046e0df61"
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 304

date: Thu, 22 Feb 2024 22:42:56 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 aa5dfacfc06699e0f0625f72154bba68.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: 4kA2PPRiMyrStUu0tg-o0PAdQpxlt4K_Ye9yD9Vg1Foc89slgE87Iw==
age: 98985
DNS

5.imimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

5.imimg.com

IN A

Response

5.imimg.com

IN CNAME

d2tga8ssaf7pi3.cloudfront.net

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.83

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.64

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.80

d2tga8ssaf7pi3.cloudfront.net

IN A

18.155.153.126
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/pdf
content-length: 236391
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: kuZ4a0H4EHLZfvPsNCncNLYLJdhKEBXoSz6bIzmEuYzgCrEV4Zr3qg==
age: 85
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
range: bytes=0-
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 206

content-type: application/pdf
content-length: 236391
date: Wed, 21 Feb 2024 19:13:12 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
content-range: bytes 0-236390/236391
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: MR1rHRPek_fQzCokUcsHyMv_RvfKiz6Vd6fCqP6BMhSepjzp16TqqQ==
age: 98985
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
range: bytes=32343-
if-range: "ed9b36fbe4eb3000116b4ec046e0df61"

Response

HTTP/2.0 206

content-type: application/pdf
content-length: 204048
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
content-range: bytes 32343-236390/236391
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: -jiTnZvHiPUTEWmjfC1cIbe2Ddj2zBzM8G5khFOTk7y7B5JTQreJ8Q==
age: 104
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
if-modified-since: Mon, 31 Jul 2023 18:55:00 GMT
if-none-match: "ed9b36fbe4eb3000116b4ec046e0df61"
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 304

date: Thu, 22 Feb 2024 22:43:15 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: XB4h_lco6ysDijFd7uYpxebshOVanAe461bWr9zRyOPZr7C1wq7bqQ==
age: 99004
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/pdf
content-length: 236391
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: PGhYVAoYpvgzy0ipSQY2EvAKAWIuQZ3yx3ddYh6IZKF5p6hSTnWgnw==
age: 154
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
if-modified-since: Mon, 31 Jul 2023 18:55:00 GMT
if-none-match: "ed9b36fbe4eb3000116b4ec046e0df61"
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 304

date: Thu, 22 Feb 2024 22:44:06 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: bN7Qt9DRaPPrjnvC7APX1vjRFMgzoZ4Yi6-esxml72loXD0aV81ChQ==
age: 99055
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/pdf
content-length: 236391
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: DYFwBCGERx9NTTB-PBok4xCfE2c4FncLOL94ZuNRzMz0WUX5iu-OoA==
age: 158
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
if-modified-since: Mon, 31 Jul 2023 18:55:00 GMT
if-none-match: "ed9b36fbe4eb3000116b4ec046e0df61"
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 304

date: Thu, 22 Feb 2024 22:44:09 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: CfghLHXnf8CsrLWYZ7sQJp91oalOQ_aepbipbdx_D6FbkHc6MJH9jA==
age: 99058
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/pdf
content-length: 236391
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: Fm1PXjoqMz4-eqf_eNCY9y6xkJuCg7f3OF8o8sq-PP8a2jKy7NUv_w==
age: 162
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
if-modified-since: Mon, 31 Jul 2023 18:55:00 GMT
if-none-match: "ed9b36fbe4eb3000116b4ec046e0df61"
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 304

date: Thu, 22 Feb 2024 22:44:13 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: kn90gUh_Bkw03yElsALpIkv-E8medNk3DHJntVI6hKXiFJS1KxLthA==
age: 99062
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/pdf
content-length: 236391
date: Thu, 22 Feb 2024 22:41:32 GMT
last-modified: Mon, 31 Jul 2023 18:55:00 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: kA74wWzn-_6-o1hWqfSBOBx1B_TapOmNrQt_iyHrUurOFm8WvB6O8A==
age: 172
GET

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

MicrosoftEdgeCP.exe

Remote address:

18.155.153.83:443

Request

GET /data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf HTTP/2.0
host: 5.imimg.com
if-modified-since: Mon, 31 Jul 2023 18:55:00 GMT
if-none-match: "ed9b36fbe4eb3000116b4ec046e0df61"
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
referer: https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf
getcontentfeatures.dlna.org: 1
accept-language: en-US
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 304

date: Thu, 22 Feb 2024 22:44:24 GMT
etag: "ed9b36fbe4eb3000116b4ec046e0df61"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
x-amz-version-id: null
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 99ca88e83be89103b0ba651c261db4c4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: 52TCx0duTslZYYk_5i-1q1aYbUxi8s87CCO42KssYZtiIpKKf_Yl9w==
age: 99073
DNS

lojebamuta.eelruxe.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

lojebamuta.eelruxe.com

IN A

Response

lojebamuta.eelruxe.com

IN A

172.67.155.98

lojebamuta.eelruxe.com

IN A

104.21.7.18
GET

https://lojebamuta.eelruxe.com/364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:443

