6cd4cdd4a3077fe63b56e41f2064142c0f3009ad2a70216da7744ed056cc3e30

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 19:12 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c424f5c9248748663d428d4e6997dc47.html
Size

432B
MD5

c424f5c9248748663d428d4e6997dc47
SHA1

05b1f051f50b1aa8a15d693426e552c93d0e1eab
SHA256

6cd4cdd4a3077fe63b56e41f2064142c0f3009ad2a70216da7744ed056cc3e30
SHA512

3266df83dbeb0cbaf158954649a3bbe384bfb7900ab2b97f07edcb48aa4974ab32434be40aea7c09ccac9e37869b43266f57e6231905f5805479f020442c3e30

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
3856	msedge.exe
3856	msedge.exe
1868	identity_helper.exe
1868	identity_helper.exe
6140	msedge.exe
6140	msedge.exe
6140	msedge.exe
6140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 944	3856	msedge.exe	88
PID 3856 wrote to memory of 944	3856	msedge.exe	88
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 5084	3856	msedge.exe	89
PID 3856 wrote to memory of 2884	3856	msedge.exe	90
PID 3856 wrote to memory of 2884	3856	msedge.exe	90
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91
PID 3856 wrote to memory of 464	3856	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c424f5c9248748663d428d4e6997dc47.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5eeb46f8,0x7ffb5eeb4708,0x7ffb5eeb4718
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5768070328661178700,2895452685188340021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

DNS

frookshop-winsive.com

msedge.exe

Remote address:

8.8.8.8:53

Request

frookshop-winsive.com

IN A

Response

frookshop-winsive.com

IN A

18.158.88.249
GET

https://frookshop-winsive.com/63cd4f30-1362-4c47-8e01-fda53c9549e5?c2=26233199&c1=affC1629855908aff223639f898573a294a452

msedge.exe

Remote address:

18.158.88.249:443

Request

GET /63cd4f30-1362-4c47-8e01-fda53c9549e5?c2=26233199&c1=affC1629855908aff223639f898573a294a452 HTTP/2.0
host: frookshop-winsive.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:16 GMT
content-type: text/html;charset=UTF-8
content-length: 996
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: 63cd4f30-1362-4c47-8e01-fda53c9549e5-v4=eW6VNfCuuD-3Qm6Hxg_OjsTIJbbLb4LZbEc7MSq4AT4; Max-Age=86400; Expires=Wed, 13-Mar-2024 19:12:16 GMT; Domain=frookshop-winsive.com; Path=/; Secure; HttpOnly;SameSite=None
set-cookie: cc-v4=%2BEAMxn4kDvYkKgs%2BCAOFoUDweeOGSFCHCDo7KVMDNy1ARjX0Gz%2BpTDCpCXLzL1wJShFSpiKFXuEGo4kQVDS6XHyLQ%2BFBI6gDGHm3rmXB7QZYLElp5WdRsR0vi5rqbMtKOAe05PAJgjtgFtR324atzg%3D%3D; Max-Age=31536000; Expires=Wed, 12-Mar-2025 19:12:16 GMT; Domain=frookshop-winsive.com; Path=/; Secure; HttpOnly;SameSite=None
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.184

a1952.dscq.akamai.net

IN A

96.17.179.205
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

96.17.179.184:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 12 Mar 2024 20:12:15 GMT
Date: Tue, 12 Mar 2024 19:12:15 GMT
Connection: keep-alive
DNS

249.88.158.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.88.158.18.in-addr.arpa

IN PTR

Response

249.88.158.18.in-addr.arpa

IN PTR

ec2-18-158-88-249eu-central-1compute amazonawscom
DNS

249.88.158.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.88.158.18.in-addr.arpa

IN PTR
DNS

184.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.179.17.96.in-addr.arpa

IN PTR

Response

184.179.17.96.in-addr.arpa

IN PTR

a96-17-179-184deploystaticakamaitechnologiescom
DNS

184.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.179.17.96.in-addr.arpa

IN PTR
DNS

reletinglablets.com

msedge.exe

Remote address:

8.8.8.8:53

Request

reletinglablets.com

IN A

Response

reletinglablets.com

IN A

18.158.88.249
GET

https://reletinglablets.com/redirect?target=BASE64aHR0cHM6Ly9leHRyYS5rZWVwbWVnb2luZ3dpdGh0aGlzd2Vic2l0ZS54eXovP3V0bV9tZWRpdW09YmY3NTczZjY5MTFmZDhkNThmY2RlMTRkNDYyMWJkYjgzODU4NzE5OCZ1dG1fY2FtcGFpZ249RmViMjRfMTNfYWxsJmNpZD13MG84c24xMTJzaGljanF2MmdwbTBrNm8&ts=1710270736862&hash=V7AfVWJ3h3naGAqEnqOTL-iPP5ylsPoPuTE12TidIfc&rm=DJ

msedge.exe

Remote address:

18.158.88.249:443

Request

GET /redirect?target=BASE64aHR0cHM6Ly9leHRyYS5rZWVwbWVnb2luZ3dpdGh0aGlzd2Vic2l0ZS54eXovP3V0bV9tZWRpdW09YmY3NTczZjY5MTFmZDhkNThmY2RlMTRkNDYyMWJkYjgzODU4NzE5OCZ1dG1fY2FtcGFpZ249RmViMjRfMTNfYWxsJmNpZD13MG84c24xMTJzaGljanF2MmdwbTBrNm8&ts=1710270736862&hash=V7AfVWJ3h3naGAqEnqOTL-iPP5ylsPoPuTE12TidIfc&rm=DJ HTTP/2.0
host: reletinglablets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:17 GMT
content-type: text/html;charset=UTF-8
content-length: 642
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
DNS

extra.keepmegoingwiththiswebsite.xyz

msedge.exe

Remote address:

8.8.8.8:53

Request

extra.keepmegoingwiththiswebsite.xyz

IN A

Response

extra.keepmegoingwiththiswebsite.xyz

IN A

69.175.50.35
GET

https://extra.keepmegoingwiththiswebsite.xyz/?utm_medium=bf7573f6911fd8d58fcde14d4621bdb838587198&utm_campaign=Feb24_13_all&cid=w0o8sn112shicjqv2gpm0k6o

msedge.exe

Remote address:

69.175.50.35:443

Request

GET /?utm_medium=bf7573f6911fd8d58fcde14d4621bdb838587198&utm_campaign=Feb24_13_all&cid=w0o8sn112shicjqv2gpm0k6o HTTP/2.0
host: extra.keepmegoingwiththiswebsite.xyz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=604800; persist=1
content-encoding: gzip
GET

https://extra.keepmegoingwiththiswebsite.xyz/favicon.ico

msedge.exe

Remote address:

69.175.50.35:443

Request

GET /favicon.ico HTTP/2.0
host: extra.keepmegoingwiththiswebsite.xyz
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-platform-version: "10.0"
dnt: 1
sec-ch-ua-model:
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-full-version: "92.0.902.67"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://extra.keepmegoingwiththiswebsite.xyz/?utm_medium=bf7573f6911fd8d58fcde14d4621bdb838587198&utm_campaign=Feb24_13_all&cid=w0o8sn112shicjqv2gpm0k6o
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:18 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 11 Aug 2023 10:37:02 GMT
etag: "64d60f4e-47e"
expires: Wed, 13 Mar 2024 19:12:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=604800; persist=1
accept-ranges: bytes
GET

https://extra.keepmegoingwiththiswebsite.xyz/sw.js?v=1710270736702

msedge.exe

Remote address:

69.175.50.35:443

Request

GET /sw.js?v=1710270736702 HTTP/2.0
host: extra.keepmegoingwiththiswebsite.xyz
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://extra.keepmegoingwiththiswebsite.xyz/?utm_medium=bf7573f6911fd8d58fcde14d4621bdb838587198&utm_campaign=Feb24_13_all&cid=w0o8sn112shicjqv2gpm0k6o
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:18 GMT
content-type: application/javascript
content-length: 775
last-modified: Tue, 12 Mar 2024 19:09:49 GMT
vary: Accept-Encoding
etag: "65f0a87d-307"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
accept-ranges: bytes
DNS

35.50.175.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.50.175.69.in-addr.arpa

IN PTR

Response

35.50.175.69.in-addr.arpa

IN PTR

server04com-2mobi
DNS

35.50.175.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.50.175.69.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=22C1FCF6238C662B2D93E8B6223767AC; domain=.bing.com; expires=Sun, 06-Apr-2025 19:12:21 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D125D49A4F0A4E71B2A4C5D0E42806BC Ref B: LON04EDGE0814 Ref C: 2024-03-12T19:12:21Z
date: Tue, 12 Mar 2024 19:12:20 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=22C1FCF6238C662B2D93E8B6223767AC

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=REqd0glNGmsH1oJEqe6iJOzrqb3iOiamZljBH9H5KHk; domain=.bing.com; expires=Sun, 06-Apr-2025 19:12:21 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D059F586EFDF40EFA71A2FD04BA4D3C6 Ref B: LON04EDGE0814 Ref C: 2024-03-12T19:12:21Z
date: Tue, 12 Mar 2024 19:12:20 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=22C1FCF6238C662B2D93E8B6223767AC; MSPTC=REqd0glNGmsH1oJEqe6iJOzrqb3iOiamZljBH9H5KHk

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 321B8E006DB041E2BBDEC21CA0FA3E84 Ref B: LON04EDGE0814 Ref C: 2024-03-12T19:12:21Z
date: Tue, 12 Mar 2024 19:12:20 GMT
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

25.63.96.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.63.96.20.in-addr.arpa

IN PTR

Response
DNS

v11.pi6p.com

msedge.exe

Remote address:

8.8.8.8:53

Request

v11.pi6p.com

IN A

Response

v11.pi6p.com

IN CNAME

1.cvig.store

1.cvig.store

IN A

162.55.4.52
DNS

v11.pi6p.com

msedge.exe

Remote address:

8.8.8.8:53

Request

v11.pi6p.com

IN A
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
GET

https://v11.pi6p.com/go.php?ad=w8y1vvk08urbnwvonfk5&sid=M7345556887032561691&pub=909&pid=909-498c78ez&c=0&app=unknown&br=Edge&os=[[os]]&d=Microsoft+Edge&ca=GB+WiFi&a=0

msedge.exe

Remote address:

162.55.4.52:443

Request

GET /go.php?ad=w8y1vvk08urbnwvonfk5&sid=M7345556887032561691&pub=909&pid=909-498c78ez&c=0&app=unknown&br=Edge&os=[[os]]&d=Microsoft+Edge&ca=GB+WiFi&a=0 HTTP/1.1
Host: v11.pi6p.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://extra.keepmegoingwiththiswebsite.xyz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: nginx/1.24.0
Date: Tue, 12 Mar 2024 19:12:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=4klpwfdz; expires=Wed, 13-Mar-2024 19:12:24 GMT; Max-Age=86400; path=/; secure; SameSite=none
Set-Cookie: uclickhash=4klpwfdz-4klpwfdz-2ti4-qe15-g5gx-ci520-cici3y-0e5526; expires=Wed, 13-Mar-2024 19:12:24 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://zabedreb.com/finance-survey.html?z=5038206&offer_id=2128&var=909&ymid=faf184klpwfdza05
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR

Response
DNS

zabedreb.com

msedge.exe

Remote address:

8.8.8.8:53

Request

zabedreb.com

IN A

Response

zabedreb.com

IN A

104.21.23.138

zabedreb.com

IN A

172.67.211.82
GET

https://zabedreb.com/finance-survey.html?z=5038206&offer_id=2128&var=909&ymid=faf184klpwfdza05

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /finance-survey.html?z=5038206&offer_id=2128&var=909&ymid=faf184klpwfdza05 HTTP/2.0
host: zabedreb.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: text/html
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dEiMAk853pXo9bh5JQJEc9xP8WGSuRdcP%2BTSOQ4LWyB8R7u3F0fWNTkkMj%2BIj0z2i%2BLzHWYlBe92RIB7oi7ybTBIXHokYIyoWJIvEjl5RIX9rAeQR7bry38QmCRyZ54%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187aa881730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/_rtc.3a71eabd.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/_rtc.3a71eabd.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039eb-2fbe"
last-modified: Tue, 12 Mar 2024 11:18:03 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UvQCl5cP4ArqIyir%2BzSJcnYF8sz2SLzx9pl66VD0lrtTv4NRGBTC0WkRCX47nlW09JWPu2cEBkq0glI0GshnzRK3jZW3AWqZH1bh%2Fnx5CzcRl%2BNKH8YRFNm8TSBKssk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9dc730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-index.js.5a7d962d.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-index.js.5a7d962d.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"65f039e9-54"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39vqUWcp9%2FaZvRN1upHTJMOtS6jf58eCWJ7xaW0T73e6QORKPMvmAV5K5XHNG1csJxpE2BU7VAEIfJ3FntxygMKGu7yzt5sNA4X%2BNhSpUna%2Fj0H8SeS%2FThJodmdCVCw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9e0730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/css/_core-survey.d3ac2ee0.css

