5cb163ef054ff77abd500bff4b07cebda5a0190a7145eb00d633e1be05667cd6

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 09:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
Size

91KB
MD5

fa01e41af84eb41076a5df4a6682c865
SHA1

d151aab181d2eb0729a3f3cb4eda41344ab15608
SHA256

5cb163ef054ff77abd500bff4b07cebda5a0190a7145eb00d633e1be05667cd6
SHA512

2796df827f23b6683bb0b51db645a7c5295a98ca7fe43a2cf4fc5c36ff572530e87daeca96f748fcd0dc7d878c5dc2585635a81a47dfb8c64dd7d3c34f59674f
SSDEEP

1536:k8SI4H2XAhKOUYIuVFwr6jfedyScDV12xaLYHhOoNqPfvYMc4If:aH2XLG9Cy5DVb/Y94If

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2284	msedge.exe
2284	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1288	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1288	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1228	2284	msedge.exe	85
PID 2284 wrote to memory of 1228	2284	msedge.exe	85
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 2160	2284	msedge.exe	87
PID 2284 wrote to memory of 2160	2284	msedge.exe	87
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b1b46f8,0x7fff5b1b4708,0x7fff5b1b4718
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1132 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288

Network

DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.179.234
DNS

s.w.org

msedge.exe

Remote address:

8.8.8.8:53

Request

s.w.org

IN A

Response

s.w.org

IN A

192.0.77.48
DNS

go.oclasrv.com

Remote address:

8.8.8.8:53

Request

go.oclasrv.com

IN A

Response

go.oclasrv.com

IN A

139.45.197.237
GET

https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3

msedge.exe

Remote address:

142.250.179.234:443

Request

GET /ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3 HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js

msedge.exe

Remote address:

142.250.179.234:443

Request

GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19; domain=.bing.com; expires=Wed, 14-May-2025 09:29:27 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 875E42F059314884A44780B7BD7672D1 Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
date: Fri, 19 Apr 2024 09:29:26 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=zNaPYbxWOuZrG5_R-o2YHDfXbHDYnKNanx9KioKsWn4; domain=.bing.com; expires=Wed, 14-May-2025 09:29:27 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 76F16E5A09C441E1A9B479C77816BEE4 Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
date: Fri, 19 Apr 2024 09:29:26 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19; MSPTC=zNaPYbxWOuZrG5_R-o2YHDfXbHDYnKNanx9KioKsWn4

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09DFA73124CB4696956B701E71BE0C8A Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
date: Fri, 19 Apr 2024 09:29:26 GMT
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

21.114.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.114.53.23.in-addr.arpa

IN PTR

Response

21.114.53.23.in-addr.arpa

IN PTR

a23-53-114-21deploystaticakamaitechnologiescom
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

go.oclasrv.com

Remote address:

8.8.8.8:53

Request

go.oclasrv.com

IN A

Response

go.oclasrv.com

IN A

139.45.197.237
DNS

inpagepush.com

Remote address:

8.8.8.8:53

Request

inpagepush.com

IN A

Response

inpagepush.com

IN A

139.45.197.237
DNS

inpagepush.com

Remote address:

8.8.8.8:53

Request

inpagepush.com

IN A

Response

inpagepush.com

IN A

139.45.197.237
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

image.filemanager.work

msedge.exe

Remote address:

8.8.8.8:53

Request

image.filemanager.work

IN A

Response

image.filemanager.work

IN A

172.67.164.53

image.filemanager.work

IN A

104.21.34.195
GET

https://image.filemanager.work/backdrop/backdrop-tt11079148.jpg

msedge.exe

Remote address:

172.67.164.53:443

Request

GET /backdrop/backdrop-tt11079148.jpg HTTP/2.0
host: image.filemanager.work
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Fri, 19 Apr 2024 09:30:08 GMT
content-type: text/html
content-length: 167
location: https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg
cache-control: max-age=3600
expires: Fri, 19 Apr 2024 10:30:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjvFv2yT279lQUg4Er8llGQMaxeeYgYJp3sJSXgxAzFYdq186w%2Fd%2BO3iSJvXvxFI7HMZ3FlcZprlRSQGtjjYF7C6gMeuLRgM9xzBH9%2BTVkwTbi9I8hg%2BF53w%2FZWOYvMJ1bHjZKpANVKd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcafdf06540-LHR
alt-svc: h3=":443"; ma=86400
GET

https://image.filemanager.work/poster/tt11079148.jpg

msedge.exe

Remote address:

172.67.164.53:443

Request

GET /poster/tt11079148.jpg HTTP/2.0
host: image.filemanager.work
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Fri, 19 Apr 2024 09:30:08 GMT
content-type: text/html
content-length: 167
location: https://filmapikofficial.com/poster/tt11079148.jpg
cache-control: max-age=3600
expires: Fri, 19 Apr 2024 10:30:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPLFHD4EOGpsVF%2BfGMM22XstYG%2BXu6ZDprJhHp8MG5q97QUwWwpZU1tPMHQ5uaEudvMOfSX9CBn2XhcIy1M6R9sZs9PPOMrmI0rFqwfefdfHAZjkTd4A8WxlS%2F2pjrwohvvnGVmNIxIS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcafdf36540-LHR
alt-svc: h3=":443"; ma=86400
GET

https://image.filemanager.work/poster/tt11079148.jpg

msedge.exe

Remote address:

172.67.164.53:443

Request

GET /poster/tt11079148.jpg HTTP/2.0
host: image.filemanager.work
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Fri, 19 Apr 2024 09:30:31 GMT
content-type: text/html
content-length: 167
location: https://filmapikofficial.com/poster/tt11079148.jpg
cache-control: max-age=3600
expires: Fri, 19 Apr 2024 10:30:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5G%2BA7qyvFmXIM7jk4MM%2Fpz0dFG1bEhsxisOnSKMXQ8dWaZLLOIQ%2BqZPacvYnPMthlCftCgoDkR2DmWAAivOOgqV6%2BlyBbLFtbbNPGxk9b8rGpQ8plr8t3w4LRfKjgtw%2B74ORh6v5m%2Bo7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876be05de8fe6540-LHR
alt-svc: h3=":443"; ma=86400
DNS

filmapikofficial.com

msedge.exe

Remote address:

8.8.8.8:53

Request

filmapikofficial.com

IN A

Response

filmapikofficial.com

IN A

172.67.223.237

filmapikofficial.com

IN A

104.21.32.156
GET

https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg

msedge.exe

Remote address:

172.67.223.237:443

Request

GET /backdrop/backdrop-tt11079148.jpg HTTP/2.0
host: filmapikofficial.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Apr 2024 09:30:09 GMT
content-type: image/jpeg
content-length: 30358
last-modified: Wed, 09 Sep 2020 07:35:17 GMT
etag: "5f5885b5-7696"
expires: Sun, 19 May 2024 09:27:21 GMT
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpjftFi%2F6SHomEmP4ygGV72eqEuoS5gayTaqXhhRijzHYf9BdQPNvVDhU7ZjHu3qSbIozE6NFDIfQbgCRtTMQpWzasPpjvZzcHUNKqbG9O0N1Xf4g6sugxj%2BwTYsldqvishFk8oOfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcd4fff9492-LHR
alt-svc: h3=":443"; ma=86400
GET

https://filmapikofficial.com/poster/tt11079148.jpg

msedge.exe

Remote address:

172.67.223.237:443

Request

GET /poster/tt11079148.jpg HTTP/2.0
host: filmapikofficial.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Apr 2024 09:30:09 GMT
content-type: image/jpeg
content-length: 44321
last-modified: Wed, 09 Sep 2020 07:35:17 GMT
etag: "5f5885b5-ad21"
expires: Sun, 19 May 2024 09:27:21 GMT
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6Hl7E166f0DGl5YSs%2BCLgy9Wgq4qjOnyCHTEgI6JWLK%2BS1a2%2FlHDC74YuXehul4SQlbXGHxPrkF4S6zuYOaCsxZh13xpbkob5xqMheE2BLXk28Q4tBOn867zML1MR%2BTMY5cbxSOOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcd3ffe9492-LHR
alt-svc: h3=":443"; ma=86400
GET

https://filmapikofficial.com/poster/tt11079148.jpg

msedge.exe

Remote address:

172.67.223.237:443

Request

GET /poster/tt11079148.jpg HTTP/2.0
host: filmapikofficial.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Apr 2024 09:30:32 GMT
content-type: image/jpeg
content-length: 30358
last-modified: Wed, 09 Sep 2020 07:35:17 GMT
etag: "5f5885b5-7696"
expires: Sun, 19 May 2024 09:27:21 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 23
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iT5tsxfMLNIpeOD3QaJRjMWFNocALlNjn7e9dZIgUS7Un55kIusuO5YnvwVbpkpLsajwVzJsFTjGHu9Q0rksDwytiu8PEgWXRHto9ujJLx7OGZWwmh%2F%2BJ4YZM9%2BXLnm0XJtojKGxFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876be05e392c9492-LHR
alt-svc: h3=":443"; ma=86400
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

23.14.90.73

a1952.dscq.akamai.net

IN A

23.14.90.91
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

23.14.90.73:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 19 Apr 2024 10:30:08 GMT
Date: Fri, 19 Apr 2024 09:30:08 GMT
Connection: keep-alive
DNS

53.164.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.164.67.172.in-addr.arpa

IN PTR

Response
DNS

104.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.201.58.216.in-addr.arpa

IN PTR

Response

104.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f81e100net

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f104�H

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f8�H
DNS

237.223.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.223.67.172.in-addr.arpa

IN PTR

Response
DNS

73.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.90.14.23.in-addr.arpa

IN PTR

Response

73.90.14.23.in-addr.arpa

IN PTR

a23-14-90-73deploystaticakamaitechnologiescom
DNS

216.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.197.17.2.in-addr.arpa

IN PTR

Response

216.197.17.2.in-addr.arpa

IN PTR

a2-17-197-216deploystaticakamaitechnologiescom
DNS

fa.efek.stream

msedge.exe

Remote address:

8.8.8.8:53

Request

fa.efek.stream

IN A

Response

fa.efek.stream

IN A

111.90.158.170
GET

https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ== HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=c86ekgg1puqg6bao758kcqhad1; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/theme/assets/css/player.css?v=1713518862

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /theme/assets/css/player.css?v=1713518862 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: text/css
last-modified: Wed, 07 Apr 2021 15:15:32 GMT
vary: Accept-Encoding
etag: W/"606dcc94-c9b"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/file.js?v=4fsa

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /file.js?v=4fsa HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 01 Mar 2023 14:34:19 GMT
vary: Accept-Encoding
etag: W/"63ff626b-18d51"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/jw/d.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/d.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
content-length: 256
last-modified: Thu, 16 Dec 2021 08:41:14 GMT
etag: "61bafbaa-100"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
GET

https://fa.efek.stream/jw/dai.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/dai.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:51:21 GMT
vary: Accept-Encoding
etag: W/"6141d029-1fbb"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/jw/freewheel.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/freewheel.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:42 GMT
vary: Accept-Encoding
etag: W/"6141d002-6f34"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/jw/gapro.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/gapro.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:46 GMT
vary: Accept-Encoding
etag: W/"6141d006-843"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/jw/googima.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/googima.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:37 GMT
vary: Accept-Encoding
etag: W/"6141cffd-f5c2"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/jw/jwpsrv.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/jwpsrv.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:27 GMT
vary: Accept-Encoding
etag: W/"6141cff3-dd4b"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/jw/vast.js?v=123

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /jw/vast.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:51:11 GMT
vary: Accept-Encoding
etag: W/"6141d01f-1ae06"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
GET

https://fa.efek.stream/theme/static/icons/menu.png

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /theme/static/icons/menu.png HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Apr 2024 09:27:44 GMT
content-type: image/png
content-length: 19864
last-modified: Wed, 07 Apr 2021 15:15:34 GMT
etag: "606dcc96-4d98"
expires: Sun, 19 May 2024 09:27:44 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
GET

https://fa.efek.stream/uploads/

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /uploads/ HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

server: nginx
date: Fri, 19 Apr 2024 09:27:44 GMT
content-type: text/html
content-length: 548
GET

https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001

msedge.exe

Remote address:

111.90.158.170:443

Request

GET /stream/720/EwS8m4lCgp5asyI/__001 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 302

server: nginx
date: Fri, 19 Apr 2024 09:27:51 GMT
content-type: text/html; charset=UTF-8
location: https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001
strict-transport-security: max-age=31536000
DNS

zukxd6fkxqn.com

Remote address:

8.8.8.8:53

Request

zukxd6fkxqn.com

IN A

Response

zukxd6fkxqn.com

IN A

103.224.182.251
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f14�H
DNS

170.158.90.111.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.158.90.111.in-addr.arpa

IN PTR

Response

170.158.90.111.in-addr.arpa

IN PTR

server1kamonla
DNS

code.jquery.com

msedge.exe

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.2.137
GET

https://code.jquery.com/jquery-3.5.1.min.js

msedge.exe

Remote address:

151.101.194.137:443

Request

GET /jquery-3.5.1.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://fa.efek.stream
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 19 Apr 2024 09:30:30 GMT
age: 2144459
x-served-by: cache-lga21981-LGA, cache-lcy-eglc8600051-LCY
x-cache: HIT, HIT
x-cache-hits: 55, 143348
x-timer: S1713519030.423179,VS0,VE0
vary: Accept-Encoding
content-length: 30879
DNS

137.194.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.194.101.151.in-addr.arpa

IN PTR

Response
DNS

137.194.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.194.101.151.in-addr.arpa

IN PTR

Response
DNS

eq.avodireexcuser.com

msedge.exe

Remote address:

8.8.8.8:53

Request

eq.avodireexcuser.com

IN A

Response

eq.avodireexcuser.com

IN CNAME

wynvalur.com

wynvalur.com

IN A

23.109.170.127

wynvalur.com

IN A

23.109.170.59

wynvalur.com

IN A

23.109.170.34

wynvalur.com

IN A

23.109.170.153

wynvalur.com

IN A

23.109.170.72

wynvalur.com

IN A

94.242.236.130
DNS

eq.avodireexcuser.com

msedge.exe

Remote address:

8.8.8.8:53

Request

eq.avodireexcuser.com

IN A

Response

eq.avodireexcuser.com

IN CNAME

wynvalur.com

wynvalur.com

IN A

23.109.170.127

wynvalur.com

IN A

23.109.170.59

wynvalur.com

IN A

23.109.170.34

wynvalur.com

IN A

23.109.170.153

wynvalur.com

IN A

23.109.170.72

wynvalur.com

IN A

94.242.236.130
GET

https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525

msedge.exe

Remote address:

23.109.170.127:443

Request

GET /rfyqNUZeNhlQOsnS1/42525 HTTP/1.1
Host: eq.avodireexcuser.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://fa.efek.stream/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 19 Apr 2024 09:30:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://fa.efek.stream
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jU1OwzAYRPOfFprASDkAR3DSppAlC87AMnLsr8E0sSvHJOL2WEiwG8280QuCIKoeEK7ZHvEXb%2FE0sEEeBR1F3bXsxE9Nxy6MU8PppW3Pz2fs1dI7PkzkEuyWmVvXuzXBYSRNVoleGEkFHj3111y12XSCdLBcywLp7ImpQD5Ysy1kqxiJ5jMheZMj%2BZl%2FGouoa3xU2seQITJLFZd3yN%2BVlv5VHhDVrCyzAPe3ibuLsXOvZBYiHS2XhPAVO8EdjcZ%2BI5e0XJ25AWaS%2FT%2F%2FK423miGTtCrh3cZ9kP0BKYpNOQ%3D%3D; expires=Sat, 20-Apr-2024 09:30:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Set-Cookie: GL_GI10=eJwVxMEKgkAQBuCdCYxAhL98AJ9A3Dp5TcRD0ckeQFyRhZyRdev5q8P3GWM4T8F%2BRWZrW9rKlueqLi81aAZ3V%2FAoyJ7i4%2BSKm5fZ6QIK2LWPDhwE%2B1bm1yAONCK5qzgVkMex6%2Fui0WV5ix%2BH6FU28M%2Bh0bBqGOIEWhMCR%2F2%2FudyAPsnpC19iIto%3D; expires=Sat, 20-Apr-2024 09:30:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
DNS