Request

GET /364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim HTTP/2.0
host: lojebamuta.eelruxe.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

date: Thu, 22 Feb 2024 22:43:01 GMT
content-type: text/html
location: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5dDp3aei6G%2Fkqiw9imO%2B6BhoYyyRHORJyWLHyWM03k3iWZ3lbiblhoZeJikE0RhG6e3XL9ODfRcuxXlaGlJXtTckaDdNaMfam1AUD2%2BU48VwzJABSIK1j3J4H%2FpQB63Igm9i2ud%2FWwf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 859abedd7897068a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://lojebamuta.eelruxe.com/364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:443

Request

GET /364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim HTTP/2.0
host: lojebamuta.eelruxe.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: cf_chl_rc_i=1

Response

HTTP/2.0 302

date: Thu, 22 Feb 2024 22:43:19 GMT
content-type: text/html
location: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QUTIH14pehvOAQoRoJvHdR1XK4zsp%2BT3Zkhp%2BW%2BgPX7u10l%2BnQil7arATIl0chsE40mZ5EJB2loA3Jimp37ZI%2FEEpv%2BF86OmFc9x%2FuPBpw1StQ6fch0DUE07t9bHo9oEKBXVfV4fYqX3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 859abf51b8c9068a-LHR
alt-svc: h3=":443"; ma=86400
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

98.155.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.155.67.172.in-addr.arpa

IN PTR

Response
GET

http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:43:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNULemb%2BekP5ewdF%2FIl%2BHvL7IubJEAS2SGqYZ5bxV99IiUG0v0%2BhcBcsMw8ZtWD6yy8p5gunN%2BmGbpiHqUXpGVoY8kDlU6ROuwXz4h2k0A3TesOQd6knFnoT1VF7FJdF9elxD%2BjP4%2Bvn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859abedeae7679c4-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859abedeae7679c4

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859abedeae7679c4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6XBjQruNZKZvkwKRzu8VZXXNoWyFrEyUMScckG7JtOnI8bc2hqBwsPUwg7B2bHr2Ehh3TvQ%2FItbfWHuBLCHpvLNxa%2FoStMbNPgWDztd35p8GkYZi%2BI4J5LzzTbDQ43646BZ4HbROi52c"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abee0486323b3-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/favicon.ico

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /favicon.ico HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:43:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAmeDJZuyTUhPwaTYf3LyptEnNbtZg5%2B6oeoPnFFS48%2FxBhi2AJZAkv7zGvZOrNlOuacmPcGecCoYhw4MZw%2FE8nV4ULT8xCvqgY9UzHwPdOWSvt0tntRrjmKbljizzWmK8YyyWqNmWrK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859abee1398e23b3-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/favicon.ico

MicrosoftEdge.exe

Remote address:

172.67.155.98:80

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Host: lojebamuta.eelruxe.com
DNT: 1
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:43:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djQUfR26lmB9UF8KVAOQ3npAoZp1MEg7WBVY2ks7yaBAO3rI7av3ObyJmlZM3ZklzIK0zqYmUaxPOmwDBabtnqq5kccMOKYIFzINnyU2NDsHfKCegtBSPdk0Z%2BEyZdJxOOAYw%2BhS%2Bvvj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859abee13f2763c3-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/favicon.ico

MicrosoftEdge.exe

Remote address:

172.67.155.98:80

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Host: lojebamuta.eelruxe.com
DNT: 1
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:43:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HgHKGdi6Eoapu9MqfQtutRIJGfs8HXas1CeDZqmo95OSTXoOW3ScvhoPY0s9aBUMZscVTXNTCNFN1mx8E6kcBXvnjO%2FWvJFVfTJBZOZxdLmWjQb57uw7LEe6lAZ4w4uydw5Ao1tVg7v"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859abee09dae3858-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

challenges.cloudflare.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

challenges.cloudflare.com

IN A

Response

challenges.cloudflare.com

IN A

104.17.3.184

challenges.cloudflare.com

IN A

104.17.2.184
GET

https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

MicrosoftEdgeCP.exe

Remote address:

104.17.3.184:443

Request

GET /turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit HTTP/2.0
host: challenges.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 403

date: Thu, 22 Feb 2024 22:43:02 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Thu, 22 Feb 2024 22:43:17 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 859abee4ae11651e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

MicrosoftEdgeCP.exe

Remote address:

104.17.3.184:443

Request

GET /turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit HTTP/2.0
host: challenges.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 403

date: Thu, 22 Feb 2024 22:43:20 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Thu, 22 Feb 2024 22:43:35 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 859abf549f79651e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110 HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
CF-Challenge: c9fe0f6a2057110
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 3142
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:02 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: pEEX9JJR9PZ8i8v9MtIpuS28BUrwVvlee0X6+MMCR9wOpwrWfsbp/X3TqAa1cajc$aD54XSwiXCiArOvPiwiwxA==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sB2g0%2BXcA%2Fy1QzLYnEdjtmyYo5cITpg17%2BKv1pPZnM1reajpyd3hbs6XWVnZ9357VP1sHHQF11VJe5w4ha6wGWRXxVumkLIFr8RIl%2BLs0jq3UmG2pNCApZoagQK7a01YhEX8TT9DZtes"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abee41fd9888b-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110 HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
CF-Challenge: c9fe0f6a2057110
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 3678
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: R+pXo77xAPOdkuAkjOlrz/XME++pYTsPom3kMSQF0gGjiezVg+cgh20OikLxepvmD6+Bx+t0QkF/EfQcE6vqT/ZEFEPUAfXgxnsPuhydmC0=$bGMxNnOy01gMUn8GIROrlw==
cf-chl-out-s: zrcyIzanu4BqIzF7ngsdXtnLn5Oj/qZmaPiMZAC0FPP52Y/4B4gGH7qmoqx5EsVj$c75sGZd2HF4rLGUmoho/Eg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmCf6e87IplBzPisDOYZQHGxtLh7aZ6XjMRYKpQwHxqn3ZZVN8tmAQA8r%2BsiNmjdzDFuQSkx5c2DWeqqGcvQjWtGhiiK1WkfpVOaUsCOewNP2vrp%2B9zGSBz%2BiJxGbvX0iZ1bCMxErJ2O"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abf051be4888b-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/beacon/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110/interactive

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/beacon/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110/interactive HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 533
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: cf_chl_rc_i=1

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKjli5%2Fq7hwDomr6LPFXO2vmMdQ14OPVyAFDWxnQWa1vzNl0FrFAfJA%2Bzxm7cUkg6gkh%2BRV0FYCKLbUl1UWFLyyTAukvcAaF78RTW5eMzJWXKqHcVlT%2F%2FnUPOVpzi%2FMUfvp4vSXddCUC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abf126d29888b-LHR
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive
Cookie: cf_chl_rc_i=1

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:43:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xG482fBimjjZvtO3qPXQQGz6EFqDnuAkVvEQBVUUjH2Vn3lgcxeL8inPzZvQafFx1ghC70707AWyn8bIdRiyMEuMs3Zt2G8fsPiaMSqh19M3wQVPBRX3QrvsxcOLuG1SWvM74SIxBxws"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859abf525ad5888b-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

184.3.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.3.17.104.in-addr.arpa

IN PTR

Response
GET

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859abf525ad5888b

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859abf525ad5888b HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive
Cookie: cf_chl_rc_i=1

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w06ExcGHW4icLAIRKrzELrxd1xHvBUJwmtbFrjbGU1ZmOMY5WJkE47DI7bg2MK%2FVd0YVLstiof5ACir74zTdkZlmDUZMrW7PZAbBXsiPYXhD0Y%2FKYOmy%2Fj64GZGObvzsUGEMcoAayjxF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abf539c6b63f5-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/favicon.ico

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /favicon.ico HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive
Cookie: cf_chl_rc_i=1

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:43:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yoQC10f%2B3w4%2BLmYqgcDThQSQJNYwge%2F%2FgrHcnXP7PqRQ7CK10zJC0Xwdwews2szPFh3bM4hjGoNRpJXwgbxlUBnD61ZKrTomua878krg5HY44n1iwJkdZQODCbkAqVj5RsVampUzmuL%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859abf546df463f5-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
CF-Challenge: d8fbf85bf3ddbcb
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 3204
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: cf_chl_rc_i=1

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:20 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 4kdUdGBJvhsGTlPpg5wpjI955LauH0BaG+xUk0obEhyuMQIE+N8lHwh5rDiki6Pw$bXBVgAQe+18Z13jbEEKHeA==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ZrgLxyuM6qXxPAP2VZAFprXEV81qevB0Ze2kHfRkHIFof2XeifAtVHZQC75mp%2FzRLKRAIXzpGVYvpjvRlgCrj7ON6TkVbNJhGznkCIEVfuS0tYh7oBbNiMJfXpaoa6Ztwhj%2FncjMWKG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abf562dc86582-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
CF-Challenge: d8fbf85bf3ddbcb
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 3743
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: cf_chl_rc_i=1

