Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 09:29 UTC

General

  • Target

    fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html

  • Size

    91KB

  • MD5

    fa01e41af84eb41076a5df4a6682c865

  • SHA1

    d151aab181d2eb0729a3f3cb4eda41344ab15608

  • SHA256

    5cb163ef054ff77abd500bff4b07cebda5a0190a7145eb00d633e1be05667cd6

  • SHA512

    2796df827f23b6683bb0b51db645a7c5295a98ca7fe43a2cf4fc5c36ff572530e87daeca96f748fcd0dc7d878c5dc2585635a81a47dfb8c64dd7d3c34f59674f

  • SSDEEP

    1536:k8SI4H2XAhKOUYIuVFwr6jfedyScDV12xaLYHhOoNqPfvYMc4If:aH2XLG9Cy5DVb/Y94If

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b1b46f8,0x7fff5b1b4708,0x7fff5b1b4718
      2⤵
        PID:1228
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:1172
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2160
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
          2⤵
            PID:4900
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:2792
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:1676
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1132 /prefetch:1
                2⤵
                  PID:4576
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
                  2⤵
                    PID:3708
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2312
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                    2⤵
                      PID:4140
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                      2⤵
                        PID:4460
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5808 /prefetch:8
                        2⤵
                          PID:4340
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                          2⤵
                            PID:4076
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                            2⤵
                              PID:1324
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2492
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1572
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3500
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x2f0 0x304
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1288