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /css/_core-survey.d3ac2ee0.css HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"65f039ea-a01c"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrSnaCLT8jaoWSFFZF83TzEiy%2F334WK2Uwme5rCaX%2BPx%2BpKCz0F5%2BMo71XvymyDibWtw%2FF%2FSlRXS70gFO4cv1r8SfD1FM4CTBo2RBt0Sterf97zxgscPapYTJj8sCuw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9de730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/css/survey.3b7d0b23.css

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /css/survey.3b7d0b23.css HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039e9-87a"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5C8zbPZ7icgwINZ6p9ZrFh7mR6RfQRTJ2OjzFYxuHKekSnYCjsYn2eezUe64%2BUGFFbf7CR%2FOecWyUbR7prRtXtXQgFwarlheH7HOQRuNZeH1z2SgfpStAxyWqorWZRQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9e3730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/s-storageService.js.a9498350.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/s-storageService.js.a9498350.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039e9-14a"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AfrfG7irdJk2RkjFQBJ1xUcpOL5Cryxsy0pztdJFfm5zjjbVdp5gTdTj%2BUnYJ9mt8NXVXvPsbbR0ApODobY388pIeOYbwIYnk2vDVEU%2B%2FGcyFNFUQcT5LXOFgIpykz0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9e8730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/s-checkSessionStorageAvailable.ts.7bdb7e41.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/s-checkSessionStorageAvailable.ts.7bdb7e41.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-14a"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CDSi5uEDEMrwWSynCTqS99UQbjKeWDvpR24v8UtV86eN6I%2FZif%2Byuk8yl6YDZGvpT1C%2BD8YLiyWeW%2Bk2n2dHnC1KmQr4evjEjeza%2FDS34vw7%2B2hq%2FUIxq%2F39h8muok%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9e5730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/s-checkLocalStorageAvailable.ts.b45ef5d2.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/s-checkLocalStorageAvailable.ts.b45ef5d2.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-2c37"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GKWm%2F6mftG5gI0JTtJUycjAKzqpPYjpFGC9SlR3fEkPcmi474AZAAs2QACsXDjg1gKTLIPKqErETPHoABCnjs4YK0fxFeznj21sZ3ZxxZrOb%2FQpYrtbhaNcVNg%2FtHHA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9eb730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-redux-toolkit.esm.js.65df1d73.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-redux-toolkit.esm.js.65df1d73.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=71475
etag: W/"65f039e9-11733"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0tckjvTbQO1jC%2FgPiM3fd6Y195UNaUnXyk7PlttoGKMqk3v1aMWOInrKaihM4YqAReUYMz8BS83Axz9faptubJkD1Xvlj6Z9PFGCEbL5XL8V6RT2rRq6oq%2B0qtvwgb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9e1730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/_each-land-config.3dce0a3c.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/_each-land-config.3dce0a3c.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: W/"65f039e9-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHxjsmthHkHDxawE4Cx8GrRhOP6XG9ios1%2FzPCikU4qrD18p59JEAMnuB%2BHNxzW9vgYU5W8G3wOFxkL8hMX8OiLkU6ZGObER8%2FQtUSraHS03gQgTtGllcB%2F%2BPIyUUPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9f4730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-react-dom.production.min.js.d8385e64.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-react-dom.production.min.js.d8385e64.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-1a0b"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4187
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jvYkuBx3ifyl4CUiszeHTyHonHz2E%2FMcDsqgjDKxN5SXNIa7H0RT7VClWwDp9BkPPlK4HL5qNE4NSaorUoIaed5hfQKMCfCqT6m2ylpJBRJWVtUevQ0ndVj0FAIMDM0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9f3730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/_core-survey.9b42bd00.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/_core-survey.9b42bd00.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=129359
etag: W/"65f039ea-1f94f"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6662
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTdeJdmxECqd1NkmZOlEq8UbOcbJaKL%2Bml1cIxxwonVWXGsTibBmbq4tNbOkAtcO133MtdG91erOdt3oNoQlLH%2BFH3AgVHKfs1EBlUfbvEvRvcsUSqMzu257Y7%2FhSJc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9ef730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/survey.79fcdf54.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/survey.79fcdf54.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=71784
etag: W/"65f039ea-11868"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6662
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGMa04mN32udcTMepDv0mTeLUm8C8lqmjC7lOmiJYBmv%2BqYw0O%2F2tsYS%2B4l%2F17oB3%2FKzY5L6WJU9dw5bz%2Fpa1hKJBxI%2BB4YUqZQdDer0%2B1HxuFYnqez%2BdHcUzyq5C%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9ec730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/icon-survey.svg

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/icon-survey.svg HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=168746
etag: W/"65f039eb-2932a"
last-modified: Tue, 12 Mar 2024 11:18:03 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6480
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=THmmLot1PcSxg0%2BtwgtlFgmICyDu2lv%2BSPqDPCTKndVmRNGPtHe5CIp4CsitRa6QGNvyAndsFVmTKbhK7qhASeGyVxTc1tnomItJhnKhLCR67fVx%2FRDnTtRDqKbeqiA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187bc9f1730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/config/sd/sd-2128-en.js?v=10

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/config/sd/sd-2128-en.js?v=10 HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://zabedreb.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039e9-23e6"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5176
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bs5aZkg3XceOdrr4zzG3EdOcWXKbEvi530iNH%2FtbLLaYa0a00CRDTEcbuIos4p41IlRiDKyno35ftM7Ng6j14lJ29dEZEDujOMqQdwUY8B%2F2d0c4xEfkVDMJsOXLYg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187d4bee730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/config/dict/cookie-consent-1.json?v=10

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: W/"65f039e9-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a3dnrJEhNI3w9G%2Bocw0aZhgeYKxQj95ZK6Bevpxrx9x8x%2BmfGUvZ32nxEnbuGaXvGCc5dzTyr4Vx1RaWaakBEQfbBb33%2BnYxy9WNOGPinDob7qA8ydQ4tWMVKjpBEKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187d8c4a730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/config/comments/en.json

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/config/comments/en.json HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-1d99"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X0tpQfpeBwoRtvChrsLaVVn8pocAbD2Ip%2Boz0CuYfYeJ6%2FTCFND8suTREtbGazdxZSP5byxiR1R%2FOPcdJUQ6i8C9RQl9toRZIjRnWIhwaf9%2Bic%2BKbbe59zaZySHN4k0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfccb730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-index.mjs.caf998d6.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-index.mjs.caf998d6.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039e9-6b8"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kCIwZ4zfaCSzDjTNBnqO9%2BugNhsl2gfK9uH%2B8otJhRivIUXmUSWTzfkqgbLeH8x104ZU9iMJnkIhggJR8JGQjENY8plrfDZWnpHCOAbAFKM0Upig%2FCIdfbId%2FlCs1us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfcce730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-node.js.e5ccfa9b.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-node.js.e5ccfa9b.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-186b"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0D87SLw5UyJIh6I8bLBn1i5sjl49iL%2FfsHmJbIaad5mbcMxnf4EQjPToSeEaejr7O29EVPkRuDRiNOD6qoezzTuoTvqFxLtJKTROPTkJo0BRwUcirJ07DWFEDzZx4Wk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187decc6730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-possibleStandardNamesOptimized.js.c8d2ad28.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-possibleStandardNamesOptimized.js.c8d2ad28.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-89d7"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oczf%2BcYcNSxHIXasVJ5mAb7XONXamR7tMoP7qV0kqrx39I44dzffj6a6qO5LwLm8KG8rkozr%2FbpxZ0h8fmfHBso8MlubwvoxYb%2B9O5pxev5U4XOVhXdx1HKenBzDA6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187decc3730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-utilities.js.2fc6b02f.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-utilities.js.2fc6b02f.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-a11"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQ49d0LGvyywCR4i%2ByR%2BgdWmGEgX%2FePTieMd24h8B74ZCYoDmIQv%2F%2BrrZNrYAYYj7RhkUmhPzR9uz%2FqW1SamcXnjCvAjexDjt2OwWsktRZWzJkp35LNbk6%2F3Db5yv%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfccd730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-domparser.js.fdb51d66.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-domparser.js.fdb51d66.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039eb-258"
last-modified: Tue, 12 Mar 2024 11:18:03 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6302
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmLOfT4gl%2FPYgF3llSCa1YXdWilmUnL%2BiSQreWp7%2BXV9Ol0S7JNvdQr%2F6avGCYp5AVgciumrtjgugZQY9IF8oKq8u6goOdeOhNnB8G1IoK%2Fb9Hzv9AuZ%2BgZNvAn%2B6bU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfcd8730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-dom-to-react.js.75cc6e59.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-dom-to-react.js.75cc6e59.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-2be"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7KVkZ7AJKeJ0PwVB1ZJV2WpLkLHcRzJw2z%2Byk84lJjmISHqHgalof4nW%2F25MIFX6Q97gk8oUbscLAw5CRNbG1Y8peC3ItIdKI%2BNCDzf0%2B%2FbFGEo%2FNzzAK0Yyd3JzZXM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfcd2730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-attributes-to-props.js.19fc8108.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-attributes-to-props.js.19fc8108.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039e9-16c"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZylKmXUj%2FVdBrleYWjeFVDXXL5PcTiE0a4oVr44%2BDksDt1zbPWJGGeyTpvX0ybrcM%2BC0AUwPNmKRgAIEcGx5R23H0L5hhlxKIwM%2BEGw4Hf3dqKGBae8c7nEtWMdgc8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfcd5730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-html-to-dom.js.74c54280.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-html-to-dom.js.74c54280.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039e9-43d"
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwwsE%2BYeww5QP8uhSq4ntHB6OBLq%2FqJ3%2B3QNgzOuhFuShL83hVMOWbTMgY7jtGHPOtEsXuB2R0cyDBKUwxlT8NINtMMzRl7zZZ49%2BDqWPm0ge0Bih7VEYm5tODbo%2F4o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfcd1730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/v-constants.js.cf65a8de.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/v-constants.js.cf65a8de.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=57085
etag: W/"65f039ea-defd"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6302
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=quwyTGPcnekQub%2BAg7PqL3KVg1haewxhod6PE1a%2Bixu9TM%2BfN%2BKdVVxo6HFxSpypzAJvEQL%2BWkKTZI5aaXHQt2emHmLLDr2OMpcD6mpr8Ls%2FLAQo5YIULwVqL53wd9I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187dfcdb730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/js/SurveyContainer.7214ff53.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /js/SurveyContainer.7214ff53.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: W/"65f039e9-11aa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9oOqYJERHoainnWfLmzhhBUAeFt2xjBGxcbVarhMKGY2QRfTMCAe8SyZQnyiW%2BVPtzAflQpEexnRfTGkTu9%2BnNvPu2VqWej2DKBDWqht4JsV%2F8zV2mtkpS5FM0immlk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636187decc1730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/unnamed.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/unnamed.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 264
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-108"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 724
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7DEMc7Smh%2FbErlPljalpp9XzVP7syeEGu0T3l5V4znhRp1rxUDmzLj1q4CPmjxall6mgcKfs8HunBCGslO7o42tSrIl%2BrZSWTRqHAZacUym9FFxE4P%2FDCQx5WPQ9Ow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618803860730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-1.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-1.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1672
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-688"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PByVj6O%2BS3GqwA60szXTr2GunHqPu2P%2FyTqKgqpwZuxMGvC2FMUFAMoFa%2FK%2FFO3V81nIVYyP%2BdJSjblEO%2Be%2BKwcSO7fBvrL0iNmWaUq3qDj1tVAV0CwtxgJoRN8MtY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361880386c730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-14.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-14.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1104
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-450"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3vhQxbBpCIGzntCaaawT9PbGCeYQ9s1NYdI033pOM6wod0IhqgZjD9UkvlH35ZcsCVqjVQpEN8FQFmJZRVEW7mSgWx5evrxQkFqvRx%2Fe9CWyqlhZlCUCTNUo4fx6pw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361880486e730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-2.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-2.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1122
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-462"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=udmt3rBboI51I3TfS7XBDK6QK8L5WC38UUr6NheDH%2FmdpEp2iWr1UKPrROnlZxYkFFaoyaTyY3rkWE57kZ4dceQ5L1SA4JpQ%2FfOL3FjyNrwS7xBvQ%2FabjC3NXMt%2F2t4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618803868730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-4.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-4.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1846
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-736"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUeYqMbhqk2Y5AzOmsTgtjoO0rLCkeVZ6LudHlMVNXpG9Wi17lyUrtUYT%2B7xmWATBxVb5TkEHsL7%2Bl6wobCjutgAtjHGPVt3wZ4EKApmoK%2FvLimN8wfqFe8AkmWeCIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804872730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-5.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-5.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1356
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-54c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgxREha4JwoNAip954DuiaPLzi%2B9ZLUVEnOm9mB4rdCNFepdBzzmitcDu2QibZ9CnWjQF%2BkM63w1kCCeL6ug4Mm9xzy9ufMZ22ODNcjHyyLB8XH9DKtWXvFW%2FJTelVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361880486f730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-6.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-6.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1854
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-73e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkxKrZwI3oM%2BSgMJvyMQOYfkdtyLvI5zs%2B4pjjWY70%2BDJA8bh8vY3y0Yv%2FNk%2F2QaP1OAbcBllZCO%2Bqso%2FhNNopVyKUfQlgreWebTY3LLJj14X6kTWcpwf1IhfGEqhjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804873730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-8.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-8.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1802
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-70a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=by8gdxacjVpMFb6UoELAT7qlwLl0CY8aefDSK2VJeH75YyHnt9gaS9fKi7HexaQNtKLTWE26CJeNl2kIhs6Yh4FyhLnEZ9g3VsU1QhqR0IvB%2F%2BgkufAgEeGxGBrsWB8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804874730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-3.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-3.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1654
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-676"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xF8cDVgX%2FdIW9eH14vtmq3%2BNmRjpOF4%2B7F4D5C2rltDrr1Pf5chVTX4YlnUW7xxIAoExYJtK4%2FUTWrfsrs0NmFP80CUAc165uLxkw0LbrCuJAF3TWToN0r7%2Byd4OVlM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804879730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-9.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-9.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 982
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-3d6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFJwkOTnLqTsjZ%2Bgpm%2FfVw3S3Hw1mbOxLkMlgO%2BmhI2zrjisI2aOacc5BFcInb4BTW016BFQeDl0shN5g7vzD6glNjPD03xVgOwam3H2KRQcunn%2BkleDQW8OnJPHW7w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804876730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-10.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-10.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 2222
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-8ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxADS%2BIMuwpO8Rp5%2FTMP%2BmZ2nyPgb%2BJR4t%2Fcz%2BavRb5E6PAGQRQM6T01PufmqreifcIWfyaPVD3U868eyDGcKG9DA3KQUX6YEtzj61ZMUB9FoeryNw4w4hXIvAecMrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361880487d730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-11.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-11.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1526
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-5f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 728
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iywifkxA0CzSLp6iHVJUqEN9qVzmaaeRSvQwtEmd%2BaDYNF6RV4K1bLGhq1tpVz7yngWNpn01%2BvihwbmiKOhUeAttHy3YUZRwkhfD8KbnuHaRHZpOp90548S0Vgb6HgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361880487f730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-12.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-12.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1888
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-760"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 724
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ABIBLLpALrGwReQiwyAPPTaEDVpcNdZHKL2aqf13w0NL%2BkHVK242bE0BPQB5bjTsio4dgK3%2Fb%2Fu4l%2F8F6S33oqc%2Bidm3OrZ4KtnmIdB%2BUeNfNduHfga5xnNggedqWa8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804884730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/img/comments/person-13.webp

