Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/03/2024, 00:18 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57
Resource
win11-20240221-en
General
-
Target
https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4028 msedge.exe 4028 msedge.exe 4888 msedge.exe 4888 msedge.exe 5060 identity_helper.exe 5060 identity_helper.exe 3060 msedge.exe 3060 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4888 wrote to memory of 4444 4888 msedge.exe 80 PID 4888 wrote to memory of 4444 4888 msedge.exe 80 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4660 4888 msedge.exe 81 PID 4888 wrote to memory of 4028 4888 msedge.exe 82 PID 4888 wrote to memory of 4028 4888 msedge.exe 82 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83 PID 4888 wrote to memory of 1476 4888 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc571⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff0b153cb8,0x7fff0b153cc8,0x7fff0b153cd82⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,4180106387140203759,6755781880876897586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2908
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1132
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1484
Network
-
Remote address:8.8.8.8:53Requestpenca-cbd8.ilodnswfalen.workers.devIN AResponsepenca-cbd8.ilodnswfalen.workers.devIN A104.21.73.199penca-cbd8.ilodnswfalen.workers.devIN A172.67.165.206
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestcode.jquery.comIN AResponsecode.jquery.comIN A151.101.194.137code.jquery.comIN A151.101.66.137code.jquery.comIN A151.101.2.137code.jquery.comIN A151.101.130.137
-
Remote address:8.8.8.8:53Requestimages.sftcdn.netIN AResponseimages.sftcdn.netIN CNAMEsoftonic.san.cloudinary.comsoftonic.san.cloudinary.comIN CNAMEs4-san.cloudinary.com.edgekey.nets4-san.cloudinary.com.edgekey.netIN CNAMEe10700.dsca.akamaiedge.nete10700.dsca.akamaiedge.netIN A104.103.241.197
-
Remote address:8.8.8.8:53Requestfonts.gstatic.comIN AResponsefonts.gstatic.comIN A142.251.36.35
-
Remote address:8.8.8.8:53Request197.241.103.104.in-addr.arpaIN PTRResponse197.241.103.104.in-addr.arpaIN PTRa104-103-241-197deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestrunn1rnl8xzmqeh0kvov.web.appIN AResponserunn1rnl8xzmqeh0kvov.web.appIN A199.36.158.100
-
Remote address:8.8.8.8:53Request158.58.19.162.in-addr.arpaIN PTRResponse158.58.19.162.in-addr.arpaIN PTRns3096590ip-162-19-58eu
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:104.21.73.199:443RequestGET /fa0ddc1a-42fe-48d7-9c38-0e515868fc57 HTTP/2.0
host: penca-cbd8.ilodnswfalen.workers.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxDywkhEx5wFOV5XEmniViAC1CXeHGDchic6E7OCT%2B5pvieZl%2Fc%2Ff8lkqTeFCJc69nDK%2FdoIdCj6ImpUb18TUYVvBBxGiqjKwB%2FoaRi3hZEFqWsgvhVm9X8fMyfItoBaj8ocSHDirS96kqP7D16Htiaolx8qfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 864016521f2079bf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request61.179.17.96.in-addr.arpaIN PTRResponse61.179.17.96.in-addr.arpaIN PTRa96-17-179-61deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request137.194.101.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmaxcdn.bootstrapcdn.comIN AResponsemaxcdn.bootstrapcdn.comIN A104.18.10.207maxcdn.bootstrapcdn.comIN A104.18.11.207
-
Remote address:8.8.8.8:53Requestx.ss2.usIN AResponsex.ss2.usIN A3.162.140.76x.ss2.usIN A3.162.140.65x.ss2.usIN A3.162.140.88x.ss2.usIN A3.162.140.79
-