                              Network

                              • flag-us
                                DNS
                                20.160.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                20.160.190.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.210.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.210.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                ajax.googleapis.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ajax.googleapis.com
                                IN A
                                Response
                                ajax.googleapis.com
                                IN A
                                142.250.179.234
                              • flag-us
                                DNS
                                s.w.org
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                s.w.org
                                IN A
                                Response
                                s.w.org
                                IN A
                                192.0.77.48
                              • flag-us
                                DNS
                                go.oclasrv.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                go.oclasrv.com
                                IN A
                                Response
                                go.oclasrv.com
                                IN A
                                139.45.197.237
                              • flag-gb
                                GET
                                https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3
                                msedge.exe
                                Remote address:
                                142.250.179.234:443
                                Request
                                GET /ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3 HTTP/2.0
                                host: ajax.googleapis.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
                                msedge.exe
                                Remote address:
                                142.250.179.234:443
                                Request
                                GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/2.0
                                host: ajax.googleapis.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                234.179.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                234.179.250.142.in-addr.arpa
                                IN PTR
                                Response
                                234.179.250.142.in-addr.arpa
                                IN PTR
                                lhr25s31-in-f101e100net
                              • flag-us
                                DNS
                                g.bing.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                g.bing.com
                                IN A
                                Response
                                g.bing.com
                                IN CNAME
                                g-bing-com.dual-a-0034.a-msedge.net
                                g-bing-com.dual-a-0034.a-msedge.net
                                IN CNAME
                                dual-a-0034.a-msedge.net
                                dual-a-0034.a-msedge.net
                                IN A
                                204.79.197.237
                                dual-a-0034.a-msedge.net
                                IN A
                                13.107.21.237
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19; domain=.bing.com; expires=Wed, 14-May-2025 09:29:27 GMT; path=/; SameSite=None; Secure; Priority=High;
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 875E42F059314884A44780B7BD7672D1 Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
                                date: Fri, 19 Apr 2024 09:29:26 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MSPTC=zNaPYbxWOuZrG5_R-o2YHDfXbHDYnKNanx9KioKsWn4; domain=.bing.com; expires=Wed, 14-May-2025 09:29:27 GMT; path=/; Partitioned; secure; SameSite=None
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 76F16E5A09C441E1A9B479C77816BEE4 Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
                                date: Fri, 19 Apr 2024 09:29:26 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19; MSPTC=zNaPYbxWOuZrG5_R-o2YHDfXbHDYnKNanx9KioKsWn4
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 09DFA73124CB4696956B701E71BE0C8A Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
                                date: Fri, 19 Apr 2024 09:29:26 GMT
                              • flag-us
                                DNS
                                241.154.82.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                241.154.82.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                21.114.53.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                21.114.53.23.in-addr.arpa
                                IN PTR
                                Response
                                21.114.53.23.in-addr.arpa
                                IN PTR
                                a23-53-114-21deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                57.169.31.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                57.169.31.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                go.oclasrv.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                go.oclasrv.com
                                IN A
                                Response
                                go.oclasrv.com
                                IN A
                                139.45.197.237
                              • flag-us
                                DNS
                                inpagepush.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                inpagepush.com
                                IN A
                                Response
                                inpagepush.com
                                IN A
                                139.45.197.237
                              • flag-us
                                DNS
                                inpagepush.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                inpagepush.com
                                IN A
                                Response
                                inpagepush.com
                                IN A
                                139.45.197.237
                              • flag-us
                                DNS
                                86.23.85.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                86.23.85.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                171.39.242.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                171.39.242.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                240.221.184.93.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                240.221.184.93.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                image.filemanager.work
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                image.filemanager.work
                                IN A
                                Response
                                image.filemanager.work
                                IN A
                                172.67.164.53
                                image.filemanager.work
                                IN A
                                104.21.34.195
                              • flag-us
                                GET
                                https://image.filemanager.work/backdrop/backdrop-tt11079148.jpg
                                msedge.exe
                                Remote address:
                                172.67.164.53:443
                                Request
                                GET /backdrop/backdrop-tt11079148.jpg HTTP/2.0
                                host: image.filemanager.work
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 301
                                date: Fri, 19 Apr 2024 09:30:08 GMT
                                content-type: text/html
                                content-length: 167
                                location: https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg
                                cache-control: max-age=3600
                                expires: Fri, 19 Apr 2024 10:30:08 GMT
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjvFv2yT279lQUg4Er8llGQMaxeeYgYJp3sJSXgxAzFYdq186w%2Fd%2BO3iSJvXvxFI7HMZ3FlcZprlRSQGtjjYF7C6gMeuLRgM9xzBH9%2BTVkwTbi9I8hg%2BF53w%2FZWOYvMJ1bHjZKpANVKd"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 876bdfcafdf06540-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://image.filemanager.work/poster/tt11079148.jpg
                                msedge.exe
                                Remote address:
                                172.67.164.53:443
                                Request
                                GET /poster/tt11079148.jpg HTTP/2.0
                                host: image.filemanager.work
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 301
                                date: Fri, 19 Apr 2024 09:30:08 GMT
                                content-type: text/html
                                content-length: 167
                                location: https://filmapikofficial.com/poster/tt11079148.jpg
                                cache-control: max-age=3600
                                expires: Fri, 19 Apr 2024 10:30:08 GMT
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPLFHD4EOGpsVF%2BfGMM22XstYG%2BXu6ZDprJhHp8MG5q97QUwWwpZU1tPMHQ5uaEudvMOfSX9CBn2XhcIy1M6R9sZs9PPOMrmI0rFqwfefdfHAZjkTd4A8WxlS%2F2pjrwohvvnGVmNIxIS"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 876bdfcafdf36540-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://image.filemanager.work/poster/tt11079148.jpg
                                msedge.exe
                                Remote address:
                                172.67.164.53:443
                                Request
                                GET /poster/tt11079148.jpg HTTP/2.0
                                host: image.filemanager.work
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 301
                                date: Fri, 19 Apr 2024 09:30:31 GMT
                                content-type: text/html
                                content-length: 167
                                location: https://filmapikofficial.com/poster/tt11079148.jpg
                                cache-control: max-age=3600
                                expires: Fri, 19 Apr 2024 10:30:31 GMT
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5G%2BA7qyvFmXIM7jk4MM%2Fpz0dFG1bEhsxisOnSKMXQ8dWaZLLOIQ%2BqZPacvYnPMthlCftCgoDkR2DmWAAivOOgqV6%2BlyBbLFtbbNPGxk9b8rGpQ8plr8t3w4LRfKjgtw%2B74ORh6v5m%2Bo7"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 876be05de8fe6540-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                DNS
                                filmapikofficial.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                filmapikofficial.com
                                IN A
                                Response
                                filmapikofficial.com
                                IN A
                                172.67.223.237
                                filmapikofficial.com
                                IN A
                                104.21.32.156
                              • flag-us
                                GET
                                https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg
                                msedge.exe
                                Remote address:
                                172.67.223.237:443
                                Request
                                GET /backdrop/backdrop-tt11079148.jpg HTTP/2.0
                                host: filmapikofficial.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Fri, 19 Apr 2024 09:30:09 GMT
                                content-type: image/jpeg
                                content-length: 30358
                                last-modified: Wed, 09 Sep 2020 07:35:17 GMT
                                etag: "5f5885b5-7696"
                                expires: Sun, 19 May 2024 09:27:21 GMT
                                cache-control: max-age=2678400
                                cf-cache-status: MISS
                                accept-ranges: bytes
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpjftFi%2F6SHomEmP4ygGV72eqEuoS5gayTaqXhhRijzHYf9BdQPNvVDhU7ZjHu3qSbIozE6NFDIfQbgCRtTMQpWzasPpjvZzcHUNKqbG9O0N1Xf4g6sugxj%2BwTYsldqvishFk8oOfg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 876bdfcd4fff9492-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://filmapikofficial.com/poster/tt11079148.jpg
                                msedge.exe
                                Remote address:
                                172.67.223.237:443
                                Request
                                GET /poster/tt11079148.jpg HTTP/2.0
                                host: filmapikofficial.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Fri, 19 Apr 2024 09:30:09 GMT
                                content-type: image/jpeg
                                content-length: 44321
                                last-modified: Wed, 09 Sep 2020 07:35:17 GMT
                                etag: "5f5885b5-ad21"
                                expires: Sun, 19 May 2024 09:27:21 GMT
                                cache-control: max-age=2678400
                                cf-cache-status: MISS
                                accept-ranges: bytes
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6Hl7E166f0DGl5YSs%2BCLgy9Wgq4qjOnyCHTEgI6JWLK%2BS1a2%2FlHDC74YuXehul4SQlbXGHxPrkF4S6zuYOaCsxZh13xpbkob5xqMheE2BLXk28Q4tBOn867zML1MR%2BTMY5cbxSOOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 876bdfcd3ffe9492-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://filmapikofficial.com/poster/tt11079148.jpg
                                msedge.exe
                                Remote address:
                                172.67.223.237:443
                                Request
                                GET /poster/tt11079148.jpg HTTP/2.0
                                host: filmapikofficial.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Fri, 19 Apr 2024 09:30:32 GMT
                                content-type: image/jpeg
                                content-length: 30358
                                last-modified: Wed, 09 Sep 2020 07:35:17 GMT
                                etag: "5f5885b5-7696"
                                expires: Sun, 19 May 2024 09:27:21 GMT
                                cache-control: max-age=2678400
                                cf-cache-status: HIT
                                age: 23
                                accept-ranges: bytes
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iT5tsxfMLNIpeOD3QaJRjMWFNocALlNjn7e9dZIgUS7Un55kIusuO5YnvwVbpkpLsajwVzJsFTjGHu9Q0rksDwytiu8PEgWXRHto9ujJLx7OGZWwmh%2F%2BJ4YZM9%2BXLnm0XJtojKGxFw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 876be05e392c9492-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                DNS
                                apps.identrust.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                apps.identrust.com
                                IN A
                                Response
                                apps.identrust.com
                                IN CNAME
                                identrust.edgesuite.net
                                identrust.edgesuite.net
                                IN CNAME
                                a1952.dscq.akamai.net
                                a1952.dscq.akamai.net
                                IN A
                                23.14.90.73
                                a1952.dscq.akamai.net
                                IN A
                                23.14.90.91
                              • flag-be
                                GET
                                http://apps.identrust.com/roots/dstrootcax3.p7c
                                msedge.exe
                                Remote address:
                                23.14.90.73:80
                                Request
                                GET /roots/dstrootcax3.p7c HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: apps.identrust.com
                                Response