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /img/comments/person-13.webp HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: image/webp
content-length: 1390
last-modified: Tue, 12 Mar 2024 11:18:01 GMT
vary: Accept-Encoding
etag: "65f039e9-56e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 724
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWYCGRdkEe%2Bf1LX73RQnODRw7CSctwIjaqZMtthgBBv8GmjXHvanVxuW%2Fi%2B6cQgDkKywFL%2F0jjG7sncAXh5g1yhNhLPCvzCryZxG2p43p%2BY%2BMmHhUa4pHsFwqaweXQs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863618804881730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/pfe/current/stattag.js

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /pfe/current/stattag.js HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65f039ea-4a6d"
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4787
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJcv0hOgkLR5hk6lZQJjGCve7XHtCn4AFByjo4SzO4aivvw6OXPHSZcdjXuf1xYqVnuTbgc1avB0UR4gaG3Y5U5EZKaJQ3eFWE%2BtB1JK34cJMtHQzGp7suOAORlknGA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636188068ae730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/favicon.ico

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /favicon.ico HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: _ym_uid=1710270745204986427
cookie: _ym_d=1710270745
cookie: _ym_isad=2

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:27 GMT
content-type: image/x-icon
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
vary: Accept-Encoding
etag: W/"65f039ea-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4650
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPGvYtb%2FX9cit2G2tSFZzOzsTvcA75GsuhGrq4BBxVjTiDlwJkTp15Xoek%2Bd8p%2FVY3118L3sacGv8aewcSS1XpxcpUGHJUGFJyGxRYxqVAPF7JJzuU0SStA%2FqSn%2FUzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636188a1d74730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/pfe/current/micro.tag.min.js?z=6163313&sw=/sw/sw6163313.js&var=5038206&var_3=null&var_4=null&ymid=909&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /pfe/current/micro.tag.min.js?z=6163313&sw=/sw/sw6163313.js&var=5038206&var_3=null&var_4=null&ymid=909&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: _ym_uid=1710270745204986427
cookie: _ym_d=1710270745
cookie: _ym_isad=2

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:27 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 11:18:03 GMT
vary: Accept-Encoding
etag: W/"65f039eb-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DzH4wqu8lGxAH6E0VBn6zNRDxLiQz%2B7NWmzyh24RhVomnBzuzdRlVuOgvYjZigNOoe7pWduCWq5Nlu2qycrkEF8bbut1SGnbUF7pjNJhkrr5QCaYe6dWBfBj9HW39%2Fc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636188c68d1730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/sw/sw6163313.js?var=5038206&var_3=null&var_4=null&ymid=909&ab2_ttl=5184000000

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /sw/sw6163313.js?var=5038206&var_3=null&var_4=null&ymid=909&ab2_ttl=5184000000 HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: _ym_uid=1710270745204986427
cookie: _ym_d=1710270745
cookie: _ym_isad=2

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:27 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 11:18:02 GMT
vary: Accept-Encoding
etag: W/"65f039ea-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AmwaezwGogMYENffjtia5M1X%2FWmFE7goABhIwcRiN0UpMBLFy7hNbkigTpHrBobAP3qYiLj6HPszY0dy7nYLrbwv3nuCmlp67bskcvaRvLeDPmHDl3FYQK7AOKUiXRI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8636188d09be730e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://zabedreb.com/cndi4858vmefovl/5275646/?var=5038206&ymid=909&var_3=&rhd=1&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&usid=18e341483bd05592d68ccad&os_version=10.0

msedge.exe

Remote address:

104.21.23.138:443

Request

GET /cndi4858vmefovl/5275646/?var=5038206&ymid=909&var_3=&rhd=1&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&usid=18e341483bd05592d68ccad&os_version=10.0 HTTP/2.0
host: zabedreb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: syncedCookie=true
cookie: oaidts=1710270743
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: _ym_uid=1710270745204986427
cookie: _ym_d=1710270745
cookie: _ym_isad=2
cookie: _ym_visorc=b

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:55 GMT
content-type: text/html; charset=utf8
vary: Accept-Encoding
x-trace-id: 625136917c4372bf9763bea41666d4a3
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
link: <https://ak.phoognol.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:55 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1710270775; expires=Wed, 12 Mar 2025 19:12:55 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=true; expires=Tue, 19 Mar 2024 19:12:55 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sD%2Fv%2BIJzpCB2Kz3af1xIudtv0cv7dwrisGrmto7%2FBIehiADiEoAK3oq7tCmTWqKHGsegOprzoA%2FuyaRTDfFWs3d%2B2abcgGGWHJrMUmLMoXLhBxWZ63vqAdu%2Bt85UOaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361939ad87730e-LHR
alt-svc: h3=":443"; ma=86400
DNS

52.4.55.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.4.55.162.in-addr.arpa

IN PTR

Response

52.4.55.162.in-addr.arpa

IN PTR

static52455162clientsyour-serverde
DNS

offpichuan.com

msedge.exe

Remote address:

8.8.8.8:53

Request

offpichuan.com

IN A

Response

offpichuan.com

IN A

139.45.197.237
DNS

vuolobnhqb.com

msedge.exe

Remote address:

8.8.8.8:53

Request

vuolobnhqb.com

IN A

Response

vuolobnhqb.com

IN A

139.45.197.238
DNS

my.rtmark.net

msedge.exe

Remote address:

8.8.8.8:53

Request

my.rtmark.net

IN A

Response

my.rtmark.net

IN A

139.45.195.8
DNS

mc.yandex.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

87.250.250.119
GET

https://my.rtmark.net/gid.js?userId=hdw09p3ioi79tgttub4zuq73vt7dzcl3

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=hdw09p3ioi79tgttub4zuq73vt7dzcl3 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://zabedreb.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=6163313&checkDuplicate=true&ymid=909&var=5038206

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?pub=0&userId=&zoneId=6163313&checkDuplicate=true&ymid=909&var=5038206 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://zabedreb.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
POST

https://my.rtmark.net/img.gif?f=sync&partner=bad62ccd10dfd3975a220f1dc703b0db2bef248b3619abc54d9cd11706692958

msedge.exe

Remote address:

139.45.195.8:443

Request

POST /img.gif?f=sync&partner=bad62ccd10dfd3975a220f1dc703b0db2bef248b3619abc54d9cd11706692958 HTTP/2.0
host: my.rtmark.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:55 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: https://zabedreb.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:55 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/img.gif?f=merge&userId=00801d512e924c6bfb90744a41f87bde&z=6769917&p_rid=56e6a297-321b-4433-93c8-53db4400c267&p_src=sf

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /img.gif?f=merge&userId=00801d512e924c6bfb90744a41f87bde&z=6769917&p_rid=56e6a297-321b-4433-93c8-53db4400c267&p_src=sf HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ak.phoognol.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:56 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/gid.js?userId=hdw09p3ioi79tgttub4zuq73vt7dzcl3

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=hdw09p3ioi79tgttub4zuq73vt7dzcl3 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=791495605804606018&var=6769917

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=791495605804606018&var=6769917 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://mc.yandex.ru/metrika/tag.js

msedge.exe

Remote address:

93.158.134.119:443

Request

GET /metrika/tag.js HTTP/2.0
host: mc.yandex.ru
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

arleavannya.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arleavannya.com

IN A

Response

arleavannya.com

IN A

139.45.197.248
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.251.36.4
GET

https://offpichuan.com/rotate?zz=5592640;5592646;5592644;5592647;5592642;5592657;5592652&var=5038206&ymid=909&uid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&os_version=10.0

msedge.exe

Remote address:

139.45.197.237:443

Request

GET /rotate?zz=5592640;5592646;5592644;5592647;5592642;5592657;5592652&var=5038206&ymid=909&uid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&os_version=10.0 HTTP/2.0
host: offpichuan.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json
content-length: 174
x-trace-id: 9ef233a704a9032cee4e233c1a0e669b
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://offpichuan.com/track?offer_id=2128&z=5038206&request_var=909&variable2=faf184klpwfdza05&os_version=10.0&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3

msedge.exe

Remote address:

139.45.197.237:443

Request

GET /track?offer_id=2128&z=5038206&request_var=909&variable2=faf184klpwfdza05&os_version=10.0&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3 HTTP/2.0
host: offpichuan.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: text/plain; charset=utf-8
content-length: 969
x-trace-id: 0b5c0c3c3977d8337a7820f0f65364d4
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
OPTIONS

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

OPTIONS /sync-metrics HTTP/2.0
host: arleavannya.com
cache-control: max-age=0
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://zabedreb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-length: 0
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
OPTIONS

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

OPTIONS /sync-metrics HTTP/2.0
host: arleavannya.com
cache-control: max-age=0
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://zabedreb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-length: 0
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
OPTIONS

https://arleavannya.com/sync-do

msedge.exe

Remote address:

139.45.197.248:443

Request

OPTIONS /sync-do HTTP/2.0
host: arleavannya.com
cache-control: max-age=0
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://zabedreb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-length: 0
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
OPTIONS

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

OPTIONS /sync-metrics HTTP/2.0
host: arleavannya.com
cache-control: max-age=0
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://zabedreb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-length: 0
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
OPTIONS

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

OPTIONS /sync-metrics HTTP/2.0
host: arleavannya.com
cache-control: max-age=0
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://zabedreb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:27 GMT
content-length: 0
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
OPTIONS