Remote address:8.8.8.8:53Request207.10.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request100.158.36.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request5.173.189.20.in-addr.arpaIN PTRResponse
-
Remote address:151.101.194.137:443RequestGET /jquery-3.4.1.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://penca-cbd8.ilodnswfalen.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15851"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 14 Mar 2024 00:18:34 GMT
age: 2294012
x-served-by: cache-lga21965-LGA, cache-lcy-eglc8600020-LCY
x-cache: HIT, HIT
x-cache-hits: 13, 247012
x-timer: S1710375515.589174,VS0,VE0
vary: Accept-Encoding
content-length: 30638
-
Remote address:151.101.194.137:443RequestGET /jquery-3.1.1.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 14 Mar 2024 00:18:48 GMT
age: 10867391
x-served-by: cache-lga21947-LGA, cache-lcy-eglc8600020-LCY
x-cache: HIT, HIT
x-cache-hits: 78, 43794
x-timer: S1710375528.163588,VS0,VE0
vary: Accept-Encoding
content-length: 30070
-
Remote address:172.217.23.202:443RequestGET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://images.sftcdn.net/images/t_app-icon-m/p/1c15b909-815a-41d4-96ec-4b5e49df2bf5/1368911181/adobe-document-cloud-adobe_document_cloud_icon.jpgmsedge.exeRemote address:104.103.241.197:443RequestGET /images/t_app-icon-m/p/1c15b909-815a-41d4-96ec-4b5e49df2bf5/1368911181/adobe-document-cloud-adobe_document_cloud_icon.jpg HTTP/2.0
host: images.sftcdn.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-length: 2758
etag: "23bb7ed9f1f0e20cb9a3a1f2443f49f2"
last-modified: Tue, 14 Feb 2023 08:50:28 GMT
date: Thu, 14 Mar 2024 00:18:48 GMT
cache-control: public, no-transform, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
content-disposition: inline; filename="adobe-document-cloud-adobe_document_cloud_icon.jpg"
x-content-type-options: nosniff
server-timing: cld-akam;dur=3;start=2024-03-14T00:18:48.402Z;desc=hit,rtt;dur=50,content-info;desc="width=224,height=224,owidth=1600,oheight=1600,obytes=371009"
-
GEThttps://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSji3uKkCIRNa58VvKNMk1J-nCZF2gpyVTw8h6jbk5Z3PKiV7Lxt0ZVOCJGcEs8a6gRfkY&usqp=CAUmsedge.exeRemote address:142.250.179.174:443RequestGET /images?q=tbn:ANd9GcSji3uKkCIRNa58VvKNMk1J-nCZF2gpyVTw8h6jbk5Z3PKiV7Lxt0ZVOCJGcEs8a6gRfkY&usqp=CAU HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT_nWscHt0NMdQ4G2yJql7JkGXaouoS5bKezYi3ioReBoW1VJo5gpINKDkf8ShxbjobVfs&usqp=CAUmsedge.exeRemote address:142.250.179.174:443RequestGET /images?q=tbn:ANd9GcT_nWscHt0NMdQ4G2yJql7JkGXaouoS5bKezYi3ioReBoW1VJo5gpINKDkf8ShxbjobVfs&usqp=CAU HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:104.18.10.207:443RequestGET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/2.0
host: maxcdn.bootstrapcdn.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 02/05/2024 11:29:39
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 946
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 1e75b85e6b348a8f683009f0c08f6198
cdn-cache: HIT
cf-cache-status: HIT
age: 175094
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 864016acfe8c48c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.10.207:443RequestGET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/2.0
host: maxcdn.bootstrapcdn.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 19:43:16
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 951
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 17b0e93fd41b3d716e0c765b176b0694
cdn-cache: HIT
cf-cache-status: HIT