                                HTTP/1.1 200 OK
                                X-XSS-Protection: 1; mode=block
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                X-Robots-Tag: noindex
                                Referrer-Policy: same-origin
                                Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                                ETag: "37d-6079b8c0929c0"
                                Accept-Ranges: bytes
                                Content-Length: 893
                                X-Content-Type-Options: nosniff
                                X-Frame-Options: sameorigin
                                Content-Type: application/pkcs7-mime
                                Cache-Control: max-age=3600
                                Expires: Fri, 19 Apr 2024 10:30:08 GMT
                                Date: Fri, 19 Apr 2024 09:30:08 GMT
                                Connection: keep-alive
                              • flag-us
                                DNS
                                53.164.67.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                53.164.67.172.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                104.201.58.216.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                104.201.58.216.in-addr.arpa
                                IN PTR
                                Response
                                104.201.58.216.in-addr.arpa
                                IN PTR
                                lhr48s48-in-f81e100net
                                104.201.58.216.in-addr.arpa
                                IN PTR
                                prg03s02-in-f104�H
                                104.201.58.216.in-addr.arpa
                                IN PTR
                                prg03s02-in-f8�H
                              • flag-us
                                DNS
                                237.223.67.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.223.67.172.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                73.90.14.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                73.90.14.23.in-addr.arpa
                                IN PTR
                                Response
                                73.90.14.23.in-addr.arpa
                                IN PTR
                                a23-14-90-73deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                216.197.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                216.197.17.2.in-addr.arpa
                                IN PTR
                                Response
                                216.197.17.2.in-addr.arpa
                                IN PTR
                                a2-17-197-216deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                fa.efek.stream
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                fa.efek.stream
                                IN A
                                Response
                                fa.efek.stream
                                IN A
                                111.90.158.170
                              • flag-my
                                GET
                                https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ== HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                sec-ch-ua-mobile: ?0
                                upgrade-insecure-requests: 1
                                dnt: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: cross-site
                                sec-fetch-mode: navigate
                                sec-fetch-dest: iframe
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: text/html; charset=UTF-8
                                vary: Accept-Encoding
                                set-cookie: PHPSESSID=c86ekgg1puqg6bao758kcqhad1; path=/
                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                cache-control: no-store, no-cache, must-revalidate
                                pragma: no-cache
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/theme/assets/css/player.css?v=1713518862
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /theme/assets/css/player.css?v=1713518862 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: text/css,*/*;q=0.1
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: style
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: text/css
                                last-modified: Wed, 07 Apr 2021 15:15:32 GMT
                                vary: Accept-Encoding
                                etag: W/"606dcc94-c9b"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/file.js?v=4fsa
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /file.js?v=4fsa HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 01 Mar 2023 14:34:19 GMT
                                vary: Accept-Encoding
                                etag: W/"63ff626b-18d51"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/d.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/d.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                content-length: 256
                                last-modified: Thu, 16 Dec 2021 08:41:14 GMT
                                etag: "61bafbaa-100"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                accept-ranges: bytes
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/dai.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/dai.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 15 Sep 2021 10:51:21 GMT
                                vary: Accept-Encoding
                                etag: W/"6141d029-1fbb"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/freewheel.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/freewheel.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 15 Sep 2021 10:50:42 GMT
                                vary: Accept-Encoding
                                etag: W/"6141d002-6f34"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/gapro.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/gapro.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 15 Sep 2021 10:50:46 GMT
                                vary: Accept-Encoding
                                etag: W/"6141d006-843"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/googima.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/googima.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 15 Sep 2021 10:50:37 GMT
                                vary: Accept-Encoding
                                etag: W/"6141cffd-f5c2"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/jwpsrv.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/jwpsrv.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 15 Sep 2021 10:50:27 GMT
                                vary: Accept-Encoding
                                etag: W/"6141cff3-dd4b"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/jw/vast.js?v=123
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /jw/vast.js?v=123 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:42 GMT
                                content-type: application/javascript
                                last-modified: Wed, 15 Sep 2021 10:51:11 GMT
                                vary: Accept-Encoding
                                etag: W/"6141d01f-1ae06"
                                expires: Fri, 19 Apr 2024 21:27:42 GMT
                                cache-control: max-age=43200
                                strict-transport-security: max-age=31536000
                                content-encoding: gzip
                              • flag-my
                                GET
                                https://fa.efek.stream/theme/static/icons/menu.png
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /theme/static/icons/menu.png HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:44 GMT
                                content-type: image/png
                                content-length: 19864
                                last-modified: Wed, 07 Apr 2021 15:15:34 GMT
                                etag: "606dcc96-4d98"
                                expires: Sun, 19 May 2024 09:27:44 GMT
                                cache-control: max-age=2592000
                                strict-transport-security: max-age=31536000
                                accept-ranges: bytes
                              • flag-my
                                GET
                                https://fa.efek.stream/uploads/
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /uploads/ HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 403
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:44 GMT
                                content-type: text/html
                                content-length: 548
                              • flag-my
                                GET
                                https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001
                                msedge.exe
                                Remote address:
                                111.90.158.170:443
                                Request
                                GET /stream/720/EwS8m4lCgp5asyI/__001 HTTP/2.0
                                host: fa.efek.stream
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                accept-encoding: identity;q=1, *;q=0
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: video
                                referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
                                accept-language: en-US,en;q=0.9
                                range: bytes=0-
                                Response
                                HTTP/2.0 302
                                server: nginx
                                date: Fri, 19 Apr 2024 09:27:51 GMT
                                content-type: text/html; charset=UTF-8
                                location: https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001
                                strict-transport-security: max-age=31536000
                              • flag-us
                                DNS
                                zukxd6fkxqn.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                zukxd6fkxqn.com
                                IN A
                                Response
                                zukxd6fkxqn.com
                                IN A
                                103.224.182.251
                              • flag-us
                                DNS
                                14.213.58.216.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                14.213.58.216.in-addr.arpa
                                IN PTR
                                Response
                                14.213.58.216.in-addr.arpa
                                IN PTR
                                ber01s14-in-f141e100net
                                14.213.58.216.in-addr.arpa
                                IN PTR
                                lhr25s25-in-f14�H
                              • flag-us
                                DNS
                                170.158.90.111.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                170.158.90.111.in-addr.arpa
                                IN PTR
                                Response
                                170.158.90.111.in-addr.arpa
                                IN PTR
                                server1kamonla
                              • flag-us
                                DNS
                                code.jquery.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                code.jquery.com
                                IN A
                                Response
                                code.jquery.com
                                IN A
                                151.101.194.137
                                code.jquery.com
                                IN A
                                151.101.66.137
                                code.jquery.com
                                IN A
                                151.101.130.137
                                code.jquery.com
                                IN A
                                151.101.2.137
                              • flag-us
                                GET
                                https://code.jquery.com/jquery-3.5.1.min.js
                                msedge.exe
                                Remote address:
                                151.101.194.137:443
                                Request
                                GET /jquery-3.5.1.min.js HTTP/2.0
                                host: code.jquery.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                origin: https://fa.efek.stream
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                dnt: 1
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                content-type: application/javascript; charset=utf-8
                                last-modified: Fri, 18 Oct 1991 12:00:00 GMT
                                etag: W/"28feccc0-15d84"
                                cache-control: public, max-age=31536000, stale-while-revalidate=604800
                                access-control-allow-origin: *
                                content-encoding: gzip
                                via: 1.1 varnish, 1.1 varnish
                                accept-ranges: bytes
                                date: Fri, 19 Apr 2024 09:30:30 GMT
                                age: 2144459
                                x-served-by: cache-lga21981-LGA, cache-lcy-eglc8600051-LCY
                                x-cache: HIT, HIT
                                x-cache-hits: 55, 143348
                                x-timer: S1713519030.423179,VS0,VE0
                                vary: Accept-Encoding
                                content-length: 30879
                              • flag-us
                                DNS
                                137.194.101.151.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                137.194.101.151.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                137.194.101.151.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                137.194.101.151.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                eq.avodireexcuser.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                eq.avodireexcuser.com
                                IN A
                                Response
                                eq.avodireexcuser.com
                                IN CNAME
                                wynvalur.com
                                wynvalur.com
                                IN A
                                23.109.170.127
                                wynvalur.com
                                IN A
                                23.109.170.59
                                wynvalur.com
                                IN A
                                23.109.170.34
                                wynvalur.com
                                IN A
                                23.109.170.153
                                wynvalur.com
                                IN A
                                23.109.170.72
                                wynvalur.com
                                IN A
                                94.242.236.130
                              • flag-us
                                DNS
                                eq.avodireexcuser.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                eq.avodireexcuser.com
                                IN A
                                Response
                                eq.avodireexcuser.com
                                IN CNAME
                                wynvalur.com
                                wynvalur.com
                                IN A
                                23.109.170.127
                                wynvalur.com
                                IN A
                                23.109.170.59
                                wynvalur.com
                                IN A
                                23.109.170.34
                                wynvalur.com
                                IN A
                                23.109.170.153
                                wynvalur.com
                                IN A
                                23.109.170.72
                                wynvalur.com
                                IN A
                                94.242.236.130
                              • flag-nl