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: uaeyjJvzhHUObmH8ayhHtUWFEGwALUPrjmpaWlvjr+Kd0jdGftZHX9fK1WzfYz+P0vHvzce7ZJ0KrNP+h969JEVHaRV0GDDGEQ1M0pGn4Mo=$cJQ3PcHu7X+D9CMLmdqBEg==
cf-chl-out-s: 8tQ4/MUdGgwSqJBF0iQdQXbkedUaTmGdklEyl264Wk16ZBqMHIcAYhQ8NqGRErG7$5bUpnkMABK3S6uEXGjiNyg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xudZ3jQxCh1h36GJvFJHS0p4fS%2F1ATEw6OkaymjW5kKErgJi0AX2RveLp9ydMoGrp4nOGoZULZ%2F3xs7reyIGh7Pa2lo5MwalPcDE17oSQyLcv6PuleUP%2BpME%2B7877T4rnAtPi%2BOyQx0b"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abf76deef6582-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/beacon/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb/interactive

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/beacon/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb/interactive HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 523
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: cf_chl_rc_i=2

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:43:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mr8z%2FAsKAN%2BA8dMgf40uQ7sC0GPS1cHNi9bzdrhl9fQN07Z7Gpjo6FnU%2FYV3sa4oU62U%2BHwdySB0TVKXzHK%2FCRFWF7psdeyv%2FFp63n5xU6LTZ8fmajYDYe14B%2FXmoSooVw2qpjy6gLoT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859abf90a8e96582-LHR
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive
Cookie: cf_chl_rc_i=2

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:44:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JK4OWNRtgxWBnXCnG6PNEsWL%2BNmmT%2FLyVN%2FNia0K6Ht%2BpNibwlwIt3KcBMTKfuWPCfAq7wZxs3tU5M7KwdBKDgthQRiAMxyFTu4ysrvZWMMItaxHgxnPHoXU1d2NB88h23dNPaFQvJ6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859ac0a7b99f6582-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

MicrosoftEdgeCP.exe

Remote address:

104.17.3.184:443

Request

GET /turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit HTTP/2.0
host: challenges.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Thu, 22 Feb 2024 22:44:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 859ac0aa4c927714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859ac0a7b99f6582

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859ac0a7b99f6582 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive
Cookie: cf_chl_rc_i=2

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:44:14 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ckz2HYFFjAxkU4h1%2FMNcJ%2FZfTdOWd0Bii0kUMrEqv0qTtFBRStC%2FMU0zfjBApvEMh5LdpAWzQ3hn0Bes%2FHnbuUZSFS%2BNivERDH0iDXKHrgqSu1RXUNn8bHnsz%2FafNzo%2BI2l6M33MKIJh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859ac0a96e8ddd76-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://lojebamuta.eelruxe.com/favicon.ico

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

GET /favicon.ico HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Connection: Keep-Alive
Cookie: cf_chl_rc_i=2

Response

HTTP/1.1 403 Forbidden

Date: Thu, 22 Feb 2024 22:44:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ArGUOtL8EOXQx27mfmNu6z%2FEmODVTjOjOcDssP%2FmU9Mk1oCgFS%2BgR41anZDbXLKx4YT9WAg%2Fpy2cmGvo%2Bzl4u4Frrou8o2GsFOmuSzKfT%2FxBU9rrLwDplFlqIEzg9GUORi7tDraYTE1U"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 859ac0aa4f98dd76-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252 HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
CF-Challenge: a9871ec866a2252
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 3156
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: cf_chl_rc_i=2

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:44:15 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: hU+14c7FFRdADZwZCBm9gLzVeZFXKTJMBKb+8g0n813KZvj55AXc37BeAn3GLkij$gICcqkU1+9Clu4rsK1zyfw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pq7lTm6usjiR0NAgT3tGdISVyz8Eo%2BCDQ%2Fvg3LO2RlHuMWzk4Tq%2BjLKFn1xkWmpv4bsT23uVnHJi2FK4Aa%2BIMJipciqqg7nO%2FkSea7c%2FQpHE23P%2Fa%2B%2BY3KOpc4jQjp1yWDpatj98y1yM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859ac0abace7416b-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
POST

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252

MicrosoftEdgeCP.exe

Remote address:

172.67.155.98:80

Request

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252 HTTP/1.1
Accept: */*
Origin: http://lojebamuta.eelruxe.com
Referer: http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Content-type: application/x-www-form-urlencoded
CF-Challenge: a9871ec866a2252
Accept-Encoding: gzip, deflate
Host: lojebamuta.eelruxe.com
Content-Length: 3693
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: cf_chl_rc_i=3