age: 70829
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 864016e70e3348c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://media.istockphoto.com/vectors/email-marketing-icon-vector-graphics-vector-id1257404830?k=20&m=1257404830&s=612x612&w=0&h=LOwm34ubd_vUzqIi5k3rxflh04NbZTZEnSTYSVmX2Jk=msedge.exeRemote address:18.155.129.27:443RequestGET /vectors/email-marketing-icon-vector-graphics-vector-id1257404830?k=20&m=1257404830&s=612x612&w=0&h=LOwm34ubd_vUzqIi5k3rxflh04NbZTZEnSTYSVmX2Jk= HTTP/1.1
Host: media.istockphoto.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Length: 23156
Connection: keep-alive
Date: Tue, 23 Jan 2024 00:48:09 GMT
Server: Kestrel
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=7776000
Last-Modified: Tue, 23 Jan 2024 00:48:09 GMT
Content-Disposition: inline; filename=istockphoto-1257404830-612x612.jpg
X-Cache: Hit from cloudfront
Via: 1.1 4d372e1de2b57074dc6d6ebb80786540.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P4
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: wNqJW8X32pxxzkvlY_sT-i9hoPUT98Vpok4I9JxlNotrRUUv2gNoOQ==
Age: 4404639
-
Remote address:8.8.8.8:53Request42.36.251.142.in-addr.arpaIN PTRResponse42.36.251.142.in-addr.arpaIN PTRams17s12-in-f101e100net
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A96.17.179.205a1952.dscq.akamai.netIN A96.17.179.184
-
Remote address:8.8.8.8:53Requestctldl.windowsupdate.comIN AResponsectldl.windowsupdate.comIN CNAMEwu-bg-shim.trafficmanager.netwu-bg-shim.trafficmanager.netIN CNAMEwu.azureedge.netwu.azureedge.netIN CNAMEwu.ec.azureedge.netwu.ec.azureedge.netIN CNAMEbg.apr-52dd2-0503.edgecastdns.netbg.apr-52dd2-0503.edgecastdns.netIN CNAMEhlb.apr-52dd2-0.edgecastdns.nethlb.apr-52dd2-0.edgecastdns.netIN CNAMEcs11.wpc.v0cdn.netcs11.wpc.v0cdn.netIN A93.184.221.240
-
Remote address:8.8.8.8:53Request35.36.251.142.in-addr.arpaIN PTRResponse35.36.251.142.in-addr.arpaIN PTRams17s12-in-f31e100net
-
Remote address:8.8.8.8:53Requesti.ibb.coIN AResponsei.ibb.coIN A162.19.58.158i.ibb.coIN A162.19.58.160i.ibb.coIN A162.19.58.159i.ibb.coIN A162.19.58.161i.ibb.coIN A162.19.58.157i.ibb.coIN A162.19.58.156
-
Remote address:8.8.8.8:53Request14.24.17.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request27.129.155.18.in-addr.arpaIN PTRResponse27.129.155.18.in-addr.arpaIN PTRserver-18-155-129-27cdg52r cloudfrontnet
-
Remote address:8.8.8.8:53Requestka-f.fontawesome.comIN AResponseka-f.fontawesome.comIN CNAMEka-f.fontawesome.com.cdn.cloudflare.netka-f.fontawesome.com.cdn.cloudflare.netIN A172.64.205.20ka-f.fontawesome.com.cdn.cloudflare.netIN A172.64.204.20
-
Remote address:8.8.8.8:53Request205.179.17.96.in-addr.arpaIN PTRResponse205.179.17.96.in-addr.arpaIN PTRa96-17-179-205deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestself.events.data.microsoft.comIN AResponseself.events.data.microsoft.comIN CNAMEself-events-data.trafficmanager.netself-events-data.trafficmanager.netIN CNAMEonedscolprdwus04.westus.cloudapp.azure.comonedscolprdwus04.westus.cloudapp.azure.comIN A20.189.173.5
-
Remote address:8.8.8.8:53Request76.140.162.3.in-addr.arpaIN PTRResponse76.140.162.3.in-addr.arpaIN PTRserver-3-162-140-76dub56r cloudfrontnet
-
Remote address:8.8.8.8:53Requestkit.fontawesome.comIN AResponsekit.fontawesome.comIN CNAMEkit.fontawesome.com.cdn.cloudflare.netkit.fontawesome.com.cdn.cloudflare.netIN A104.18.40.68kit.fontawesome.com.cdn.cloudflare.netIN A172.64.147.188
-
Remote address:8.8.8.8:53Request20.205.64.172.in-addr.arpaIN PTRResponse