                                GET
                                https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525
                                msedge.exe
                                Remote address:
                                23.109.170.127:443
                                Request
                                GET /rfyqNUZeNhlQOsnS1/42525 HTTP/1.1
                                Host: eq.avodireexcuser.com
                                Connection: keep-alive
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                DNT: 1
                                sec-ch-ua-mobile: ?0
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: */*
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: script
                                Referer: https://fa.efek.stream/
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                Server: nginx
                                Date: Fri, 19 Apr 2024 09:30:31 GMT
                                Content-Type: application/javascript; charset=utf-8
                                Transfer-Encoding: chunked
                                Connection: keep-alive
                                Keep-Alive: timeout=20
                                Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
                                Access-Control-Allow-Credentials: true
                                Access-Control-Allow-Origin: https://fa.efek.stream
                                Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
                                Access-Control-Max-Age: 600
                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                Set-Cookie: GL_UI4=eJw9jU1OwzAYRPOfFprASDkAR3DSppAlC87AMnLsr8E0sSvHJOL2WEiwG8280QuCIKoeEK7ZHvEXb%2FE0sEEeBR1F3bXsxE9Nxy6MU8PppW3Pz2fs1dI7PkzkEuyWmVvXuzXBYSRNVoleGEkFHj3111y12XSCdLBcywLp7ImpQD5Ysy1kqxiJ5jMheZMj%2BZl%2FGouoa3xU2seQITJLFZd3yN%2BVlv5VHhDVrCyzAPe3ibuLsXOvZBYiHS2XhPAVO8EdjcZ%2BI5e0XJ25AWaS%2FT%2F%2FK423miGTtCrh3cZ9kP0BKYpNOQ%3D%3D; expires=Sat, 20-Apr-2024 09:30:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
                                Set-Cookie: GL_GI10=eJwVxMEKgkAQBuCdCYxAhL98AJ9A3Dp5TcRD0ckeQFyRhZyRdev5q8P3GWM4T8F%2BRWZrW9rKlueqLi81aAZ3V%2FAoyJ7i4%2BSKm5fZ6QIK2LWPDhwE%2B1bm1yAONCK5qzgVkMex6%2Fui0WV5ix%2BH6FU28M%2Bh0bBqGOIEWhMCR%2F2%2FudyAPsnpC19iIto%3D; expires=Sat, 20-Apr-2024 09:30:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
                                Content-Encoding: gzip
                                Vary: Accept-Encoding
                                Strict-Transport-Security: max-age=1
                                X-Content-Type-Options: nosniff
                              • flag-us
                                DNS
                                ssl.p.jwpcdn.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ssl.p.jwpcdn.com
                                IN A
                                Response
                                ssl.p.jwpcdn.com
                                IN CNAME
                                jwplayer-dualstack.map.fastly.net
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.2.114
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.66.114
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.130.114
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.194.114
                              • flag-us
                                DNS
                                ssl.p.jwpcdn.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ssl.p.jwpcdn.com
                                IN A
                                Response
                                ssl.p.jwpcdn.com
                                IN CNAME
                                jwplayer-dualstack.map.fastly.net
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.2.114
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.66.114
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.130.114
                                jwplayer-dualstack.map.fastly.net
                                IN A
                                151.101.194.114
                              • flag-us
                                DNS
                                entitlements.jwplayer.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                entitlements.jwplayer.com
                                IN A
                                Response
                                entitlements.jwplayer.com
                                IN CNAME
                                cs386.wpc.edgecastcdn.net
                                cs386.wpc.edgecastcdn.net
                                IN A
                                152.199.22.243
                              • flag-us
                                DNS
                                entitlements.jwplayer.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                entitlements.jwplayer.com
                                IN A
                                Response
                                entitlements.jwplayer.com
                                IN CNAME
                                cs386.wpc.edgecastcdn.net
                                cs386.wpc.edgecastcdn.net
                                IN A
                                152.199.22.243
                              • flag-us
                                GET
                                https://ssl.p.jwpcdn.com/player/v/8.8.2/jwplayer.core.controls.html5.js
                                msedge.exe
                                Remote address:
                                151.101.2.114:443
                                Request
                                GET /player/v/8.8.2/jwplayer.core.controls.html5.js HTTP/2.0
                                host: ssl.p.jwpcdn.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                cache-control: max-age=31536000, immutable
                                last-modified: Fri, 29 Mar 2019 23:26:35 GMT
                                etag: "71040b81c44a237abf39e05c76451830"
                                content-type: application/javascript
                                server: AmazonS3
                                content-encoding: gzip
                                accept-ranges: bytes
                                date: Fri, 19 Apr 2024 09:30:31 GMT
                                via: 1.1 varnish
                                age: 1484492
                                x-served-by: cache-lcy-eglc8600044-LCY
                                x-cache: HIT
                                x-cache-hits: 1316
                                x-timer: S1713519032.800156,VS0,VE0
                                vary: Accept-Encoding
                                access-control-allow-origin: *
                                content-length: 76169
                              • flag-us
                                GET
                                https://ssl.p.jwpcdn.com/player/v/8.8.2/related.js
                                msedge.exe
                                Remote address:
                                151.101.2.114:443
                                Request
                                GET /player/v/8.8.2/related.js HTTP/2.0
                                host: ssl.p.jwpcdn.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                cache-control: max-age=31536000, immutable
                                last-modified: Fri, 29 Mar 2019 23:26:40 GMT
                                etag: "1583406067dd52c5312be4a9bd82cebd"
                                content-type: application/javascript
                                server: AmazonS3
                                content-encoding: gzip
                                accept-ranges: bytes
                                date: Fri, 19 Apr 2024 09:30:31 GMT
                                via: 1.1 varnish
                                age: 1231644
                                x-served-by: cache-lcy-eglc8600044-LCY
                                x-cache: HIT
                                x-cache-hits: 2651
                                x-timer: S1713519032.800702,VS0,VE0
                                vary: Accept-Encoding
                                access-control-allow-origin: *
                                content-length: 26504
                              • flag-fr
                                GET
                                https://entitlements.jwplayer.com/GCCG.json
                                msedge.exe
                                Remote address:
                                152.199.22.243:443
                                Request
                                GET /GCCG.json HTTP/2.0
                                host: entitlements.jwplayer.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                origin: https://fa.efek.stream
                                sec-fetch-site: cross-site
                                sec-fetch-mode: cors
                                sec-fetch-dest: empty
                                referer: https://fa.efek.stream/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 400
                                accept-ranges: bytes
                                access-control-allow-origin: *
                                age: 41978
                                cache-control: max-age=1800, s-maxage=4680
                                content-type: application/json
                                date: Fri, 19 Apr 2024 09:30:31 GMT
                                last-modified: Thu, 18 Apr 2024 21:50:53 GMT
                                server: ECAcc (lhd/35D9)
                                x-cache: 400-HIT
                                content-length: 71
                              • flag-us
                                DNS
                                127.170.109.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                127.170.109.23.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                127.170.109.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                127.170.109.23.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                114.2.101.151.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                114.2.101.151.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                226.21.18.104.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                226.21.18.104.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                243.22.199.152.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                243.22.199.152.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                243.22.199.152.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                243.22.199.152.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                zukxd6fkxqn.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                zukxd6fkxqn.com
                                IN A
                                Response
                                zukxd6fkxqn.com
                                IN A
                                103.224.182.251
                              • flag-us
                                DNS
                                zukxd6fkxqn.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                zukxd6fkxqn.com
                                IN A
                                Response
                                zukxd6fkxqn.com
                                IN A
                                103.224.182.251
                              • flag-us
                                DNS
                                ar5.newsales.sbs
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ar5.newsales.sbs
                                IN A
                                Response
                                ar5.newsales.sbs
                                IN A
                                37.27.25.150
                              • flag-us
                                DNS
                                ar5.newsales.sbs
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ar5.newsales.sbs
                                IN A
                                Response
                                ar5.newsales.sbs
                                IN A
                                37.27.25.150
                              • flag-fi
                                GET
                                https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001
                                msedge.exe
                                Remote address:
                                37.27.25.150:443
                                Request
                                GET /stream/720/EwS8m4lCgp5asyI/__001 HTTP/2.0
                                host: ar5.newsales.sbs
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                accept-encoding: identity;q=1, *;q=0
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: video
                                referer: https://fa.efek.stream/
                                accept-language: en-US,en;q=0.9
                                range: bytes=0-
                                Response
                                HTTP/2.0 206
                                server: nginx
                                date: Fri, 19 Apr 2024 09:30:46 GMT
                                content-type: video/mp4
                                content-length: 658896145
                                accept-ranges: bytes
                                developed-by: CodySeller
                                content-disposition: attachment; filename="[FILMAPIK.info]-justice-league-dark-apokolips-war.mp4.mp4"
                                content-range: bytes 0-658896144/658896145
                                strict-transport-security: max-age=31536000
                              • flag-us
                                DNS
                                150.25.27.37.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                150.25.27.37.in-addr.arpa
                                IN PTR
                                Response
                                150.25.27.37.in-addr.arpa
                                IN PTR
                                static150252737clients your-serverde
                              • flag-us
                                DNS
                                150.25.27.37.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                150.25.27.37.in-addr.arpa
                                IN PTR
                                Response
                                150.25.27.37.in-addr.arpa
                                IN PTR
                                static150252737clients your-serverde
                              • flag-us
                                DNS
                                filmapik.pro
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                filmapik.pro
                                IN A
                                Response
                              • flag-us
                                DNS
                                filmapik.pro
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                filmapik.pro
                                IN A
                                Response
                              • flag-us
                                DNS
                                241.197.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                241.197.17.2.in-addr.arpa
                                IN PTR
                                Response
                                241.197.17.2.in-addr.arpa
                                IN PTR
                                a2-17-197-241deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                241.197.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                241.197.17.2.in-addr.arpa
                                IN PTR
                                Response
                                241.197.17.2.in-addr.arpa
                                IN PTR
                                a2-17-197-241deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                48.229.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                48.229.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                48.229.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                48.229.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 142.250.179.234:443
                                https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
                                tls, http2
                                msedge.exe
                                3.5kB
                                70.3kB
                                48
                                64