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

OPTIONS /sync-metrics HTTP/2.0
host: arleavannya.com
cache-control: max-age=0
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://zabedreb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:55 GMT
content-length: 0
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://www.google.com/recaptcha/api.js?render=explicit&hl=en

msedge.exe

Remote address:

142.251.36.4:443

Request

GET /recaptcha/api.js?render=explicit&hl=en HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

POST /sync-metrics HTTP/2.0
host: arleavannya.com
content-length: 738
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: ca4d7f5a3c569f1a3d22534631e46836
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
POST

https://arleavannya.com/sync-do

msedge.exe

Remote address:

139.45.197.248:443

Request

POST /sync-do HTTP/2.0
host: arleavannya.com
content-length: 157
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 88666746ad508514c0152d8057aa75a9
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
POST

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

POST /sync-metrics HTTP/2.0
host: arleavannya.com
content-length: 952
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: af6fcd6406418e3fc850ea6f3ed91ec6
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
POST

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

POST /sync-metrics HTTP/2.0
host: arleavannya.com
content-length: 820
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:25 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 39d521d0f7230dbac7f731b633855fd1
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
POST

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

POST /sync-metrics HTTP/2.0
host: arleavannya.com
content-length: 840
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:27 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 098237680e29da0589fd79425e642a4c
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
POST

https://arleavannya.com/sync-metrics

msedge.exe

Remote address:

139.45.197.248:443

Request

POST /sync-metrics HTTP/2.0
host: arleavannya.com
content-length: 1696
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:55 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 7d48017a14eb0f139e7687cbb47f96ed
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
DNS

138.23.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.23.21.104.in-addr.arpa

IN PTR

Response
DNS

8.195.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.195.45.139.in-addr.arpa

IN PTR

Response
DNS

238.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.197.45.139.in-addr.arpa

IN PTR

Response
DNS

237.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.45.139.in-addr.arpa

IN PTR

Response
DNS

119.134.158.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.134.158.93.in-addr.arpa

IN PTR

Response

119.134.158.93.in-addr.arpa

IN PTR

mcyandexru
DNS

248.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.197.45.139.in-addr.arpa

IN PTR

Response
DNS

4.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.36.251.142.in-addr.arpa

IN PTR

Response

4.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f41e100net
DNS

datatechonert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

datatechonert.com

IN A

Response

datatechonert.com

IN A

37.48.68.71
DNS

datatechonert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

datatechonert.com

IN A

Response

datatechonert.com

IN A

37.48.68.71
POST

https://datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=a2a513de-ba59-4e6a-be49-68df765cf3c2

msedge.exe

Remote address:

37.48.68.71:443

Request

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=a2a513de-ba59-4e6a-be49-68df765cf3c2 HTTP/1.1
Host: datatechonert.com
Connection: keep-alive
Content-Length: 2053
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://zabedreb.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.19.10
Date: Tue, 12 Mar 2024 19:12:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://zabedreb.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
DNS

mc.yandex.com

msedge.exe

Remote address:

8.8.8.8:53

Request

mc.yandex.com

IN A

Response

mc.yandex.com

IN CNAME

mc.yandex.ru

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

93.158.134.119
DNS

3.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.214.58.216.in-addr.arpa

IN PTR

Response

3.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f31e100net

3.214.58.216.in-addr.arpa

IN PTR

�7

3.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f3�F
DNS

3.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.214.58.216.in-addr.arpa

IN PTR
DNS

71.68.48.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.68.48.37.in-addr.arpa

IN PTR

Response
DNS

ofklefkian.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ofklefkian.com

IN A

Response

ofklefkian.com

IN A

139.45.197.251
DNS

ofklefkian.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ofklefkian.com

IN A

Response

ofklefkian.com

IN A

139.45.197.251
GET

https://ofklefkian.com/zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=settings

msedge.exe

Remote address:

139.45.197.251:443

Request

GET /zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=settings HTTP/2.0
host: ofklefkian.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:28 GMT
content-type: application/json; charset=utf-8
content-length: 144
x-trace-id: 8697db524913a69a93323a53147eed47
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://ofklefkian.com/zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/2.0
host: ofklefkian.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://zabedreb.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:28 GMT
content-length: 0
x-trace-id: 4d89bdbccc8c69bcd4c65a9655c3f6cc
access-control-allow-origin: https://zabedreb.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
DNS

251.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

251.197.45.139.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

23.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.160.77.104.in-addr.arpa

IN PTR

Response

23.160.77.104.in-addr.arpa

IN PTR

a104-77-160-23deploystaticakamaitechnologiescom
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR
DNS

ak.phoognol.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ak.phoognol.com

IN A

Response

ak.phoognol.com

IN CNAME

ak.phoognol.com.edgesuite.net

ak.phoognol.com.edgesuite.net

IN CNAME

a749.b.akamai.net

a749.b.akamai.net

IN A

104.77.160.196

a749.b.akamai.net

IN A

104.77.160.222
DNS

yonmewon.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yonmewon.com

IN A

Response

yonmewon.com

IN A

139.45.197.236
DNS

sr7pv7n5x.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sr7pv7n5x.com

IN A

Response

sr7pv7n5x.com

IN A

212.117.190.201
GET

https://ak.phoognol.com/4/6769917?var=5275646&btz=&bto=&ymid=d6e65249-7727-4640-8c1b-3edec604a003&var_3=hdw09p3ioi79tgttub4zuq73vt7dzcl3

msedge.exe

Remote address:

104.77.160.196:443

Request

GET /4/6769917?var=5275646&btz=&bto=&ymid=d6e65249-7727-4640-8c1b-3edec604a003&var_3=hdw09p3ioi79tgttub4zuq73vt7dzcl3 HTTP/2.0
host: ak.phoognol.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf8
x-trace-id: 64a792c7abed2c06a669e5517c84dd17
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, favicon
content-encoding: gzip
expires: Tue, 12 Mar 2024 19:12:55 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 12 Mar 2024 19:12:55 GMT
content-length: 13487
vary: Accept-Encoding
set-cookie: OAID=00801d512e924c6bfb90744a41f87bde; expires=Wed, 12 Mar 2025 19:12:55 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1710270775; expires=Wed, 12 Mar 2025 19:12:55 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
POST

https://ak.phoognol.com/sftouch?userId=00801d512e924c6bfb90744a41f87bde&z=6769917&p_rid=56e6a297-321b-4433-93c8-53db4400c267&p_src=sf&branchId=400701&rb=60-M6z3UtKO8eZOAmzld89HA3PeHjj6RGS6jiJO9v5Sw7LS7cNpYgvaUM7BDlPwpbqWJJ3xhdTMr9EhaB7DmAm7Q-veri5p0-tL21GdQDpg9vtTUXHI-whvfT0zdWNze0ghKRhM1ckufCtyC8PlbufvPDQvLZu5G7iuZtSWyMA6plZJMacU8qE8pyOo5Ar6aAbSA_bshyUZd2shnBpsZ7-2lmwumfiD_PVVaJdgf-1KA6emULzAVxI5t_qsFn1YaJd8cz_dNbP6qcwZZ8fktO_-rEQE4qrAOmopVWRjnTDfsCm8C0geB7CyTMjm8pgAZH34PV8YVnl6bpaBv89kSX2S_n9j33QJs7KyHE-WWIGhmIeX9fitKWLhJ0huQ7Uo1ThDzZzqM24QMNERvCe_gRPl_6rhfs5-TkfIjbhWSWBQ=

msedge.exe

Remote address:

104.77.160.196:443

Request

POST /sftouch?userId=00801d512e924c6bfb90744a41f87bde&z=6769917&p_rid=56e6a297-321b-4433-93c8-53db4400c267&p_src=sf&branchId=400701&rb=60-M6z3UtKO8eZOAmzld89HA3PeHjj6RGS6jiJO9v5Sw7LS7cNpYgvaUM7BDlPwpbqWJJ3xhdTMr9EhaB7DmAm7Q-veri5p0-tL21GdQDpg9vtTUXHI-whvfT0zdWNze0ghKRhM1ckufCtyC8PlbufvPDQvLZu5G7iuZtSWyMA6plZJMacU8qE8pyOo5Ar6aAbSA_bshyUZd2shnBpsZ7-2lmwumfiD_PVVaJdgf-1KA6emULzAVxI5t_qsFn1YaJd8cz_dNbP6qcwZZ8fktO_-rEQE4qrAOmopVWRjnTDfsCm8C0geB7CyTMjm8pgAZH34PV8YVnl6bpaBv89kSX2S_n9j33QJs7KyHE-WWIGhmIeX9fitKWLhJ0huQ7Uo1ThDzZzqM24QMNERvCe_gRPl_6rhfs5-TkfIjbhWSWBQ= HTTP/2.0
host: ak.phoognol.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
accept: */*
origin: https://ak.phoognol.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ak.phoognol.com/4/6769917?var=5275646&btz=&bto=&ymid=d6e65249-7727-4640-8c1b-3edec604a003&var_3=hdw09p3ioi79tgttub4zuq73vt7dzcl3
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=00801d512e924c6bfb90744a41f87bde
cookie: oaidts=1710270775

Response

HTTP/2.0 200

content-type: text/plain
content-length: 2
x-trace-id: 159668d676ab87b5aa71a48ff6f2d6f7
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://ak.phoognol.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Tue, 12 Mar 2024 19:12:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://ak.phoognol.com/favicon.ico

msedge.exe

Remote address:

104.77.160.196:443

Request

GET /favicon.ico HTTP/2.0
host: ak.phoognol.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ak.phoognol.com/4/6769917?var=5275646&btz=&bto=&ymid=d6e65249-7727-4640-8c1b-3edec604a003&var_3=hdw09p3ioi79tgttub4zuq73vt7dzcl3
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=00801d512e924c6bfb90744a41f87bde
cookie: oaidts=1710270775

Response

HTTP/2.0 204

expires: Tue, 12 Mar 2024 19:12:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 12 Mar 2024 19:12:56 GMT
POST

https://ak.phoognol.com/?z=6769917&syncedCookie=true&rhd=false

msedge.exe

Remote address:

104.77.160.196:443

Request

POST /?z=6769917&syncedCookie=true&rhd=false HTTP/2.0
host: ak.phoognol.com
content-length: 985
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
origin: https://ak.phoognol.com
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://ak.phoognol.com/afu.php?zoneid=6769917&var=6769917&rid=Ft5oNprM_FjS7DclwPq-Qw%3D%3D&rhd=false&sf=1&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=00801d512e924c6bfb90744a41f87bde
cookie: oaidts=1710270775

Response

HTTP/2.0 204

expires: Tue, 12 Mar 2024 19:12:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://ak.phoognol.com/favicon.ico

msedge.exe

Remote address:

104.77.160.196:443

Request

GET /favicon.ico HTTP/2.0
host: ak.phoognol.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ak.phoognol.com/afu.php?zoneid=6769917&var=6769917&rid=Ft5oNprM_FjS7DclwPq-Qw%3D%3D&rhd=false&sf=1&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=00801d512e924c6bfb90744a41f87bde
cookie: oaidts=1710270775

Response

HTTP/2.0 302

content-length: 0
x-trace-id: 72ac36a9665054cc22783897ed2cb31a
link: <https://worldfreshjournal.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://ak.phoognol.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Tue, 12 Mar 2024 19:12:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 12 Mar 2024 19:12:56 GMT
set-cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:56 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1710270775; expires=Wed, 12 Mar 2025 19:12:56 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=true; expires=Tue, 19 Mar 2024 19:12:56 GMT; path=/; secure; SameSite=None
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

datatechone.com

msedge.exe

Remote address:

8.8.8.8:53

Request

datatechone.com

IN A

Response

datatechone.com

IN A

37.48.68.71
POST

https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=56e6a297-321b-4433-93c8-53db4400c267

msedge.exe

Remote address:

37.48.68.71:443

Request

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=56e6a297-321b-4433-93c8-53db4400c267 HTTP/1.1
Host: datatechone.com
Connection: keep-alive
Content-Length: 2048
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://ak.phoognol.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://ak.phoognol.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.19.10
Date: Tue, 12 Mar 2024 19:12:56 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://ak.phoognol.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
DNS

worldfreshjournal.com

msedge.exe

Remote address:

8.8.8.8:53

Request

worldfreshjournal.com

IN A

Response

worldfreshjournal.com

IN A

172.64.169.21

worldfreshjournal.com

IN A

172.64.168.21
DNS

worldfreshjournal.com

msedge.exe

Remote address:

8.8.8.8:53

Request

worldfreshjournal.com

IN A
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917 HTTP/2.0
host: worldfreshjournal.com
cache-control: max-age=0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14; expires=Tue, 12-Mar-2024 20:12:57 GMT; Max-Age=3600; path=/
set-cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Tue, 23-May-2079 14:25:54 GMT; Max-Age=1741806777; path=/
set-cookie: oaidts=1710270777; expires=Tue, 23-May-2079 14:25:54 GMT; Max-Age=1741806777; path=/
set-cookie: syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvFM6uIfe6M9jzBIA806gRkEHvANKrKLLzaOwq5wmdyOJ6Ictfqj1StNGzLvgDscUfu7Zr0H7LVhIuTYc55UIgNrk8e0Cxm3BvNUuQ6BHHZDZTrY1FfMymovYISzH2P%2BiwQ7n8llp2g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361944580f5317-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://worldfreshjournal.com/pfe/current/micro.tag.min.js?z=5202932&ymid=791495605804606018&var=6769917&sw=/sw-check-permissions/5202932&uhd=1

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /pfe/current/micro.tag.min.js?z=5202932&ymid=791495605804606018&var=6769917&sw=/sw-check-permissions/5202932&uhd=1 HTTP/2.0
host: worldfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 08:40:59 GMT
vary: Accept-Encoding
etag: W/"65f0151b-8a1a"
access-control-allow-credentials: true
cache-control: max-age=14400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyqsnz83gZdgDcpEVPKSPM5t4MReRL8nmfl9l%2FGSxX7clOpleowrdySAkaT%2FmrN9elXmkexKBSwlO33vX%2BdOVKA83%2Bc5qZYrBcGmUR7EaRbFoO4QiR5ot2V%2BtgJdLHC8mLrjdcpWCZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361945d9e85317-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://worldfreshjournal.com/19/5202628/?abt_opts=1&var=6769917&var3=791495605804606018&ymid=&rhd=1&os=windows&os_version=10.0

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /19/5202628/?abt_opts=1&var=6769917&var3=791495605804606018&ymid=&rhd=1&os=windows&os_version=10.0 HTTP/2.0
host: worldfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: df80613b2b5482ca4b8b4ca2cdea3eb3
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:57 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1710270777; expires=Wed, 12 Mar 2025 19:12:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L8uHxKAI0ET3yiXZpL3VZbvnbbfz2LLbZ39W837PBB3P4Dc4%2B05V%2BIrFwVJ9Zeri9jG6T7qRqSfpc%2F4i8mZD%2BGTdMCPXkAjTpNhNtfAFDdXlO5qzbucS%2FZigAG%2FpdbOQiFIKMB7lenQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863619471b685317-LHR
alt-svc: h3=":443"; ma=86400
GET

https://worldfreshjournal.com/sw-check-permissions/5202932?var=6769917&ymid=791495605804606018&uhd=1&zoneId=5202932

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /sw-check-permissions/5202932?var=6769917&ymid=791495605804606018&uhd=1&zoneId=5202932 HTTP/2.0
host: worldfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=33TefIWaoqz9PJYwI3r9iuw3uCdL3w6rF0ykYvo3%2BSavMH3QEeXW2mNT%2F9VFqYVNfP7cOYjMSDE48jhu50eEUqmmuWX62Iy7HB0q1R8zEsno%2BsoNJJfoJDbjBjyD4vWpzHgBsE9jIQs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863619471b6a5317-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://worldfreshjournal.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=worldfreshjournal.com&var=6769917&ymid=791495605804606018&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=f6a210c6-8b69-49d4-9052-8d3de4312ba8&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

msedge.exe

Remote address:

172.64.169.21:443

Request

POST /zone?&pub=0&zone_id=5202932&is_mobile=false&domain=worldfreshjournal.com&var=6769917&ymid=791495605804606018&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=f6a210c6-8b69-49d4-9052-8d3de4312ba8&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ== HTTP/2.0
host: worldfreshjournal.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-length: 0
x-trace-id: 0fabb2dce9a7aacf8ccef630c75dba0f
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fa0F2AzFvYlKVp7i%2BzuJRA2ot%2FMndF%2FD1zAoR3nN%2B6PY3o4rrnimjDPvJ6RKMu3Ws3ppNHQXhfFCjPXdurmkp0Uaonn7bYzrSHioPa1Ou%2BmKz8jS%2FS8VG6Qd69aXXnJ0%2FxQkhbuDN34%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863619471b6e5317-LHR
alt-svc: h3=":443"; ma=86400
GET

https://worldfreshjournal.com/rhd?rb=fyF7YTOvk9lf4V1eqMJPwnq2CIM9O8MApyWoW7c424I_6IUYqTsDXxExZMWA1TkDjf2Bu29RyqUDDwIykmOEsNNML2prFd5xQxU6F9C7A1dAEd3efdLB73RudLE--50pfLMCc1xBVFq-e0t8ONyP3BBo_3ANE1prdEZyAoz_NXugieWHR0qJNKbnFLQGW1fXw6m_R_Fs65cCXs677x4tGWDP-Hi8Ef9aakPYsLcIEGKmMOcT135KswJUW-JhCb7fDK1x7WTvd_AotczThGg_sucSEcDmR7WXz_qlkFmDh3DDD9xzHkTapcD1HMhi1zssrmF4JVIEhFFF9S0wyj0e-INomDmyUDd_woV3TIgvqOsof0Sld1o6uIBC0HSC6Cb18YTS5k65XP1elUVWoPZS67EKdVb4Atv397wcBrWEo__hOc06Bqo8mIoTixeLwbaKReJj4XApQNsepmj3qDWalmhLW5cDCqWFA2-T8ZCA12M_8Oh9eiiVnZA62MrIr-fJ2woHhk2X1SRtGF41pYiIqmMQjMt9LndJfPQPej57kixywgNIyY0bPcs7I71MC8VjIf98TZn4HDN9Js6itFq_oHnBy8XvDKoqqAQd4f6uCetfzOCg9EVl5p7O0apB7NqmccArnv9x7EOqd6MPOM1D0uzshwi39v4U4B4R2KBbd0AXjwBV9GDeQTiyhUnOJI-WTNXz7p9bmI97buQ3Z-Otng%3D%3D&request_ab2=0&zoneid=5202628&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1280&wih=609&wiw=1280&wfc=0&pl=https%3A%2F%2Fworldfreshjournal.com%2F%3Fb%3D2909618%26ba%3D0%26campid%3D14083%26did%3D2%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DGB%26hr%3D0%26i18db%3D1%26l%3DgnSq6b3k7lHvVR4%26oaid%3Dhdw09p3ioi79tgttub4zuq73vt7dzcl3%26pshr%3D0%26rd%3D0%26s%3D791495605804606018%26ssk%3De5f7706c88dcc399e40becd49143e6c6%26svar%3D1710270776%26tb%3D5202628%26tbad%3D5234825%26vi%3D0%26vo%3D0%26z%3D6769917&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6769917&var3=791495605804606018&ymid=&rhd=1&os=windows&os_version=10.0&m=link

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /rhd?rb=fyF7YTOvk9lf4V1eqMJPwnq2CIM9O8MApyWoW7c424I_6IUYqTsDXxExZMWA1TkDjf2Bu29RyqUDDwIykmOEsNNML2prFd5xQxU6F9C7A1dAEd3efdLB73RudLE--50pfLMCc1xBVFq-e0t8ONyP3BBo_3ANE1prdEZyAoz_NXugieWHR0qJNKbnFLQGW1fXw6m_R_Fs65cCXs677x4tGWDP-Hi8Ef9aakPYsLcIEGKmMOcT135KswJUW-JhCb7fDK1x7WTvd_AotczThGg_sucSEcDmR7WXz_qlkFmDh3DDD9xzHkTapcD1HMhi1zssrmF4JVIEhFFF9S0wyj0e-INomDmyUDd_woV3TIgvqOsof0Sld1o6uIBC0HSC6Cb18YTS5k65XP1elUVWoPZS67EKdVb4Atv397wcBrWEo__hOc06Bqo8mIoTixeLwbaKReJj4XApQNsepmj3qDWalmhLW5cDCqWFA2-T8ZCA12M_8Oh9eiiVnZA62MrIr-fJ2woHhk2X1SRtGF41pYiIqmMQjMt9LndJfPQPej57kixywgNIyY0bPcs7I71MC8VjIf98TZn4HDN9Js6itFq_oHnBy8XvDKoqqAQd4f6uCetfzOCg9EVl5p7O0apB7NqmccArnv9x7EOqd6MPOM1D0uzshwi39v4U4B4R2KBbd0AXjwBV9GDeQTiyhUnOJI-WTNXz7p9bmI97buQ3Z-Otng%3D%3D&request_ab2=0&zoneid=5202628&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1280&wih=609&wiw=1280&wfc=0&pl=https%3A%2F%2Fworldfreshjournal.com%2F%3Fb%3D2909618%26ba%3D0%26campid%3D14083%26did%3D2%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DGB%26hr%3D0%26i18db%3D1%26l%3DgnSq6b3k7lHvVR4%26oaid%3Dhdw09p3ioi79tgttub4zuq73vt7dzcl3%26pshr%3D0%26rd%3D0%26s%3D791495605804606018%26ssk%3De5f7706c88dcc399e40becd49143e6c6%26svar%3D1710270776%26tb%3D5202628%26tbad%3D5234825%26vi%3D0%26vo%3D0%26z%3D6769917&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6769917&var3=791495605804606018&ymid=&rhd=1&os=windows&os_version=10.0&m=link HTTP/2.0
host: worldfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777
cookie: prefetchAd_5202628=true

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 8130d2c0c36605d91a7f5e000fa22f0c
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3; expires=Wed, 12 Mar 2025 19:12:57 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1710270777; expires=Wed, 12 Mar 2025 19:12:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BlyhBYqJKTG8oxvTv5rGypeISqFeEE4k%2B54KFJaTFq%2BRlsqXWIP0%2BmF92KN%2BZLiP8BVBtX7NxZjQOq3I8fKSBuNn%2FE3GtFcZdAprB21bM3NDnmU9E6yYDVmVQvlEoqRXGyvp8T3hBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361947dc255317-LHR
alt-svc: h3=":443"; ma=86400
GET

https://worldfreshjournal.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=worldfreshjournal.com&var=6769917&ymid=791495605804606018&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=f6a210c6-8b69-49d4-9052-8d3de4312ba8&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /zone?&pub=0&zone_id=5202932&is_mobile=false&domain=worldfreshjournal.com&var=6769917&ymid=791495605804606018&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=f6a210c6-8b69-49d4-9052-8d3de4312ba8&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ== HTTP/2.0
host: worldfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777
cookie: prefetchAd_5202628=true
cookie: syncedCookie=true

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: acfa37ddbd3e620ed99ee4fb5fcb4542
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jXqcOoTMv8GPZYjGsouizjS9zwhAsS80P6TZNC3YWikx4hIKu8fJiwntj7voef1WZ%2F0BUtO%2BRY5HCJCe4EWyxivIBU65xsVneDJ%2Fape5G52TRbpO2xs9ww0FD6F8icoqp7S2MdKRP6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 863619489cf75317-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917&mprtr=1&os_version=10.0

msedge.exe

Remote address:

172.64.169.21:443

Request

POST /?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917&mprtr=1&os_version=10.0 HTTP/2.0
host: worldfreshjournal.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777
cookie: prefetchAd_5202628=true
cookie: syncedCookie=true

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUa7uMl7evVDCBngYl9YCuS8sI2m5wCfQvlI7WzdRrPQFflQU%2Fkyy7bMEYIJ8TRUjMcnfwiFy8Cv5GrB0EsLBQMRQpF5EHvLhxXYCd7UCWwnOZPnMuLkh7gc6fyNMHD2ywP%2FDDYFr70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86361948cd225317-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://worldfreshjournal.com/favicon.ico

msedge.exe

Remote address:

172.64.169.21:443

Request

GET /favicon.ico HTTP/2.0
host: worldfreshjournal.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=fKke1R3mIYrYBSUh_YZpjRfun51N7EkRlXP3SjC3e14
cookie: OAID=hdw09p3ioi79tgttub4zuq73vt7dzcl3
cookie: oaidts=1710270777
cookie: prefetchAd_5202628=true
cookie: syncedCookie=true