-
Remote address:104.18.40.68:443RequestGET /585b051251.js HTTP/2.0
host: kit.fontawesome.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F7m1OFJlc8tusGHtIbSi
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 864016e21e496413-LHR
content-encoding: gzip
-
Remote address:199.36.158.100:443RequestGET /ucspqsuf8bxoiymvvdy5p6pp9uzvyqj/hover.css HTTP/2.0
host: runn1rnl8xzmqeh0kvov.web.app
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Thu, 14 Mar 2024 00:18:56 GMT
x-served-by: cache-lcy-eglc8600020-LCY
x-cache: HIT
x-cache-hits: 1
x-timer: S1710375537.983363,VS0,VE1
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10601
-
Remote address:172.64.205.20:443RequestGET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ce4a706a25130daedebcad96e5386a46.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: GV25Lhb19qvuyMyge1WXrGSHWA-FbNi7A9WD_vBQygAgVd4FZ3ZZyw==
age: 70850
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qy2Zb5i%2BzwvZHkqn2MU6jaAv14UNCQLYCw269SkAiRhIOW%2BH6Ms1H1WJr0GuImwcQjqNvTbBsaVy3BmdQ1I2vm1KEvOd4K9e6UyO02zZdFCFadtx9FAA00OSWEd8lHHPvhCeR%2BkzQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 864016e3a93a7193-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251msedge.exeRemote address:172.64.205.20:443RequestGET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: rWx-mMR3Av-9xy4G9AGkMfs1tIW0FwOS0L1afd6n7vVfKrtk_o9XTw==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVR2ssDPlV4DLs%2Brk1p6x%2FV%2BfV5DJr6RTWtS6tA2nHELbrj%2BT8qlAFsrvD1khDmWZdaIUOTqWOnRET9B0B4RjR6CtwAU53%2FuJ8AhYB0jwYfBYqLEaSC1mlsc2A6hkxt2W1m4XwEsmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 864016e3a9387193-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:162.19.58.158:443RequestGET /0fSNxpr/imgonline-com-ua-exifedit-TN1-PVe8jklc-C.jpg HTTP/2.0
host: i.ibb.co
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Thu, 14 Mar 2024 00:18:57 GMT
content-type: image/jpeg
content-length: 36895
last-modified: Sat, 13 May 2023 14:37:38 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cache-control: public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
-
Remote address:96.17.179.205:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 14 Mar 2024 01:18:57 GMT
Date: Thu, 14 Mar 2024 00:18:57 GMT
Connection: keep-alive
-
Remote address:151.101.194.137:443RequestGET /jquery-3.2.1.slim.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 14 Mar 2024 00:18:57 GMT
age: 15471739
x-served-by: cache-lga21963-LGA, cache-lcy-eglc8600069-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 37884
x-timer: S1710375538.818877,VS0,VE0
vary: Accept-Encoding
content-length: 23856
-
Remote address:104.17.24.14:443RequestGET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://penca-cbd8.ilodnswfalen.workers.dev
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 187973
expires: Tue, 04 Mar 2025 00:18:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lF3pgWXOAzmqfH%2BJ9yNZeLRCJOOe7GEfrBMIIIkA1Mq6HavS3B8HTyz3xkGPC04ddNvrxtAoek%2FaBXmEYW3RCNCoROpLdHrRbu8NaC97VQFrD5j5rUmy1rEKXfsHCkbxS58CYRdy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 864016e7adbe641e-LHR
alt-svc: h3=":443"; ma=86400
-
104.21.73.199:443https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57tls, http2msedge.exe15.0kB 681.1kB 295 524
HTTP Request
GET https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57HTTP Response
200 -
989 B 5.1kB 9 8
-
3.3kB 73.3kB 45 67
HTTP Request