                                HTTP Request

                                GET https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3

                                HTTP Request

                                GET https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
                              • 139.45.197.237:445
                                go.oclasrv.com
                                260 B
                                5
                              • 204.79.197.237:443
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                                tls, http2
                                2.0kB
                                9.2kB
                                22
                                19

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                                HTTP Response

                                204
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 139.45.197.237:445
                                inpagepush.com
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 172.67.164.53:443
                                https://image.filemanager.work/poster/tt11079148.jpg
                                tls, http2
                                msedge.exe
                                2.1kB
                                7.6kB
                                18
                                23

                                HTTP Request

                                GET https://image.filemanager.work/backdrop/backdrop-tt11079148.jpg

                                HTTP Request

                                GET https://image.filemanager.work/poster/tt11079148.jpg

                                HTTP Response

                                301

                                HTTP Response

                                301

                                HTTP Request

                                GET https://image.filemanager.work/poster/tt11079148.jpg

                                HTTP Response

                                301
                              • 172.67.164.53:443
                                image.filemanager.work
                                tls, http2
                                msedge.exe
                                989 B
                                5.1kB
                                9
                                8
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 172.67.223.237:443
                                https://filmapikofficial.com/poster/tt11079148.jpg
                                tls, http2
                                msedge.exe
                                4.1kB
                                116.3kB
                                63
                                107

                                HTTP Request

                                GET https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg

                                HTTP Request

                                GET https://filmapikofficial.com/poster/tt11079148.jpg

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://filmapikofficial.com/poster/tt11079148.jpg