Response

HTTP/1.1 200 OK

Date: Thu, 22 Feb 2024 22:44:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: wph8sxdF87wApIIHtQv9UY8do+G25wo3fvSkjYGSJi9AdMk0ORAEMPQO2k77K9Z3TvOarPbWWxTs860JbsoVsbvt32RfvTSJptkDbq46Vm0=$xlL7RQTIPQDdKRV+vp1tVg==
cf-chl-out-s: R0JkmIVdkmekn6OOml0B9nOPwchUaCCsugICnnY2TXeqjQLeRfAaLURKFrTWyoodslLOfDxsnZEFtnX3xqmREg02iPQeLumwLOo2z8tGRhVt1vL1abqg4O/EWlHoGUkoo8cGF92yAGH1ULGugMMUe2jltBnDlT730YoRBmj4z0U=$51tjsk7lG7SrgnTiPWc9Sg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lJWw7klsqz0et7ttInm%2FJP8iHVvjp28%2BGQw82k4OaZsy3bTvjkhaUhalswh%2BHI26kNj73YtgeiZG9QxGBaKnFTR3gJ%2BT1Cha4zEbmG96%2B4JTQ7fEqITuWXyjg1Xhe9%2Byxbc%2BhRssTQQj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 859ac0cc4f68416b-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f31e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f67�G

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f3�G
DNS

228.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.16.217.172.in-addr.arpa

IN PTR

Response

228.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f41e100net

228.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f4�H
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.14

18.155.153.83:443

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

tls, http2

MicrosoftEdgeCP.exe

17.9kB
496.2kB
372
369

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

200

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

206
18.155.153.83:443

5.imimg.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
6.5kB
16
13
18.155.153.83:443

https://5.imimg.com/favicon.ico

tls, http2

MicrosoftEdge.exe

1.4kB
9.1kB
18
14

HTTP Request

GET https://5.imimg.com/favicon.ico

HTTP Response

200
18.155.153.83:443

5.imimg.com

tls, http2

MicrosoftEdge.exe

1.1kB
6.4kB
15
12
204.79.197.200:443

ieonline.microsoft.com

tls, http2

MicrosoftEdge.exe

1.2kB
8.1kB
16
14
92.123.128.187:443

www.bing.com

tls, http2

MicrosoftEdge.exe

1.1kB
4.9kB
15
14
92.123.128.187:443

https://www.bing.com/cortanaassist/rules?cc=US&version=6

tls, http2

MicrosoftEdge.exe

3.2kB
59.6kB
56
53

HTTP Request

GET https://www.bing.com/cortanaassist/rules?cc=US&version=6

HTTP Response

404
18.155.153.83:443

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

tls, http2

MicrosoftEdgeCP.exe

9.1kB
229.3kB
176
170

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

206

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

304
18.155.153.83:443

https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

tls, http2

MicrosoftEdgeCP.exe

58.4kB
1.7MB
1240
1226

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

200

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

206

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

206

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

304

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

200

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

304

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

200

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

304

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

200

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

304

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

200

HTTP Request

GET https://5.imimg.com/data5/MY/Rfq/2023/8/330766013/JA/UR/FK/187076539/burenipelobotutazujar.pdf

HTTP Response

304
172.67.155.98:443

lojebamuta.eelruxe.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
5.9kB
15
11
172.67.155.98:443

https://lojebamuta.eelruxe.com/364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

tls, http2

MicrosoftEdgeCP.exe

2.1kB
8.1kB
22
16

HTTP Request

GET https://lojebamuta.eelruxe.com/364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

HTTP Response

302

HTTP Request

GET https://lojebamuta.eelruxe.com/364118385?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

HTTP Response

302
172.67.155.98:80

http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

http

MicrosoftEdgeCP.exe

2.1kB
11.7kB
17
16

HTTP Request

GET http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

HTTP Response

403
172.67.155.98:80

http://lojebamuta.eelruxe.com/favicon.ico

http

MicrosoftEdgeCP.exe

5.9kB
68.1kB
65
63

HTTP Request

GET http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859abedeae7679c4

HTTP Response

200

HTTP Request

GET http://lojebamuta.eelruxe.com/favicon.ico

HTTP Response

403
172.67.155.98:80

http://lojebamuta.eelruxe.com/favicon.ico

http

MicrosoftEdge.exe

969 B
8.5kB
15
12

HTTP Request

GET http://lojebamuta.eelruxe.com/favicon.ico

HTTP Response

403
172.67.155.98:80

http://lojebamuta.eelruxe.com/favicon.ico

http

MicrosoftEdge.exe

969 B
8.5kB
15
12

HTTP Request

GET http://lojebamuta.eelruxe.com/favicon.ico

HTTP Response

403
104.17.3.184:443

https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

tls, http2

MicrosoftEdgeCP.exe

2.6kB
7.9kB
25
22

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

HTTP Response

403

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

HTTP Response

403
104.17.3.184:443

challenges.cloudflare.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
3.6kB
14
10
172.67.155.98:80

http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

http

MicrosoftEdgeCP.exe

15.6kB
26.6kB
43
37

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110

HTTP Response

200

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110

HTTP Response

200

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/beacon/ov1/315276607:1708639823:ekx8INrgXgA3GIhl_17yGzhdYcGSZR30dEqwzI_XE7E/859abedeae7679c4/c9fe0f6a2057110/interactive