GET https://code.jquery.com/jquery-3.4.1.min.jsHTTP Response
200HTTP Request
GET https://code.jquery.com/jquery-3.1.1.min.jsHTTP Response
200 -
172.217.23.202:443https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jstls, http2msedge.exe2.7kB 38.0kB 33 35
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js -
104.103.241.197:443https://images.sftcdn.net/images/t_app-icon-m/p/1c15b909-815a-41d4-96ec-4b5e49df2bf5/1368911181/adobe-document-cloud-adobe_document_cloud_icon.jpgtls, http2msedge.exe2.0kB 10.5kB 19 22
HTTP Request
GET https://images.sftcdn.net/images/t_app-icon-m/p/1c15b909-815a-41d4-96ec-4b5e49df2bf5/1368911181/adobe-document-cloud-adobe_document_cloud_icon.jpgHTTP Response
200 -
142.250.179.174:443https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT_nWscHt0NMdQ4G2yJql7JkGXaouoS5bKezYi3ioReBoW1VJo5gpINKDkf8ShxbjobVfs&usqp=CAUtls, http2msedge.exe2.2kB 12.8kB 19 23
HTTP Request
GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSji3uKkCIRNa58VvKNMk1J-nCZF2gpyVTw8h6jbk5Z3PKiV7Lxt0ZVOCJGcEs8a6gRfkY&usqp=CAUHTTP Request
GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT_nWscHt0NMdQ4G2yJql7JkGXaouoS5bKezYi3ioReBoW1VJo5gpINKDkf8ShxbjobVfs&usqp=CAU -
104.18.10.207:443https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jstls, http2msedge.exe2.9kB 43.5kB 37 46
HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.cssHTTP Response
200HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsHTTP Response
200 -
18.155.129.27:443https://media.istockphoto.com/vectors/email-marketing-icon-vector-graphics-vector-id1257404830?k=20&m=1257404830&s=612x612&w=0&h=LOwm34ubd_vUzqIi5k3rxflh04NbZTZEnSTYSVmX2Jk=tls, httpmsedge.exe2.2kB 31.1kB 20 29
HTTP Request
GET https://media.istockphoto.com/vectors/email-marketing-icon-vector-graphics-vector-id1257404830?k=20&m=1257404830&s=612x612&w=0&h=LOwm34ubd_vUzqIi5k3rxflh04NbZTZEnSTYSVmX2Jk=HTTP Response
200 -
1.8kB 9.3kB 15 17
HTTP Request
GET https://kit.fontawesome.com/585b051251.jsHTTP Response
200 -
199.36.158.100:443https://runn1rnl8xzmqeh0kvov.web.app/ucspqsuf8bxoiymvvdy5p6pp9uzvyqj/hover.csstls, http2msedge.exe2.0kB 17.6kB 20 24
HTTP Request
GET https://runn1rnl8xzmqeh0kvov.web.app/ucspqsuf8bxoiymvvdy5p6pp9uzvyqj/hover.cssHTTP Response
404 -
172.64.205.20:443https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251tls, http2msedge.exe2.2kB 24.7kB 23 31
HTTP Request
GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251HTTP Request
GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251HTTP Response
200HTTP Response
200 -
989 B 5.1kB 9 8
-
162.19.58.158:443https://i.ibb.co/0fSNxpr/imgonline-com-ua-exifedit-TN1-PVe8jklc-C.jpgtls, http2msedge.exe2.9kB 44.7kB 39 45
HTTP Request
GET https://i.ibb.co/0fSNxpr/imgonline-com-ua-exifedit-TN1-PVe8jklc-C.jpgHTTP Response
200 -
416 B 1.6kB 6 5
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
2.6kB 32.0kB 31 34
HTTP Request
GET https://code.jquery.com/jquery-3.2.1.slim.min.jsHTTP Response
200 -
104.17.24.14:443https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jstls, http2msedge.exe1.8kB 10.3kB 14 17
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsHTTP Response
200
-
632 B 1.2kB 9 9
DNS Request
penca-cbd8.ilodnswfalen.workers.dev
DNS Response
104.21.73.199172.67.165.206
DNS Request
71.159.190.20.in-addr.arpa
DNS Request
code.jquery.com
DNS Response
151.101.194.137151.101.66.137151.101.2.137151.101.130.137
DNS Request
images.sftcdn.net
DNS Response
104.103.241.197
DNS Request