                                HTTP Response

                                200
                              • 172.67.223.237:443
                                filmapikofficial.com
                                tls, http2
                                msedge.exe
                                989 B
                                4.7kB
                                9
                                7
                              • 23.14.90.73:80
                                http://apps.identrust.com/roots/dstrootcax3.p7c
                                http
                                msedge.exe
                                468 B
                                1.7kB
                                7
                                6

                                HTTP Request

                                GET http://apps.identrust.com/roots/dstrootcax3.p7c

                                HTTP Response

                                200
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 111.90.158.170:443
                                https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001
                                tls, http2
                                msedge.exe
                                6.3kB
                                168.2kB
                                87
                                141

                                HTTP Request

                                GET https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==

                                HTTP Response

                                200

                                HTTP Request

                                GET https://fa.efek.stream/theme/assets/css/player.css?v=1713518862

                                HTTP Request

                                GET https://fa.efek.stream/file.js?v=4fsa

                                HTTP Request

                                GET https://fa.efek.stream/jw/d.js?v=123

                                HTTP Request

                                GET https://fa.efek.stream/jw/dai.js?v=123

                                HTTP Request

                                GET https://fa.efek.stream/jw/freewheel.js?v=123

                                HTTP Request

                                GET https://fa.efek.stream/jw/gapro.js?v=123

                                HTTP Request

                                GET https://fa.efek.stream/jw/googima.js?v=123

                                HTTP Request

                                GET https://fa.efek.stream/jw/jwpsrv.js?v=123

                                HTTP Request

                                GET https://fa.efek.stream/jw/vast.js?v=123

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://fa.efek.stream/theme/static/icons/menu.png

                                HTTP Response

                                200

                                HTTP Request

                                GET https://fa.efek.stream/uploads/

                                HTTP Request

                                GET https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001

                                HTTP Response

                                403

                                HTTP Response

                                302
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.194.171.18:80
                                msedge.exe
                                260 B
                                5
                              • 103.224.182.251:445
                                zukxd6fkxqn.com
                                260 B
                                5
                              • 111.90.158.170:443
                                fa.efek.stream
                                tls, http2
                                msedge.exe
                                1.1kB
                                4.3kB
                                10
                                11
                              • 151.101.194.137:443
                                https://code.jquery.com/jquery-3.5.1.min.js
                                tls, http2
                                msedge.exe
                                2.6kB
                                38.7kB
                                34
                                37

                                HTTP Request

                                GET https://code.jquery.com/jquery-3.5.1.min.js

                                HTTP Response

                                200
                              • 23.109.170.127:443
                                https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525
                                tls, http
                                msedge.exe
                                2.9kB
                                5.0kB
                                10
                                10

                                HTTP Request

                                GET https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525

                                HTTP Response

                                200
                              • 151.101.2.114:443
                                ssl.p.jwpcdn.com
                                tls
                                msedge.exe
                                989 B
                                5.6kB
                                9
                                10
                              • 151.101.2.114:443
                                https://ssl.p.jwpcdn.com/player/v/8.8.2/related.js
                                tls, http2
                                msedge.exe
                                4.1kB
                                112.1kB
                                64
                                89

                                HTTP Request

                                GET https://ssl.p.jwpcdn.com/player/v/8.8.2/jwplayer.core.controls.html5.js

                                HTTP Request

                                GET https://ssl.p.jwpcdn.com/player/v/8.8.2/related.js

                                HTTP Response

                                200

                                HTTP Response

                                200
                              • 152.199.22.243:443
                                https://entitlements.jwplayer.com/GCCG.json
                                tls, http2
                                msedge.exe
                                2.2kB
                                5.4kB
                                13
                                12

                                HTTP Request

                                GET https://entitlements.jwplayer.com/GCCG.json

                                HTTP Response

                                400
                              • 37.27.25.150:443
                                https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001
                                tls, http2
                                msedge.exe
                                31.6kB
                                1.8MB
                                663
                                1293

                                HTTP Request

                                GET https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001

                                HTTP Response

                                206
                              • 8.8.8.8:53
                                20.160.190.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                20.160.190.20.in-addr.arpa

                              • 8.8.8.8:53
                                172.210.232.199.in-addr.arpa
                                dns
                                74 B
                                128 B
                                1
                                1

                                DNS Request

                                172.210.232.199.in-addr.arpa

                              • 8.8.8.8:53
                                ajax.googleapis.com
                                dns
                                msedge.exe
                                65 B
                                81 B
                                1
                                1

                                DNS Request

                                ajax.googleapis.com

                                DNS Response

                                142.250.179.234

                              • 8.8.8.8:53
                                s.w.org
                                dns
                                msedge.exe
                                53 B
                                69 B
                                1
                                1

                                DNS Request

                                s.w.org

                                DNS Response

                                192.0.77.48

                              • 8.8.8.8:53
                                go.oclasrv.com
                                dns
                                60 B
                                76 B
                                1
                                1

                                DNS Request

                                go.oclasrv.com

                                DNS Response

                                139.45.197.237

                              • 8.8.8.8:53
                                234.179.250.142.in-addr.arpa
                                dns
                                74 B
                                113 B
                                1
                                1

                                DNS Request

                                234.179.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                g.bing.com
                                dns
                                56 B
                                151 B
                                1
                                1

                                DNS Request

                                g.bing.com

                                DNS Response

                                204.79.197.237
                                13.107.21.237

                              • 8.8.8.8:53
                                241.154.82.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                241.154.82.20.in-addr.arpa

                              • 8.8.8.8:53
                                237.197.79.204.in-addr.arpa
                                dns
                                73 B
                                143 B
                                1
                                1

                                DNS Request

                                237.197.79.204.in-addr.arpa

                              • 8.8.8.8:53
                                21.114.53.23.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                21.114.53.23.in-addr.arpa

                              • 8.8.8.8:53
                                57.169.31.20.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                57.169.31.20.in-addr.arpa

                              • 8.8.8.8:53
                                go.oclasrv.com
                                dns
                                60 B
                                76 B
                                1
                                1

                                DNS Request

                                go.oclasrv.com

                                DNS Response

                                139.45.197.237

                              • 224.0.0.251:5353
                                msedge.exe
                                456 B
                                7
                              • 8.8.8.8:53
                                inpagepush.com
                                dns
                                60 B
                                76 B
                                1
                                1

                                DNS Request

                                inpagepush.com

                                DNS Response

                                139.45.197.237

                              • 8.8.8.8:53
                                inpagepush.com
                                dns
                                60 B
                                76 B
                                1
                                1