HTTP Response

200

HTTP Request

GET http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

HTTP Response

403
172.67.155.98:80

http://lojebamuta.eelruxe.com/favicon.ico

http

MicrosoftEdgeCP.exe

5.8kB
68.0kB
63
61

HTTP Request

GET http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859abf525ad5888b

HTTP Response

200

HTTP Request

GET http://lojebamuta.eelruxe.com/favicon.ico

HTTP Response

403
172.67.155.98:80

http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

http

MicrosoftEdgeCP.exe

15.7kB
26.5kB
42
35

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb

HTTP Response

200

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb

HTTP Response

200

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/beacon/ov1/1584176155:1708639878:o2zk9sv7HKE8u8X0soAA_6IZxLbhc1rG7gMnXSLQV8k/859abf525ad5888b/d8fbf85bf3ddbcb/interactive

HTTP Response

200

HTTP Request

GET http://lojebamuta.eelruxe.com/indi?muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim&muwaxatufawenuzogevokuwewaxamisirorebitosibibebalimaxin=jonanowaxunugurowasojobunefilisogezalugezogiwabepedinuxesafanagipidilevodowubivomonusizanijupujokebokipebatufikajuzevusikozosujebuvozinupunoxopalomuwaredatolixeluzanerujogepijisijukepunutitasovoganawabeb&keyword=turn+off+digital+secure+verizon&kabixofejolojepefigotuzutalifogugexupifagejapogemewokatutiloxebutamefudomodufixu=zuxesepemefenojapejumomusobugavujulovizotorukigavevosebuvugibuwejegabananemulenumilixokatijigekurofotegajizurasepiwuzisobopuladewim

HTTP Response

403
104.17.3.184:443

https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

tls, http2

MicrosoftEdgeCP.exe

2.8kB
14.9kB
27
24

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit

HTTP Response

200
172.67.155.98:80

http://lojebamuta.eelruxe.com/favicon.ico

http

MicrosoftEdgeCP.exe

5.9kB
69.6kB
65
63

HTTP Request

GET http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=859ac0a7b99f6582

HTTP Response

200

HTTP Request

GET http://lojebamuta.eelruxe.com/favicon.ico

HTTP Response

403
172.67.155.98:80

http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252

http

MicrosoftEdgeCP.exe

11.4kB
14.4kB
26
20

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252

HTTP Response

200

HTTP Request

POST http://lojebamuta.eelruxe.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1292445829:1708639871:achZf7LYuAkohjIY90eBSzDFFr6O7SBU8SPuLfIBip0/859ac0a7b99f6582/a9871ec866a2252

HTTP Response

200
172.217.16.228:443

www.google.com

tls

chrome.exe

953 B
4.8kB
8
9
142.250.200.14:443

clients2.google.com

tls, http2

chrome.exe

999 B
8.4kB
9
10

8.8.8.8:53

5.imimg.com

dns

MicrosoftEdgeCP.exe

57 B
164 B
1
1

DNS Request

5.imimg.com

DNS Response

18.155.153.83

18.155.153.64

18.155.153.80

18.155.153.126
8.8.8.8:53

83.153.155.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

83.153.155.18.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

23.149.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

23.149.64.172.in-addr.arpa
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

209.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.178.17.96.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

MicrosoftEdge.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.17.5.133
8.8.8.8:53

133.5.17.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

133.5.17.2.in-addr.arpa
8.8.8.8:53

187.128.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

187.128.123.92.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

5.imimg.com

dns

MicrosoftEdgeCP.exe

57 B
164 B
1
1

DNS Request

5.imimg.com

DNS Response

18.155.153.83

18.155.153.64

18.155.153.80

18.155.153.126
8.8.8.8:53

lojebamuta.eelruxe.com

dns

MicrosoftEdge.exe

68 B
100 B
1
1

DNS Request

lojebamuta.eelruxe.com

DNS Response

172.67.155.98

104.21.7.18
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

98.155.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

98.155.67.172.in-addr.arpa
8.8.8.8:53

challenges.cloudflare.com

dns

MicrosoftEdgeCP.exe

71 B
103 B
1
1

DNS Request

challenges.cloudflare.com

DNS Response

104.17.3.184

104.17.2.184
8.8.8.8:53

184.3.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

184.3.17.104.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
172.217.16.228:443