Response

HTTP/2.0 204

date: Tue, 12 Mar 2024 19:12:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1817
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6ISeJWO4ni85e9e6fIkUXoPhi2q8Nx4yHkq8Ng4z0hWWR%2BYbCK%2FeLZK0R%2FfAxuvKSe5qAMEG4zkvSQ%2B5a194f3EFLPswLelv0YKf77E7rv8pZCByd70uO05hjwBbK%2BB1CK1eIRTVWQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86361949de3c5317-LHR
alt-svc: h3=":443"; ma=86400
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 503415
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C98FDE93396A4C95A9ABAF563358E89C Ref B: LON04EDGE0716 Ref C: 2024-03-12T19:12:57Z
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 330316
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4D480BD2506E462FBFD3A6803D4488A4 Ref B: LON04EDGE0716 Ref C: 2024-03-12T19:12:57Z
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 425280
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C1F7111013F34E8C91EF862A81A8528A Ref B: LON04EDGE0716 Ref C: 2024-03-12T19:12:57Z
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301149_1C7UDVEUE5Q4XJNTT&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301149_1C7UDVEUE5Q4XJNTT&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 518274
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D480D23A20E24A71A6FE362C890A6EF1 Ref B: LON04EDGE0716 Ref C: 2024-03-12T19:12:57Z
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360288117_16I5EGVAT5N2GH79F&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360288117_16I5EGVAT5N2GH79F&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 628946
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8140FEBF54344AD2B3F687677DD136B7 Ref B: LON04EDGE0716 Ref C: 2024-03-12T19:12:57Z
date: Tue, 12 Mar 2024 19:12:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360288118_12NRN5HLPKXM4GDD6&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360288118_12NRN5HLPKXM4GDD6&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 450724
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AD2C51415A164BFC982597CD8228C6BD Ref B: LON04EDGE0716 Ref C: 2024-03-12T19:12:58Z
date: Tue, 12 Mar 2024 19:12:57 GMT
DNS

201.190.117.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.190.117.212.in-addr.arpa

IN PTR

Response
DNS

201.190.117.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.190.117.212.in-addr.arpa

IN PTR

Response
DNS

196.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.160.77.104.in-addr.arpa

IN PTR

Response

196.160.77.104.in-addr.arpa

IN PTR

a104-77-160-196deploystaticakamaitechnologiescom
DNS

236.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.197.45.139.in-addr.arpa

IN PTR

Response
DNS

littlecdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

littlecdn.com

IN A

Response

littlecdn.com

IN A

172.67.10.98

littlecdn.com

IN A

104.22.25.116

littlecdn.com

IN A

104.22.24.116
DNS

jouteetu.net

msedge.exe

Remote address:

8.8.8.8:53

Request

jouteetu.net

IN A

Response

jouteetu.net

IN A

139.45.197.251
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 562
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 611644db862fccefdc87f190303c6b87
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 565
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: da1934a31ff384c161a26c9e6e375d4e
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 564
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: be4eaa8a3217cac4ca15f19b651e6e84
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 567
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 97717a82a69f808ed54efe79ad547930
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 566
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e51b0b4dab8bb8ac9677811107471eaa
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 574
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 55131769fc56f00f88daef5f01473954
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 581
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b2313227a25cdeb787984236709d4d56
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
POST

https://jouteetu.net/custom

msedge.exe

Remote address:

139.45.197.251:443

Request

POST /custom HTTP/2.0
host: jouteetu.net
content-length: 588
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://worldfreshjournal.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: da1921db0ca93b3122fda72b32a8aa24
access-control-allow-origin: https://worldfreshjournal.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
GET

https://littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2

msedge.exe

Remote address:

172.67.10.98:443

Request

GET /apps/templates/subscriptions/universal/css/style.css?v=2 HTTP/2.0
host: littlecdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://worldfreshjournal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 12 Mar 2024 19:12:57 GMT
content-type: text/css
last-modified: Tue, 12 Mar 2024 15:36:19 GMT
vary: Accept-Encoding
etag: W/"65f07673-1bb3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4739
server: cloudflare
cf-ray: 863619482bda79b4-LHR
content-encoding: br
DNS

21.169.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.169.64.172.in-addr.arpa

IN PTR

Response
DNS

98.10.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.10.67.172.in-addr.arpa

IN PTR

Response
DNS

74.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.179.17.96.in-addr.arpa

IN PTR

Response

74.179.17.96.in-addr.arpa

IN PTR

a96-17-179-74deploystaticakamaitechnologiescom
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

10.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.179.89.13.in-addr.arpa

IN PTR

Response
DNS

10.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.179.89.13.in-addr.arpa

IN PTR
DNS

10.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.179.89.13.in-addr.arpa

IN PTR

18.158.88.249:443

https://frookshop-winsive.com/63cd4f30-1362-4c47-8e01-fda53c9549e5?c2=26233199&c1=affC1629855908aff223639f898573a294a452

tls, http2

msedge.exe

2.0kB
8.1kB
18
18

HTTP Request

GET https://frookshop-winsive.com/63cd4f30-1362-4c47-8e01-fda53c9549e5?c2=26233199&c1=affC1629855908aff223639f898573a294a452

HTTP Response

200
18.158.88.249:443

frookshop-winsive.com

tls

msedge.exe

1.1kB
6.0kB
12
10
138.91.171.81:80

52 B
1
96.17.179.184:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

468 B
1.7kB
7
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
18.158.88.249:443

reletinglablets.com

tls

msedge.exe

1.1kB
6.7kB
12
12
18.158.88.249:443

https://reletinglablets.com/redirect?target=BASE64aHR0cHM6Ly9leHRyYS5rZWVwbWVnb2luZ3dpdGh0aGlzd2Vic2l0ZS54eXovP3V0bV9tZWRpdW09YmY3NTczZjY5MTFmZDhkNThmY2RlMTRkNDYyMWJkYjgzODU4NzE5OCZ1dG1fY2FtcGFpZ249RmViMjRfMTNfYWxsJmNpZD13MG84c24xMTJzaGljanF2MmdwbTBrNm8&ts=1710270736862&hash=V7AfVWJ3h3naGAqEnqOTL-iPP5ylsPoPuTE12TidIfc&rm=DJ

tls, http2

msedge.exe

2.3kB
8.7kB
19
19

HTTP Request

GET https://reletinglablets.com/redirect?target=BASE64aHR0cHM6Ly9leHRyYS5rZWVwbWVnb2luZ3dpdGh0aGlzd2Vic2l0ZS54eXovP3V0bV9tZWRpdW09YmY3NTczZjY5MTFmZDhkNThmY2RlMTRkNDYyMWJkYjgzODU4NzE5OCZ1dG1fY2FtcGFpZ249RmViMjRfMTNfYWxsJmNpZD13MG84c24xMTJzaGljanF2MmdwbTBrNm8&ts=1710270736862&hash=V7AfVWJ3h3naGAqEnqOTL-iPP5ylsPoPuTE12TidIfc&rm=DJ

HTTP Response

200
69.175.50.35:443

https://extra.keepmegoingwiththiswebsite.xyz/sw.js?v=1710270736702

tls, http2

msedge.exe

3.2kB
11.8kB
19
20

HTTP Request

GET https://extra.keepmegoingwiththiswebsite.xyz/?utm_medium=bf7573f6911fd8d58fcde14d4621bdb838587198&utm_campaign=Feb24_13_all&cid=w0o8sn112shicjqv2gpm0k6o

HTTP Response

200

HTTP Request

GET https://extra.keepmegoingwiththiswebsite.xyz/favicon.ico

HTTP Request

GET https://extra.keepmegoingwiththiswebsite.xyz/sw.js?v=1710270736702

HTTP Response

200

HTTP Response

200
69.175.50.35:443

extra.keepmegoingwiththiswebsite.xyz

tls, http2

msedge.exe

1.7kB
5.3kB
13
12
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

tls, http2

3.1kB
9.3kB
25
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bc4e0184f0904ec9bdb5f3de3eed09ef&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

HTTP Response

204
162.55.4.52:443

v11.pi6p.com

tls

msedge.exe

1.0kB
3.8kB
9
10
162.55.4.52:443

https://v11.pi6p.com/go.php?ad=w8y1vvk08urbnwvonfk5&sid=M7345556887032561691&pub=909&pid=909-498c78ez&c=0&app=unknown&br=Edge&os=[[os]]&d=Microsoft+Edge&ca=GB+WiFi&a=0

tls, http

msedge.exe

1.9kB
4.6kB
11
12

HTTP Request

GET https://v11.pi6p.com/go.php?ad=w8y1vvk08urbnwvonfk5&sid=M7345556887032561691&pub=909&pid=909-498c78ez&c=0&app=unknown&br=Edge&os=[[os]]&d=Microsoft+Edge&ca=GB+WiFi&a=0

HTTP Response

302
104.21.23.138:443

zabedreb.com

tls, http2

msedge.exe

1.6kB
1.0kB
10
6
104.21.23.138:443

https://zabedreb.com/cndi4858vmefovl/5275646/?var=5038206&ymid=909&var_3=&rhd=1&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&usid=18e341483bd05592d68ccad&os_version=10.0

tls, http2

msedge.exe

20.2kB
266.2kB
295
328

HTTP Request

GET https://zabedreb.com/finance-survey.html?z=5038206&offer_id=2128&var=909&ymid=faf184klpwfdza05

HTTP Response

200

HTTP Request

GET https://zabedreb.com/js/_rtc.3a71eabd.js

HTTP Request

GET https://zabedreb.com/js/v-index.js.5a7d962d.js

HTTP Request

GET https://zabedreb.com/css/_core-survey.d3ac2ee0.css

HTTP Request

GET https://zabedreb.com/css/survey.3b7d0b23.css

HTTP Request

GET https://zabedreb.com/js/s-storageService.js.a9498350.js

HTTP Request

GET https://zabedreb.com/js/s-checkSessionStorageAvailable.ts.7bdb7e41.js

HTTP Request

GET https://zabedreb.com/js/s-checkLocalStorageAvailable.ts.b45ef5d2.js

HTTP Request

GET https://zabedreb.com/js/v-redux-toolkit.esm.js.65df1d73.js

HTTP Request

GET https://zabedreb.com/js/_each-land-config.3dce0a3c.js

HTTP Request

GET https://zabedreb.com/js/v-react-dom.production.min.js.d8385e64.js

HTTP Request

GET https://zabedreb.com/js/_core-survey.9b42bd00.js

HTTP Request

GET https://zabedreb.com/js/survey.79fcdf54.js

HTTP Request

GET https://zabedreb.com/img/icon-survey.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://zabedreb.com/js/config/sd/sd-2128-en.js?v=10

HTTP Request

GET https://zabedreb.com/js/config/dict/cookie-consent-1.json?v=10

HTTP Response

200

HTTP Request

GET https://zabedreb.com/js/config/comments/en.json

HTTP Request

GET https://zabedreb.com/js/v-index.mjs.caf998d6.js

HTTP Request

GET https://zabedreb.com/js/v-node.js.e5ccfa9b.js

HTTP Request

GET https://zabedreb.com/js/v-possibleStandardNamesOptimized.js.c8d2ad28.js

HTTP Request

GET https://zabedreb.com/js/v-utilities.js.2fc6b02f.js

HTTP Request

GET https://zabedreb.com/js/v-domparser.js.fdb51d66.js

HTTP Request

GET https://zabedreb.com/js/v-dom-to-react.js.75cc6e59.js

HTTP Request

GET https://zabedreb.com/js/v-attributes-to-props.js.19fc8108.js

HTTP Request

GET https://zabedreb.com/js/v-html-to-dom.js.74c54280.js

HTTP Request

GET https://zabedreb.com/js/v-constants.js.cf65a8de.js

HTTP Request

GET https://zabedreb.com/js/SurveyContainer.7214ff53.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://zabedreb.com/img/comments/unnamed.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-1.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-14.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-2.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-4.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-5.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-6.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-8.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-3.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-9.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-10.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-11.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-12.webp

HTTP Request

GET https://zabedreb.com/img/comments/person-13.webp

HTTP Request

GET https://zabedreb.com/pfe/current/stattag.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://zabedreb.com/favicon.ico

HTTP Request

GET https://zabedreb.com/pfe/current/micro.tag.min.js?z=6163313&sw=/sw/sw6163313.js&var=5038206&var_3=null&var_4=null&ymid=909&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://zabedreb.com/sw/sw6163313.js?var=5038206&var_3=null&var_4=null&ymid=909&ab2_ttl=5184000000

HTTP Response

200

HTTP Request

GET https://zabedreb.com/cndi4858vmefovl/5275646/?var=5038206&ymid=909&var_3=&rhd=1&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&usid=18e341483bd05592d68ccad&os_version=10.0

HTTP Response

200
139.45.197.238:443

vuolobnhqb.com

tls, http2

msedge.exe

1.1kB
5.4kB
11
14
139.45.195.8:443

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=791495605804606018&var=6769917

tls, http2

msedge.exe

3.6kB
10.7kB
28
26

HTTP Request

GET https://my.rtmark.net/gid.js?userId=hdw09p3ioi79tgttub4zuq73vt7dzcl3

HTTP Response

200

HTTP Request

GET https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=6163313&checkDuplicate=true&ymid=909&var=5038206