fonts.gstatic.com
DNS Response
142.251.36.35
DNS Request
197.241.103.104.in-addr.arpa
DNS Request
runn1rnl8xzmqeh0kvov.web.app
DNS Response
199.36.158.100
DNS Request
158.58.19.162.in-addr.arpa
DNS Request
23.236.111.52.in-addr.arpa
-
484 B 912 B 7 7
DNS Request
61.179.17.96.in-addr.arpa
DNS Request
137.194.101.151.in-addr.arpa
DNS Request
maxcdn.bootstrapcdn.com
DNS Response
104.18.10.207104.18.11.207
DNS Request
x.ss2.us
DNS Response
3.162.140.763.162.140.653.162.140.883.162.140.79
DNS Request
207.10.18.104.in-addr.arpa
DNS Request
100.158.36.199.in-addr.arpa
DNS Request
5.173.189.20.in-addr.arpa
-
508 B 8
-
3.8kB 10.9kB 10 13
-
205 B 554 B 3 3
DNS Request
42.36.251.142.in-addr.arpa
DNS Request
apps.identrust.com
DNS Response
96.17.179.20596.17.179.184
DNS Request
ctldl.windowsupdate.com
DNS Response
93.184.221.240
-
197 B 393 B 3 3
DNS Request
35.36.251.142.in-addr.arpa
DNS Request
i.ibb.co
DNS Response
162.19.58.158162.19.58.160162.19.58.159162.19.58.161162.19.58.157162.19.58.156
DNS Request
14.24.17.104.in-addr.arpa
-
286 B 611 B 4 4
DNS Request
27.129.155.18.in-addr.arpa
DNS Request
ka-f.fontawesome.com
DNS Response
172.64.205.20172.64.204.20
DNS Request
205.179.17.96.in-addr.arpa
DNS Request
self.events.data.microsoft.com
DNS Response
20.189.173.5
-
208 B 410 B 3 3
DNS Request
76.140.162.3.in-addr.arpa
DNS Request
kit.fontawesome.com
DNS Response
104.18.40.68172.64.147.188
DNS Request
20.205.64.172.in-addr.arpa
-
4.1kB 19.7kB 15 19
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5caaacbd78b8e7ebc636ff19241b2b13d
SHA14435edc68c0594ebb8b0aa84b769d566ad913bc8
SHA256989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a
SHA512c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc
-
Filesize
152B
MD57c194bbd45fc5d3714e8db77e01ac25a
SHA1e758434417035cccc8891d516854afb4141dd72a
SHA256253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3
SHA512aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD5a25976048aa753630ca410d6edb414ba
SHA1d01e1627a6cf70e304e56d33e5f12fc704e5f51a
SHA25630310c90e85cb29fb3d09a44972fd58113d5de0a7a1ade27c1edf152e1b0e7fc
SHA51200a68b487a39ade5bf6b0b9bde45bbcfeecc8c4b19aa8e379f6ab7aeba39098a6262dd54fc613a234a7773926af01780691011fab2ffc9571570eb9626fe17ab
-
Filesize
1KB
MD50018128461b9cf330d8e2943acf90d62
SHA1f302cb83dfcae2025bffea113d3a8e8f5aef3b7c
SHA256494e0b78109cb5e809c6542b93f452afa988e59e0d59663343a3a9b0146f920e
SHA5127e5d3901367fb58b5005a28d8e51b11b54a80dfdc4c2f5e7b87d10d5688bb2852236f721038e2fddcbf8d03d6fa8e5eb5982eebb509b589c92503599c2b36adc
-
Filesize
5KB
MD53e4b33ca082050ecf64c61be26ea1f39
SHA12b10fca7dd20835a570c05ea9001165200a0707c
SHA256a3792f8a42058c79cc7e56ef18f01384f1dce0cb3f326106409fe5d640e9efb1
SHA512cea3b64262056a7cc63f3c32995e4119c0c3df681cd9da78fdd635fca691a7941bf33e36c076ce5ec4959f634d44d853c39909b50dac69961d4c0a8e33cf14f3
-
Filesize
6KB
MD5a482aee245ec1789868a23d8d745cc7a
SHA116a643fab85ddbd702e5e0f7d752f18f9a0aeab7
SHA256c3e1451014d6fe713b4e6567f4d4f845a7c1c05738ffa5b08e0262eb82d3489a
SHA512ca0d15baf8f3f292b62982288e2f555ef1af755c2d650a2b55decd093d2ea02aff6e84237f8e6e10c7f3a5d3b275127de764d8d6ee271c705499de80c31dba7d
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5b3d7ee915a18683bc5b2b455cf18fb02
SHA1259a60f05f9b07f3219cb784a001e9d9c34db72b
SHA2565b93922ef2546c01c08c12496d97eebaf7ae7690ec46e4a0856df595244481aa
SHA5121647c5d99d27a0e0cb8f36a951d3803c325540354c5a5c150d6490da363b235ecb7f963910f348326558037b41e865744be8acb16e46eea0e5b7882e6f8df7f2