www.google.com

https

chrome.exe

5.7kB
23.1kB
34
40
8.8.8.8:53

67.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

67.204.58.216.in-addr.arpa
8.8.8.8:53

228.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

228.16.217.172.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.200.14
142.250.200.14:443

clients2.google.com

https

chrome.exe

3.6kB
8.1kB
10
12
224.0.0.251:5353

chrome.exe

204 B
3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
0cb2f748fc66c4d524529429c40b27e0

SHA1
5dc7701cce1a870970326760b3cdb5567dbc592d

SHA256
e1f440188e1e8713ae23c1d85d78374bf0383db456b149847613ab8a0e78e5d2

SHA512
57f042203504a21445d04be76de5eebf5787a57d4c9f802c2fc4fe446058b6b007a822db1196685378149e838d2c67a7c12dd8ec0e708e4594950cd2de790598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
6d8a0e5643dc6eafc5a14ff6f283ca29

SHA1
d003dd97f87232d10d3ea1e83f193f58eedcb03f

SHA256
421c1e7c930a0019fd87990d6005f98e65eff8b6873e90601eee85a0cbbcff1a

SHA512
bbc3ceadd16360504b404bd960a598d6bbca23ae436d97a05709ad91b758d777fdf0dcea4f0187729dd84af8dc83df8d56f3fe18be65bdb1eeabe4e97032e4ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2f9f7a4321abe4d141da9c4fd2e23c6b

SHA1
b9915fcc651e485d013d9e89ee51028383609fb7

SHA256
a0e928c4f02ad548d68f83800b96e1c7ad68bba93da2d15ee7407913a1a887dc

SHA512
a54354043431921c3d8a0cb1d0816b462f7a486348c014f0c07763ba9ee04222ddb3b78b9cb6ee2289b01017705bc4e69cecf00cf405ab41de43f6a6f05d5239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2a01f10f5b4d292e1dbe588d09dbad23

SHA1
426588a90c59dc6123b33b074d3a903047d0b737

SHA256
478d5a13f25f77385328240b484bd7f371ba1b6d07696d8474769f1c95faadae

SHA512
943deaec364f6e6ad11d8aab5a622bbc7c2f7049a4167b7769eae945e776359bec66b0934bada6df8a234dc51058fca0d898d8b889d55f953abed1eee9f8d53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
efa91b91461a0e58bbb1912b47e0f890

SHA1
696e8dacda505c89ae94335eac609485abc7b3d5

SHA256
15976e15ca1f1351fd932e83ea3d6a15531657c04cdb7074477cc5e7a21decd1

SHA512
2a106ecc376e5ce404bf9178fb4d19e3bb888021aaed0d3126ce052573a9ba8067d9227568a1ad2a09e20b6795dbec76f21bbe876d577fa5c2e1ca69361e8e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5a1c08358ea633380451cf086671ceb6

SHA1
5dcb8e84e240de610cb086ab043723414d50442e

SHA256
bf8c35ab8d987b5b474769a80333112cdb020fa59931c4be29fb323eafb992f8

SHA512
0906e90856d4fefbe8454a395947e43d37742014637c069bdc9854a978caa35e0b0a0eb7f415d1c5a9314bf86536cbcd6a01d26c125f645f68333d8db14400d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
a2acb93131c9c25eab79c448d700dd08

SHA1
9b77d5289fba5b93f11f7dc5b2d1692f400860ec

SHA256
e2bee62c3ce03149a6ab8ac04d796c40ad074f04f4327a3224593172fa1328e4

SHA512
ad3cc61bdf24635f11293d12bd92ab02f2b9bc74dc797b66bec6df7625fe92b5358bf0aa103a98a9070ab1205545ba66e08251794b0d1296bfbd829c44b21809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
eb791012d32401d8be9d36428cc839ee

SHA1
f7100df30959fad4befb9d1eaca3496e26dea5bc

SHA256
0be6cf0c0135cd7068b0fae49f3c3a9eed852785dff5a2c81732d8953796f669

SHA512
7d1f0908db8326776c81e51d29b002e1b86e1b5e5ba98ce7197aea431a590ca4e4eb3b3a1a8fc9aa234754062e585a638daacd7f440ce21c1573dfbe1ced8d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2D6264AR\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9FNJAPJG\favicon[1].png

Filesize
2KB

MD5
af77f7bda7f0c0709d6a24eb7c1f48c4

SHA1
57918b2447ac831419d82d686e24bd22ef560457

SHA256
1dd5a62ef3c01455724ca08ea94dadb391d1eaad203f1a3fc008ea470ae3c18b

SHA512
3fd8e157ebea94bb849d7a1371bad09cf560c5047ada49c8a7794929f2708b59f4b6a858e81eb2346937b4683a6ee6453b459e674a5f0aa8328d42b1156da65c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TAG1K3BJ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFE8E1CD98B2859456.TMP