HTTP Response

200

HTTP Request

POST https://my.rtmark.net/img.gif?f=sync&partner=bad62ccd10dfd3975a220f1dc703b0db2bef248b3619abc54d9cd11706692958

HTTP Response

200

HTTP Request

GET https://my.rtmark.net/img.gif?f=merge&userId=00801d512e924c6bfb90744a41f87bde&z=6769917&p_rid=56e6a297-321b-4433-93c8-53db4400c267&p_src=sf

HTTP Response

200

HTTP Request

GET https://my.rtmark.net/gid.js?userId=hdw09p3ioi79tgttub4zuq73vt7dzcl3

HTTP Request

GET https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=791495605804606018&var=6769917

HTTP Response

200

HTTP Response

200
139.45.197.237:443

offpichuan.com

tls, http2

msedge.exe

1.2kB
5.5kB
12
15
93.158.134.119:443

https://mc.yandex.ru/metrika/tag.js

tls, http2

msedge.exe

19.4kB
90.0kB
82
112

HTTP Request

GET https://mc.yandex.ru/metrika/tag.js
139.45.197.237:443

https://offpichuan.com/track?offer_id=2128&z=5038206&request_var=909&variable2=faf184klpwfdza05&os_version=10.0&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3

tls, http2

msedge.exe

2.1kB
7.8kB
17
19

HTTP Request

GET https://offpichuan.com/rotate?zz=5592640;5592646;5592644;5592647;5592642;5592657;5592652&var=5038206&ymid=909&uid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&os_version=10.0

HTTP Request

GET https://offpichuan.com/track?offer_id=2128&z=5038206&request_var=909&variable2=faf184klpwfdza05&os_version=10.0&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3

HTTP Response

200

HTTP Response

200
139.45.197.237:443

offpichuan.com

tls

msedge.exe

977 B
4.7kB
10
8
139.45.197.248:443

https://arleavannya.com/sync-metrics

tls, http2

msedge.exe

3.9kB
11.4kB
27
29

HTTP Request

OPTIONS https://arleavannya.com/sync-metrics

HTTP Response

200

HTTP Request

OPTIONS https://arleavannya.com/sync-metrics

HTTP Request

OPTIONS https://arleavannya.com/sync-do

HTTP Request

OPTIONS https://arleavannya.com/sync-metrics

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://arleavannya.com/sync-metrics

HTTP Response

200

HTTP Request

OPTIONS https://arleavannya.com/sync-metrics

HTTP Response

200
142.251.36.4:443

https://www.google.com/recaptcha/api.js?render=explicit&hl=en

tls, http2

msedge.exe

1.9kB
7.4kB
17
19

HTTP Request

GET https://www.google.com/recaptcha/api.js?render=explicit&hl=en
139.45.197.248:443

https://arleavannya.com/sync-metrics

tls, http2

msedge.exe

9.6kB
13.8kB
38
35

HTTP Request

POST https://arleavannya.com/sync-metrics

HTTP Response

200

HTTP Request

POST https://arleavannya.com/sync-do

HTTP Request

POST https://arleavannya.com/sync-metrics

HTTP Request

POST https://arleavannya.com/sync-metrics

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://arleavannya.com/sync-metrics

HTTP Response

200

HTTP Request

POST https://arleavannya.com/sync-metrics

HTTP Response

200
37.48.68.71:443

https://datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=a2a513de-ba59-4e6a-be49-68df765cf3c2

tls, http

msedge.exe

4.0kB
7.5kB
14
15

HTTP Request

POST https://datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=a2a513de-ba59-4e6a-be49-68df765cf3c2

HTTP Response

200
139.45.197.251:443

ofklefkian.com

tls

msedge.exe

1.0kB
660 B
10
9
139.45.197.251:443

https://ofklefkian.com/zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=settings

tls, http2

msedge.exe

1.9kB
5.5kB
14
14

HTTP Request

GET https://ofklefkian.com/zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=settings

HTTP Response

200
139.45.197.251:443

https://ofklefkian.com/zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest

tls, http2

msedge.exe

1.8kB
5.3kB
12
14

HTTP Request

POST https://ofklefkian.com/zone?&pub=0&zone_id=6163313&is_mobile=false&domain=zabedreb.com&var=5038206&ymid=909&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest

HTTP Response

200
139.45.197.236:443

yonmewon.com

tls, http2

msedge.exe

1.2kB
6.7kB
13
14
104.77.160.196:443

https://ak.phoognol.com/favicon.ico

tls, http2

msedge.exe

6.3kB
24.0kB
32
38

HTTP Request

GET https://ak.phoognol.com/4/6769917?var=5275646&btz=&bto=&ymid=d6e65249-7727-4640-8c1b-3edec604a003&var_3=hdw09p3ioi79tgttub4zuq73vt7dzcl3

HTTP Response

200

HTTP Request

POST https://ak.phoognol.com/sftouch?userId=00801d512e924c6bfb90744a41f87bde&z=6769917&p_rid=56e6a297-321b-4433-93c8-53db4400c267&p_src=sf&branchId=400701&rb=60-M6z3UtKO8eZOAmzld89HA3PeHjj6RGS6jiJO9v5Sw7LS7cNpYgvaUM7BDlPwpbqWJJ3xhdTMr9EhaB7DmAm7Q-veri5p0-tL21GdQDpg9vtTUXHI-whvfT0zdWNze0ghKRhM1ckufCtyC8PlbufvPDQvLZu5G7iuZtSWyMA6plZJMacU8qE8pyOo5Ar6aAbSA_bshyUZd2shnBpsZ7-2lmwumfiD_PVVaJdgf-1KA6emULzAVxI5t_qsFn1YaJd8cz_dNbP6qcwZZ8fktO_-rEQE4qrAOmopVWRjnTDfsCm8C0geB7CyTMjm8pgAZH34PV8YVnl6bpaBv89kSX2S_n9j33QJs7KyHE-WWIGhmIeX9fitKWLhJ0huQ7Uo1ThDzZzqM24QMNERvCe_gRPl_6rhfs5-TkfIjbhWSWBQ=

HTTP Request

GET https://ak.phoognol.com/favicon.ico

HTTP Response

200

HTTP Request

POST https://ak.phoognol.com/?z=6769917&syncedCookie=true&rhd=false

HTTP Response

204

HTTP Request

GET https://ak.phoognol.com/favicon.ico

HTTP Response

204

HTTP Response

302
104.77.160.196:443

ak.phoognol.com

tls, http2

msedge.exe

1.3kB
7.4kB
13
15
212.117.190.201:443

sr7pv7n5x.com

tls, http2

msedge.exe

1.1kB
4.6kB
12
13
37.48.68.71:443

datatechone.com

tls

msedge.exe

1.2kB
770 B
12
10
37.48.68.71:443

https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=56e6a297-321b-4433-93c8-53db4400c267

tls, http

msedge.exe

4.5kB
7.5kB
13
15

HTTP Request

POST https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=56e6a297-321b-4433-93c8-53db4400c267

HTTP Response

200
172.64.169.21:443

https://worldfreshjournal.com/favicon.ico

tls, http2

msedge.exe

7.0kB
42.4kB
48
55

HTTP Request

GET https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917

HTTP Response

200

HTTP Request

GET https://worldfreshjournal.com/pfe/current/micro.tag.min.js?z=5202932&ymid=791495605804606018&var=6769917&sw=/sw-check-permissions/5202932&uhd=1

HTTP Request

GET https://worldfreshjournal.com/19/5202628/?abt_opts=1&var=6769917&var3=791495605804606018&ymid=&rhd=1&os=windows&os_version=10.0

HTTP Response

200

HTTP Request

GET https://worldfreshjournal.com/sw-check-permissions/5202932?var=6769917&ymid=791495605804606018&uhd=1&zoneId=5202932

HTTP Request

POST https://worldfreshjournal.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=worldfreshjournal.com&var=6769917&ymid=791495605804606018&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=f6a210c6-8b69-49d4-9052-8d3de4312ba8&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://worldfreshjournal.com/rhd?rb=fyF7YTOvk9lf4V1eqMJPwnq2CIM9O8MApyWoW7c424I_6IUYqTsDXxExZMWA1TkDjf2Bu29RyqUDDwIykmOEsNNML2prFd5xQxU6F9C7A1dAEd3efdLB73RudLE--50pfLMCc1xBVFq-e0t8ONyP3BBo_3ANE1prdEZyAoz_NXugieWHR0qJNKbnFLQGW1fXw6m_R_Fs65cCXs677x4tGWDP-Hi8Ef9aakPYsLcIEGKmMOcT135KswJUW-JhCb7fDK1x7WTvd_AotczThGg_sucSEcDmR7WXz_qlkFmDh3DDD9xzHkTapcD1HMhi1zssrmF4JVIEhFFF9S0wyj0e-INomDmyUDd_woV3TIgvqOsof0Sld1o6uIBC0HSC6Cb18YTS5k65XP1elUVWoPZS67EKdVb4Atv397wcBrWEo__hOc06Bqo8mIoTixeLwbaKReJj4XApQNsepmj3qDWalmhLW5cDCqWFA2-T8ZCA12M_8Oh9eiiVnZA62MrIr-fJ2woHhk2X1SRtGF41pYiIqmMQjMt9LndJfPQPej57kixywgNIyY0bPcs7I71MC8VjIf98TZn4HDN9Js6itFq_oHnBy8XvDKoqqAQd4f6uCetfzOCg9EVl5p7O0apB7NqmccArnv9x7EOqd6MPOM1D0uzshwi39v4U4B4R2KBbd0AXjwBV9GDeQTiyhUnOJI-WTNXz7p9bmI97buQ3Z-Otng%3D%3D&request_ab2=0&zoneid=5202628&fs=0&cf=0&sw=1280&sh=720&sah=680&wx=0&wy=0&ww=1280&wh=680&cw=1280&wih=609&wiw=1280&wfc=0&pl=https%3A%2F%2Fworldfreshjournal.com%2F%3Fb%3D2909618%26ba%3D0%26campid%3D14083%26did%3D2%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DGB%26hr%3D0%26i18db%3D1%26l%3DgnSq6b3k7lHvVR4%26oaid%3Dhdw09p3ioi79tgttub4zuq73vt7dzcl3%26pshr%3D0%26rd%3D0%26s%3D791495605804606018%26ssk%3De5f7706c88dcc399e40becd49143e6c6%26svar%3D1710270776%26tb%3D5202628%26tbad%3D5234825%26vi%3D0%26vo%3D0%26z%3D6769917&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6769917&var3=791495605804606018&ymid=&rhd=1&os=windows&os_version=10.0&m=link

HTTP Response

200

HTTP Request

GET https://worldfreshjournal.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=worldfreshjournal.com&var=6769917&ymid=791495605804606018&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=f6a210c6-8b69-49d4-9052-8d3de4312ba8&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiJ4ODYiLCJtb2RlbCI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IjEwLjAifQ==

HTTP Request

POST https://worldfreshjournal.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=hdw09p3ioi79tgttub4zuq73vt7dzcl3&pshr=0&rd=0&s=791495605804606018&ssk=e5f7706c88dcc399e40becd49143e6c6&svar=1710270776&tb=5202628&tbad=5234825&vi=0&vo=0&z=6769917&mprtr=1&os_version=10.0

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://worldfreshjournal.com/favicon.ico

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.1kB
18
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360288118_12NRN5HLPKXM4GDD6&pid=21.2&w=1080&h=1920&c=4

tls, http2

102.8kB
3.0MB
2153
2148

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301149_1C7UDVEUE5Q4XJNTT&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360288117_16I5EGVAT5N2GH79F&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360288118_12NRN5HLPKXM4GDD6&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
172.67.10.98:443

littlecdn.com

tls, http2

msedge.exe

1.0kB
1.6kB
9
7
139.45.197.251:443

https://jouteetu.net/custom

tls, http2

msedge.exe

12.9kB
7.6kB
45
33

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://jouteetu.net/custom

HTTP Response

200

HTTP Response

200
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.0kB
3.2kB
8
6
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.0kB
3.2kB
8
6
139.45.197.251:443

jouteetu.net

tls

msedge.exe

1.4kB
2.8kB
8
5
139.45.197.251:443

jouteetu.net

tls

msedge.exe

839 B
2.8kB
7
5
172.67.10.98:443

https://littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2

tls, http2

msedge.exe

1.8kB
6.6kB
15
14

HTTP Request

GET https://littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2

HTTP Response

200

8.8.8.8:53

frookshop-winsive.com

dns

msedge.exe

67 B
83 B
1
1

DNS Request

frookshop-winsive.com

DNS Response

18.158.88.249
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.184

96.17.179.205
8.8.8.8:53

249.88.158.18.in-addr.arpa

dns

144 B
138 B
2
1

DNS Request

249.88.158.18.in-addr.arpa

DNS Request

249.88.158.18.in-addr.arpa
8.8.8.8:53

184.179.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

184.179.17.96.in-addr.arpa

DNS Request

184.179.17.96.in-addr.arpa
8.8.8.8:53

reletinglablets.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

reletinglablets.com

DNS Response

18.158.88.249
8.8.8.8:53

extra.keepmegoingwiththiswebsite.xyz

dns

msedge.exe

82 B
98 B
1
1

DNS Request

extra.keepmegoingwiththiswebsite.xyz

DNS Response

69.175.50.35
8.8.8.8:53

35.50.175.69.in-addr.arpa

dns

142 B
104 B
2
1

DNS Request

35.50.175.69.in-addr.arpa

DNS Request

35.50.175.69.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
224.0.0.251:5353