                                DNS Request

                                inpagepush.com

                                DNS Response

                                139.45.197.237

                              • 8.8.8.8:53
                                86.23.85.13.in-addr.arpa
                                dns
                                70 B
                                144 B
                                1
                                1

                                DNS Request

                                86.23.85.13.in-addr.arpa

                              • 8.8.8.8:53
                                171.39.242.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                171.39.242.20.in-addr.arpa

                              • 8.8.8.8:53
                                240.221.184.93.in-addr.arpa
                                dns
                                73 B
                                144 B
                                1
                                1

                                DNS Request

                                240.221.184.93.in-addr.arpa

                              • 8.8.8.8:53
                                image.filemanager.work
                                dns
                                msedge.exe
                                68 B
                                100 B
                                1
                                1

                                DNS Request

                                image.filemanager.work

                                DNS Response

                                172.67.164.53
                                104.21.34.195

                              • 8.8.8.8:53
                                filmapikofficial.com
                                dns
                                msedge.exe
                                66 B
                                98 B
                                1
                                1

                                DNS Request

                                filmapikofficial.com

                                DNS Response

                                172.67.223.237
                                104.21.32.156

                              • 8.8.8.8:53
                                apps.identrust.com
                                dns
                                msedge.exe
                                64 B
                                165 B
                                1
                                1

                                DNS Request

                                apps.identrust.com

                                DNS Response

                                23.14.90.73
                                23.14.90.91

                              • 8.8.8.8:53
                                53.164.67.172.in-addr.arpa
                                dns
                                72 B
                                134 B
                                1
                                1

                                DNS Request

                                53.164.67.172.in-addr.arpa

                              • 8.8.8.8:53
                                104.201.58.216.in-addr.arpa
                                dns
                                73 B
                                171 B
                                1
                                1

                                DNS Request

                                104.201.58.216.in-addr.arpa

                              • 8.8.8.8:53
                                237.223.67.172.in-addr.arpa
                                dns
                                73 B
                                135 B
                                1
                                1

                                DNS Request

                                237.223.67.172.in-addr.arpa

                              • 8.8.8.8:53
                                73.90.14.23.in-addr.arpa
                                dns
                                70 B
                                133 B
                                1
                                1

                                DNS Request

                                73.90.14.23.in-addr.arpa

                              • 8.8.8.8:53
                                216.197.17.2.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                216.197.17.2.in-addr.arpa

                              • 8.8.8.8:53
                                fa.efek.stream
                                dns
                                msedge.exe
                                60 B
                                76 B
                                1
                                1

                                DNS Request

                                fa.efek.stream

                                DNS Response

                                111.90.158.170

                              • 8.8.8.8:53
                                zukxd6fkxqn.com
                                dns
                                61 B
                                77 B
                                1
                                1

                                DNS Request

                                zukxd6fkxqn.com

                                DNS Response

                                103.224.182.251

                              • 8.8.8.8:53
                                14.213.58.216.in-addr.arpa
                                dns
                                72 B
                                141 B
                                1
                                1

                                DNS Request

                                14.213.58.216.in-addr.arpa

                              • 8.8.8.8:53
                                170.158.90.111.in-addr.arpa
                                dns
                                73 B
                                103 B
                                1
                                1

                                DNS Request

                                170.158.90.111.in-addr.arpa

                              • 142.250.179.234:443
                                ajax.googleapis.com
                                https
                                msedge.exe
                                3.1kB
                                6.6kB
                                5
                                7
                              • 8.8.8.8:53
                                code.jquery.com
                                dns
                                msedge.exe
                                61 B
                                125 B
                                1
                                1

                                DNS Request

                                code.jquery.com

                                DNS Response

                                151.101.194.137
                                151.101.66.137
                                151.101.130.137
                                151.101.2.137

                              • 8.8.8.8:53
                                137.194.101.151.in-addr.arpa
                                dns
                                148 B
                                268 B
                                2
                                2

                                DNS Request

                                137.194.101.151.in-addr.arpa

                                DNS Request

                                137.194.101.151.in-addr.arpa

                              • 8.8.8.8:53
                                eq.avodireexcuser.com
                                dns
                                msedge.exe
                                134 B
                                372 B
                                2
                                2

                                DNS Request

                                eq.avodireexcuser.com

                                DNS Request

                                eq.avodireexcuser.com

                                DNS Response

                                23.109.170.127
                                23.109.170.59
                                23.109.170.34
                                23.109.170.153
                                23.109.170.72
                                94.242.236.130

                                DNS Response

                                23.109.170.127
                                23.109.170.59
                                23.109.170.34
                                23.109.170.153
                                23.109.170.72
                                94.242.236.130

                              • 8.8.8.8:53
                                ssl.p.jwpcdn.com
                                dns
                                msedge.exe
                                124 B
                                346 B
                                2
                                2

                                DNS Request

                                ssl.p.jwpcdn.com

                                DNS Response

                                151.101.2.114
                                151.101.66.114
                                151.101.130.114
                                151.101.194.114

                                DNS Request

                                ssl.p.jwpcdn.com

                                DNS Response

                                151.101.2.114
                                151.101.66.114
                                151.101.130.114
                                151.101.194.114

                              • 8.8.8.8:53
                                entitlements.jwplayer.com
                                dns
                                msedge.exe
                                142 B
                                252 B
                                2
                                2

                                DNS Request

                                entitlements.jwplayer.com

                                DNS Request

                                entitlements.jwplayer.com

                                DNS Response

                                152.199.22.243

                                DNS Response

                                152.199.22.243

                              • 8.8.8.8:53
                                127.170.109.23.in-addr.arpa
                                dns
                                146 B
                                292 B
                                2
                                2

                                DNS Request

                                127.170.109.23.in-addr.arpa

                                DNS Request

                                127.170.109.23.in-addr.arpa

                              • 8.8.8.8:53
                                114.2.101.151.in-addr.arpa
                                dns
                                72 B
                                132 B
                                1
                                1

                                DNS Request

                                114.2.101.151.in-addr.arpa

                              • 8.8.8.8:53
                                226.21.18.104.in-addr.arpa
                                dns
                                72 B
                                134 B
                                1
                                1

                                DNS Request

                                226.21.18.104.in-addr.arpa

                              • 8.8.8.8:53
                                243.22.199.152.in-addr.arpa
                                dns
                                146 B
                                288 B
                                2
                                2

                                DNS Request

                                243.22.199.152.in-addr.arpa

                                DNS Request

                                243.22.199.152.in-addr.arpa

                              • 8.8.8.8:53
                                zukxd6fkxqn.com
                                dns
                                122 B
                                154 B
                                2
                                2