Filesize
24KB

MD5
d3cdb7663712ddb6ef5056c72fe69e86

SHA1
f08bf69934fb2b9ca0aba287c96abe145a69366c

SHA256
3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15

SHA512
c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
b8a3e9155f3cce26002fc47b27aadf2d

SHA1
606c275b884fddf4aa5507ea4045ccc8c3749583

SHA256
922d6d2e6f88db3e1c365462302dd6509f95d48a0e28f4c59f496ee82aacf869

SHA512
050539f8a49b35db31ae5c7cf7166953b2ba5364b5973a10f4323482daa92f74a6850a09032542f0be4b34b97b97cf6d78d3da55c42fdfa9da4ed80cbb6c3a50

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
d2880c8237a99b270a87683705222de4

SHA1
14e02e07f4939698ef26a56e4ee377636b5e23b5

SHA256
8fa7d1a5d4706b3ac7fc8155a5cc2c92213e5d824416bd3f0e7c1851fded4e13

SHA512
67bbd513520d2f8b0736b1dcaabb7a002aec0b0b706a03739fdcf57c45fbde844bca550c1043da9094ac6a7f9e86649d72c76a7b29ef90d36262e47c402baa34

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
f875f749a36da05ab35d4984c0a5be93

SHA1
03138a7a4dad3f81d72495ee5bf65941eacc1513

SHA256
6f7d2a15d5c93b13021b55a3a68b56c9bc0ede2959053b82861e045b71e7fb4e

SHA512
65f726896b0bbf55e81697ba183366bac255251296b783911dc208a6067a288ab6ea48182e4a8deb8380d4f9e56cf73c161bdeac7fe799106c26d5f4277ccb70

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
36e713e0c7b5d486547029a36303db31

SHA1
239aed0721fe294231303bc5ed0f6727ca5860c5

SHA256
6830d3e5fd82afff77cd14c10ec033468378b1e0a40b9e1b04fea2f6ecd269d4

SHA512
33ebbf781e0b7b87bdb9cf84dab3f85a5805535ad33921830fd98de64e15c14d143f1c9fb4abdb7f93ea4c99779fac391dfff89a122d27d936a06fe6610f6b2e

Download Submit
memory/2476-253-0x000001A34FCF0000-0x000001A34FCF2000-memory.dmp

Filesize
8KB

Download
memory/2476-187-0x000001A350550000-0x000001A350552000-memory.dmp

Filesize
8KB

Download
memory/2476-189-0x000001A350570000-0x000001A350572000-memory.dmp

Filesize
8KB

Download
memory/2476-211-0x000001A350C80000-0x000001A350D80000-memory.dmp

Filesize
1024KB

Download
memory/2476-215-0x000001A3505F0000-0x000001A3505F2000-memory.dmp

Filesize
8KB

Download
memory/2476-217-0x000001A3509F0000-0x000001A350A10000-memory.dmp

Filesize
128KB

Download
memory/2476-221-0x000001A3523B0000-0x000001A3524B0000-memory.dmp

Filesize
1024KB

Download
memory/2476-277-0x000001A350450000-0x000001A350550000-memory.dmp

Filesize
1024KB

Download
memory/4668-35-0x000001D0CC090000-0x000001D0CC092000-memory.dmp

Filesize
8KB

Download
memory/4668-94-0x000001D0D34B0000-0x000001D0D34B1000-memory.dmp

Filesize
4KB

Download
memory/4668-0-0x000001D0CCD20000-0x000001D0CCD30000-memory.dmp

Filesize
64KB

Download
memory/4668-95-0x000001D0D34C0000-0x000001D0D34C1000-memory.dmp

Filesize
4KB

Download
memory/4668-16-0x000001D0CD300000-0x000001D0CD310000-memory.dmp

Filesize
64KB

Download
memory/4860-85-0x00000295DAE90000-0x00000295DAE92000-memory.dmp

Filesize
8KB

Download
memory/4860-79-0x00000295DA8C0000-0x00000295DA8C2000-memory.dmp

Filesize
8KB

Download
memory/4860-68-0x00000295DA9B0000-0x00000295DA9B2000-memory.dmp

Filesize
8KB

Download
memory/4860-66-0x00000295DA990000-0x00000295DA992000-memory.dmp

Filesize
8KB

Download
memory/4860-64-0x00000295DA970000-0x00000295DA972000-memory.dmp

Filesize
8KB

Download
memory/4860-61-0x00000295DA930000-0x00000295DA932000-memory.dmp

Filesize
8KB

Download
memory/4860-81-0x00000295DA9E0000-0x00000295DA9E6000-memory.dmp

Filesize
24KB

Download
memory/4860-83-0x00000295DAE80000-0x00000295DAE82000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response