528 B
8
8.8.8.8:53

25.63.96.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

25.63.96.20.in-addr.arpa
8.8.8.8:53

v11.pi6p.com

dns

msedge.exe

116 B
100 B
2
1

DNS Request

v11.pi6p.com

DNS Request

v11.pi6p.com

DNS Response

162.55.4.52
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

178.223.142.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

178.223.142.52.in-addr.arpa
8.8.8.8:53

zabedreb.com

dns

msedge.exe

58 B
90 B
1
1

DNS Request

zabedreb.com

DNS Response

104.21.23.138

172.67.211.82
8.8.8.8:53

52.4.55.162.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

52.4.55.162.in-addr.arpa
8.8.8.8:53

offpichuan.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

offpichuan.com

DNS Response

139.45.197.237
8.8.8.8:53

vuolobnhqb.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

vuolobnhqb.com

DNS Response

139.45.197.238
8.8.8.8:53

my.rtmark.net

dns

msedge.exe

59 B
75 B
1
1

DNS Request

my.rtmark.net

DNS Response

139.45.195.8
8.8.8.8:53

mc.yandex.ru

dns

msedge.exe

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

93.158.134.119

87.250.251.119

77.88.21.119

87.250.250.119
8.8.8.8:53

arleavannya.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

arleavannya.com

DNS Response

139.45.197.248
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.251.36.4
8.8.8.8:53

138.23.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

138.23.21.104.in-addr.arpa
8.8.8.8:53

8.195.45.139.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

8.195.45.139.in-addr.arpa
8.8.8.8:53

238.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

238.197.45.139.in-addr.arpa
8.8.8.8:53

237.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

237.197.45.139.in-addr.arpa
8.8.8.8:53

119.134.158.93.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

119.134.158.93.in-addr.arpa
8.8.8.8:53

248.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

248.197.45.139.in-addr.arpa
8.8.8.8:53

4.36.251.142.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

4.36.251.142.in-addr.arpa
8.8.8.8:53

datatechonert.com

dns

msedge.exe

126 B
158 B
2
2

DNS Request

datatechonert.com

DNS Request

datatechonert.com

DNS Response

37.48.68.71

DNS Response

37.48.68.71
8.8.8.8:53

mc.yandex.com

dns

msedge.exe

59 B
149 B
1
1

DNS Request

mc.yandex.com

DNS Response

87.250.251.119

87.250.250.119

77.88.21.119

93.158.134.119
8.8.8.8:53

3.214.58.216.in-addr.arpa

dns

142 B
152 B
2
1

DNS Request

3.214.58.216.in-addr.arpa

DNS Request

3.214.58.216.in-addr.arpa
8.8.8.8:53

71.68.48.37.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

71.68.48.37.in-addr.arpa
8.8.8.8:53

ofklefkian.com

dns

msedge.exe

120 B
152 B
2
2

DNS Request

ofklefkian.com

DNS Request

ofklefkian.com

DNS Response

139.45.197.251

DNS Response

139.45.197.251
8.8.8.8:53

251.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

251.197.45.139.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

23.160.77.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

23.160.77.104.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

104.219.191.52.in-addr.arpa

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

146 B
159 B
2
1

DNS Request

228.249.119.40.in-addr.arpa

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

ak.phoognol.com

dns

msedge.exe

61 B
164 B
1
1

DNS Request

ak.phoognol.com

DNS Response

104.77.160.196

104.77.160.222
8.8.8.8:53

yonmewon.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

yonmewon.com

DNS Response

139.45.197.236
8.8.8.8:53

sr7pv7n5x.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

sr7pv7n5x.com

DNS Response

212.117.190.201
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

datatechone.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

datatechone.com

DNS Response

37.48.68.71
8.8.8.8:53

worldfreshjournal.com

dns

msedge.exe

134 B
99 B
2
1

DNS Request

worldfreshjournal.com

DNS Request

worldfreshjournal.com

DNS Response

172.64.169.21

172.64.168.21
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

201.190.117.212.in-addr.arpa

dns

148 B
294 B
2
2

DNS Request

201.190.117.212.in-addr.arpa

DNS Request

201.190.117.212.in-addr.arpa
8.8.8.8:53

196.160.77.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

196.160.77.104.in-addr.arpa
8.8.8.8:53

236.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

236.197.45.139.in-addr.arpa
8.8.8.8:53

littlecdn.com

dns

msedge.exe

59 B
107 B
1
1

DNS Request

littlecdn.com

DNS Response

172.67.10.98

104.22.25.116

104.22.24.116
8.8.8.8:53

jouteetu.net

dns

msedge.exe

58 B
74 B
1
1

DNS Request

jouteetu.net

DNS Response

139.45.197.251
8.8.8.8:53

21.169.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

21.169.64.172.in-addr.arpa
8.8.8.8:53

98.10.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

98.10.67.172.in-addr.arpa
8.8.8.8:53

74.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

74.179.17.96.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

10.179.89.13.in-addr.arpa

dns

213 B
145 B
3
1

DNS Request

10.179.89.13.in-addr.arpa

DNS Request

10.179.89.13.in-addr.arpa

DNS Request

10.179.89.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
71889bee410c0a9fd121f18961f27c41

SHA1
9fa5c0780b8cda6df82646b465f08f6b01eab51e

SHA256
970cf6274a1128d43a2cdd7c8daab1bf597cd586fa7ea667e9c09c16fbff1a84

SHA512
d73085370a637a0fcda4c73d1cdafd587410c0fe3a730f405bfae57a0de7344d7d5255b0c8d1c5a574463d72fb42ef8dd9f9d5e81081cb23e761a008a8de409d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
cdcdf9627db4ca571360404c11bd81d6

SHA1
5ee15a143efbe04e21609759b9bbcaf450fb9354

SHA256
362fea5f87ae595108ddc925d8b2110b5134e3f5a57418144a6098bc2293bfe1

SHA512
ee4384a140a62904112b3cc0d67fb5dd7336b39c6f8189577a24520ac5bfa581a27d8e632eb7d8a1120059525521c250aaea632eca419966e499cc7430aa6586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
80d3c3deee48a73665aa6e13491341d7

SHA1
fdd241fd7fa8a9fe84434415430aa643cc93860e

SHA256
cc9ea859f180e57fb37778a038a2085490af128f09ab11b02068149e406593d4

SHA512
7c10c6b572d9da900ee85bfe2d2be2e3559a821529ff6187a17d090e51ccdfece4e45d0d5056a601e19769d6fceb8ca0aaae5baed93ee07baf5a90a462b671e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffd27739d766a9356582ecda2e5e0ef1

SHA1
6b1c664271f5aa8323884663ff43edb0bfdf7aaf

SHA256
cb1db728824b18c60d2ce1f5c015f3c80f9925bf99009ef2899082658576d20d

SHA512
1018d2ad02f1ea527a334cb718e43ba2fb2de466acc7ede104f80f2939d29c8db47ecbc46ceb142ba1106fb06915ba2d977b16f1a2330150fe315dc1987af6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48f84d6c2ec770ff170eb5a3c66e661e

SHA1
cf92c04ab9e734864fb72eb330cff1569d23a5fa

SHA256
64bf74e789832ede2e2218531b3c151ff8e6def61dad5dd6fae2aa010d09b105

SHA512
67b787f6ea3c7df92f8a1d3d77794c9cd7c3eb37c009a6b82ffbe298642d4a30f270f87bea606425a191717e92b6ae2ef15a53fc788d05a36bb680ef10bdcd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
498a338bf47433e45853583b7c027dfb

SHA1
8c566023cee173cce7bd6f81f956bc2fe0592919

SHA256
3344acab386ee22a882d944becf0d745676e1ad3b512af51b364742664de5627

SHA512
25cff18695be3fb45ed1d3bd63ccf254c81e9199a06d51199dc52e85a61330b98103a340c0cf0f8b62ea5984e337ded97f020976e6e3e5c6e2a7586608759be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a35bdaf4fb88929d8c94cb9c1e5caf8b

SHA1
f008899541c4422ab96580b23bf0f551cf0562b3

SHA256
d4c0d5354b5f5c38d0e574e1cb0e3c19ca0ecde4b5036789a9c051b9a944968d

SHA512
2cdc0d9fed1aca6290137340786c7b0a6e4a1c29317024ebf912f26645d7a8b051f36ee61004be4f666e14285bba99d9388c096011d7b92c067428057994b149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3aa27f2e0ff34a13556291b0ff0acb28

SHA1
cb45769eb1e1f2b9ed8bfad852c6d17fedc46506

SHA256
38766aac25dd3be9224c3eeb094defe2e2e0f7f683c2407398cc19c3f4e76431

SHA512
a362e0619075f55c9bc9d2abb8103d7b8b0440d93268483c0a3adc5af3a9d4eed4a74a86c97167cc5fba16147e76e4f2a1e7981abfd642e0bfb191ca5e115569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b93e.TMP

Filesize
48B

MD5
90c6b080e08d454c193c5e8aeb7ecff6

SHA1
ed8b59f213319d4d98d4027fa0e4181c7d5dafa9

SHA256
187058a5a095bee4cc34f08bfc9af44de52227b3708bee31df8188945cda2722

SHA512
8721b1902e50ddec499eda97d87e875ec1bb989ac0a5c7a6b198976b45ca5493ad224cf9f1384b0843e65f99db6e6ab90236e14d87851c072f27749c2d9b1bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2368863fda3820c5cbeff25f81a6e08

SHA1
0aa7ef34ded1444d439b3b8325de6f97c29a2ffe

SHA256
4e8201a594d13eab32af1321101ba9188e815719c56522e10ad6d50d9ec943ab

SHA512
17a2bbbc716178be97120dbd01a36f66517c065e67067bd3b4081f43489d28c1e00a288311b976f54f3937c3fbca8677db376fe12b864f9e86869db959af5788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c8283ad067fdcbb3e8c83812775a172

SHA1
0076dd822bb52216c93471212f1ca66c7ccf6a47

SHA256
672d3dcd96780175ab44c3e4b63eb1434700a77e73618753bd27406ac5e387a2

SHA512
0b80589babbb5b86da7187b76b1d4c007ad6673775a37e64349c4cec06e5ca6cb1efdcf906ee3db477d345e3b5043894a8b1fe1f927cdb00c704414ef46675a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8c11c4325b216d16cf43e3169354643

SHA1
84e991efd89ee7183a641c9ea70b765f864886fd

SHA256
b10090b8b08dc2502920563e1bbe88fe767f91d6852e787425820416e415d28c

SHA512
27894358a018e46957446413760c11c838b1bf5223a70562d9bbbd5d1f7e0d96c5e906f37a98a493efdfff727d6690322611ebb5cd235ce65fe27e0e56e0b54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b834.TMP

Filesize
1KB

MD5
b98866a631445087ae5270be3810f6d6

SHA1
a63164e8f0734b9b82cdcac368b16f3e0ef169f2

SHA256
b5e09f470d3812fd5be9a679ab42a6d9be87dfef36d8fbc5df1aa69b49cf48ab

SHA512
0409bcfc0f8836fdf97c4422a977ec8cbdd9cfef883f733b1ac8342e0498ba9efe1bbdffc4ed5fbd5454ea54716a05feadf835fe43a51dd9f0c42e2e9f597760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00eee4b9191366370f76dfe0939a1ae1

SHA1
4c152c40a699f0646ce22fdabb9c75e00a2b2d46

SHA256
e896c37c14a1969f7ccd18faec253574177bf15153e7f3ade7060368583f90c3

SHA512
20b7f0cd84e7026e65aad89fe76c387c46a2b4fac14f74898d36cd3650545f36ca37763808b697dd7ad3b84c73793c3fdb1c88bf7f2589ecf48391818d9ecd09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response