                                DNS Request

                                zukxd6fkxqn.com

                                DNS Request

                                zukxd6fkxqn.com

                                DNS Response

                                103.224.182.251

                                DNS Response

                                103.224.182.251

                              • 8.8.8.8:53
                                ar5.newsales.sbs
                                dns
                                msedge.exe
                                124 B
                                156 B
                                2
                                2

                                DNS Request

                                ar5.newsales.sbs

                                DNS Request

                                ar5.newsales.sbs

                                DNS Response

                                37.27.25.150

                                DNS Response

                                37.27.25.150

                              • 8.8.8.8:53
                                150.25.27.37.in-addr.arpa
                                dns
                                142 B
                                254 B
                                2
                                2

                                DNS Request

                                150.25.27.37.in-addr.arpa

                                DNS Request

                                150.25.27.37.in-addr.arpa

                              • 8.8.8.8:53
                                filmapik.pro
                                dns
                                msedge.exe
                                116 B
                                280 B
                                2
                                2

                                DNS Request

                                filmapik.pro

                                DNS Request

                                filmapik.pro

                              • 8.8.8.8:53
                                241.197.17.2.in-addr.arpa
                                dns
                                142 B
                                270 B
                                2
                                2

                                DNS Request

                                241.197.17.2.in-addr.arpa

                                DNS Request

                                241.197.17.2.in-addr.arpa

                              • 8.8.8.8:53
                                48.229.111.52.in-addr.arpa
                                dns
                                144 B
                                316 B
                                2
                                2

                                DNS Request

                                48.229.111.52.in-addr.arpa

                                DNS Request

                                48.229.111.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                120a75f233314ba1fe34e9d6c09f30b9

                                SHA1

                                a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

                                SHA256

                                e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

                                SHA512

                                3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                bc2edd0741d97ae237e9f00bf3244144

                                SHA1

                                7c1e5d324f5c7137a3c4ec85146659f026c11782

                                SHA256

                                dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

                                SHA512

                                00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                456B

                                MD5

                                39ef284ab795dfcd6aa5b0ed3729ce8c

                                SHA1

                                0fa8424399f64eb11b712af59c49be4aaee9164e

                                SHA256

                                ae5834d22edd57d2971866682364a1e76e8655c23a042f1a6f197790b2c7dccb

                                SHA512

                                da5bf7ca3dbd3d187d887c4298a7cb9d1c8144d2a8ceffe20866d90a5e9caea4ebe34f94347689e68b7ddf75fa7b3b88c4216c2d04f5280caf1c2fba8f920b20

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                669B

                                MD5

                                ba97292516906889e4f9abc53a81168a

                                SHA1

                                28da2ea6f5273090d068d38145e7252c679acd48

                                SHA256

                                4bbe3a4713cbcc1d436eafbd68e8e5045f664a76bebfb388d1bcf63e55b077da

                                SHA512

                                e585d53c7be0118ce679159874275feda6b2e6c5ac9c09240431d9df47e5679ed3e387802cba298bcdf73126fc730ed48e1ffc216af568b1874b0625f22708b8

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                b121cd41a14f5641e96fc8e4d08b47c1

                                SHA1

                                1ec351dfbf2cde57741d405a47522687a0363332

                                SHA256

                                156c8c973d15460bd2cbde75f2b595dc42415a56897ce1b0e57da157d84b5358

                                SHA512

                                f691161c211f376c8687fa9a52263b362ea1a992b4b07842569db2bc0e9572f1ac7d06ddf8cdbfdfbd2d58e32071ff2dfe82b8b3f1e6b88edcf5325cfc9590ae

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                4b29005cfa93b9ae7aacec215bed82cd

                                SHA1

                                868659b641bf4a2cb340fb38de18327dc48913dc

                                SHA256

                                276e65dda827da07976ee850dd6dbce71976a0848db570c45abd09a4c8d95343

                                SHA512

                                966b3d20100878b1ebe5aa2ba616caca03fb57abd251a77e0335a39ce59dc51051a3e6e83518c93fff4c2c34604fe4c04bdb503e93b6150cac57717d59881b67

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                bdb064dba3d4deef9447dcb589d15cb4

                                SHA1

                                47c16c1a0cabab909454d235456c6327e641e29e

                                SHA256

                                4d04aaeba28e57d18687bcfc136a69ed1c299e85aa135de11118c0e685d3f646

                                SHA512

                                d7a55a3e53ecca05e6c7068b681a8e1486ba6eaa604ba35be3a6742168733e78e0648f61c736060b7eabf375f46b593df4e32ff089850f7db2b5fb566046837b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                874B

                                MD5

                                af5c7d02344f2eaf2717fb5081b8ce2a

                                SHA1

                                83d02caf6ddf802f2d2d235077a1038f278f57c2

                                SHA256

                                8a896afeecb322dbf055d77fa26a1de627a3aae33a988d4cb98d0f69d660ed2b

                                SHA512

                                8d32bfbd467c73acb76f50b84a7b84999ae1cd07263b276def34f2d1b294669f47d1acf35856fa0cb4aab7bd15aa934ee15b24b7ef9a80054e23a8d343cecaa5

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                706B

                                MD5

                                ee8f06b3fe0cbe9a45121b1d8122c96c

                                SHA1

                                eb9271f2eb61a5c7cd885b2a1dace4ffdbcdcb41

                                SHA256

                                c393fa3cf89454858dd92e19b694cef702d0358ea3caf5bae362020aa919a8ca

                                SHA512

                                2ffe17b9e9486c5854cc2f0d0f6ec4c8ce086726f3ea27a3520b826b410e87276c7bbd783a48eeb23f161297c843063577b700ca51256688d549eb5211da3cf9

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58588b.TMP

                                Filesize

                                203B

                                MD5

                                a4f9cf315c638db70074ed9c81859dab

                                SHA1

                                07899605d3286c40e9668161761ea3b1d61f56ad

                                SHA256

                                fa743f2d5367143da821542789f70e792b7948dd960c8d313c3329debb000939

                                SHA512

                                102217f0d021d17162aa488616c8fda34ee7028e95086cd5b2c59f96602f6cfa3e466821579ae26aa6c458fab63289bc2a5528d30cb39e76daa4397f37f24085

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                92500ceeca34f16feb0177f9dcd16bca

                                SHA1

                                30c9cbcc3acca364963f0098198a2a46a588abb3

                                SHA256

                                d365da937b0583d694f2eff6af7e1c71818f1686d38b31bac687cf465067bded

                                SHA512

                                d0571f636c18af9b910695570a1b63f0517209cc002d39ed3b86536919bbf9e7c4f84700fc5dddac24707a6af33b661719765d50484af519be7311f69c4abf1f

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.