ssl.p.jwpcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.p.jwpcdn.com

IN A

Response

ssl.p.jwpcdn.com

IN CNAME

jwplayer-dualstack.map.fastly.net

jwplayer-dualstack.map.fastly.net

IN A

151.101.2.114

jwplayer-dualstack.map.fastly.net

IN A

151.101.66.114

jwplayer-dualstack.map.fastly.net

IN A

151.101.130.114

jwplayer-dualstack.map.fastly.net

IN A

151.101.194.114
DNS

ssl.p.jwpcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.p.jwpcdn.com

IN A

Response

ssl.p.jwpcdn.com

IN CNAME

jwplayer-dualstack.map.fastly.net

jwplayer-dualstack.map.fastly.net

IN A

151.101.2.114

jwplayer-dualstack.map.fastly.net

IN A

151.101.66.114

jwplayer-dualstack.map.fastly.net

IN A

151.101.130.114

jwplayer-dualstack.map.fastly.net

IN A

151.101.194.114
DNS

entitlements.jwplayer.com

msedge.exe

Remote address:

8.8.8.8:53

Request

entitlements.jwplayer.com

IN A

Response

entitlements.jwplayer.com

IN CNAME

cs386.wpc.edgecastcdn.net

cs386.wpc.edgecastcdn.net

IN A

152.199.22.243
DNS

entitlements.jwplayer.com

msedge.exe

Remote address:

8.8.8.8:53

Request

entitlements.jwplayer.com

IN A

Response

entitlements.jwplayer.com

IN CNAME

cs386.wpc.edgecastcdn.net

cs386.wpc.edgecastcdn.net

IN A

152.199.22.243
GET

https://ssl.p.jwpcdn.com/player/v/8.8.2/jwplayer.core.controls.html5.js

msedge.exe

Remote address:

151.101.2.114:443

Request

GET /player/v/8.8.2/jwplayer.core.controls.html5.js HTTP/2.0
host: ssl.p.jwpcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=31536000, immutable
last-modified: Fri, 29 Mar 2019 23:26:35 GMT
etag: "71040b81c44a237abf39e05c76451830"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 19 Apr 2024 09:30:31 GMT
via: 1.1 varnish
age: 1484492
x-served-by: cache-lcy-eglc8600044-LCY
x-cache: HIT
x-cache-hits: 1316
x-timer: S1713519032.800156,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 76169
GET

https://ssl.p.jwpcdn.com/player/v/8.8.2/related.js

msedge.exe

Remote address:

151.101.2.114:443

Request

GET /player/v/8.8.2/related.js HTTP/2.0
host: ssl.p.jwpcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=31536000, immutable
last-modified: Fri, 29 Mar 2019 23:26:40 GMT
etag: "1583406067dd52c5312be4a9bd82cebd"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 19 Apr 2024 09:30:31 GMT
via: 1.1 varnish
age: 1231644
x-served-by: cache-lcy-eglc8600044-LCY
x-cache: HIT
x-cache-hits: 2651
x-timer: S1713519032.800702,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 26504
GET

https://entitlements.jwplayer.com/GCCG.json

msedge.exe

Remote address:

152.199.22.243:443

Request

GET /GCCG.json HTTP/2.0
host: entitlements.jwplayer.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://fa.efek.stream
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

accept-ranges: bytes
access-control-allow-origin: *
age: 41978
cache-control: max-age=1800, s-maxage=4680
content-type: application/json
date: Fri, 19 Apr 2024 09:30:31 GMT
last-modified: Thu, 18 Apr 2024 21:50:53 GMT
server: ECAcc (lhd/35D9)
x-cache: 400-HIT
content-length: 71
DNS

127.170.109.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.170.109.23.in-addr.arpa

IN PTR

Response
DNS

127.170.109.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.170.109.23.in-addr.arpa

IN PTR

Response
DNS

114.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.2.101.151.in-addr.arpa

IN PTR

Response
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

243.22.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.22.199.152.in-addr.arpa

IN PTR

Response
DNS

243.22.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.22.199.152.in-addr.arpa

IN PTR

Response
DNS

zukxd6fkxqn.com

Remote address:

8.8.8.8:53

Request

zukxd6fkxqn.com

IN A

Response

zukxd6fkxqn.com

IN A

103.224.182.251
DNS

zukxd6fkxqn.com

Remote address:

8.8.8.8:53

Request

zukxd6fkxqn.com

IN A

Response

zukxd6fkxqn.com

IN A

103.224.182.251
DNS

ar5.newsales.sbs

msedge.exe

Remote address:

8.8.8.8:53

Request

ar5.newsales.sbs

IN A

Response

ar5.newsales.sbs

IN A

37.27.25.150
DNS

ar5.newsales.sbs

msedge.exe

Remote address:

8.8.8.8:53

Request

ar5.newsales.sbs

IN A

Response

ar5.newsales.sbs

IN A

37.27.25.150
GET

https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001

msedge.exe

Remote address:

37.27.25.150:443

Request

GET /stream/720/EwS8m4lCgp5asyI/__001 HTTP/2.0
host: ar5.newsales.sbs
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://fa.efek.stream/
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 206

server: nginx
date: Fri, 19 Apr 2024 09:30:46 GMT
content-type: video/mp4
content-length: 658896145
accept-ranges: bytes
developed-by: CodySeller
content-disposition: attachment; filename="[FILMAPIK.info]-justice-league-dark-apokolips-war.mp4.mp4"
content-range: bytes 0-658896144/658896145
strict-transport-security: max-age=31536000
DNS

150.25.27.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.25.27.37.in-addr.arpa

IN PTR

Response

150.25.27.37.in-addr.arpa

IN PTR

static150252737clientsyour-serverde
DNS

150.25.27.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.25.27.37.in-addr.arpa

IN PTR

Response

150.25.27.37.in-addr.arpa

IN PTR

static150252737clientsyour-serverde
DNS

filmapik.pro

msedge.exe

Remote address:

8.8.8.8:53

Request

filmapik.pro

IN A

Response
DNS

filmapik.pro

msedge.exe

Remote address:

8.8.8.8:53

Request

filmapik.pro

IN A

Response
DNS

241.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.197.17.2.in-addr.arpa

IN PTR

Response

241.197.17.2.in-addr.arpa

IN PTR

a2-17-197-241deploystaticakamaitechnologiescom
DNS

241.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.197.17.2.in-addr.arpa

IN PTR

Response

241.197.17.2.in-addr.arpa

IN PTR

a2-17-197-241deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
142.250.179.234:443

https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js

tls, http2

msedge.exe

3.5kB
70.3kB
48
64

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
139.45.197.237:445

go.oclasrv.com

260 B
5
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

tls, http2

2.0kB
9.2kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

HTTP Response

204
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
139.45.197.237:445

inpagepush.com

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
172.67.164.53:443

https://image.filemanager.work/poster/tt11079148.jpg

tls, http2

msedge.exe

2.1kB
7.6kB
18
23

HTTP Request

GET https://image.filemanager.work/backdrop/backdrop-tt11079148.jpg

HTTP Request

GET https://image.filemanager.work/poster/tt11079148.jpg

HTTP Response

301

HTTP Response

301

HTTP Request

GET https://image.filemanager.work/poster/tt11079148.jpg

HTTP Response

301
172.67.164.53:443

image.filemanager.work

tls, http2

msedge.exe

989 B
5.1kB
9
8
103.194.171.18:80

msedge.exe

260 B
5
172.67.223.237:443

https://filmapikofficial.com/poster/tt11079148.jpg

tls, http2

msedge.exe

4.1kB
116.3kB
63
107

HTTP Request

GET https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg

HTTP Request

GET https://filmapikofficial.com/poster/tt11079148.jpg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://filmapikofficial.com/poster/tt11079148.jpg

HTTP Response

200
172.67.223.237:443

filmapikofficial.com

tls, http2

msedge.exe

989 B
4.7kB
9
7
23.14.90.73:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

468 B
1.7kB
7
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
103.194.171.18:80

msedge.exe

260 B
5
111.90.158.170:443

https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001

tls, http2

msedge.exe

6.3kB
168.2kB
87
141

HTTP Request

GET https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==

HTTP Response

200

HTTP Request

GET https://fa.efek.stream/theme/assets/css/player.css?v=1713518862

HTTP Request

GET https://fa.efek.stream/file.js?v=4fsa

HTTP Request

GET https://fa.efek.stream/jw/d.js?v=123

HTTP Request

GET https://fa.efek.stream/jw/dai.js?v=123

HTTP Request

GET https://fa.efek.stream/jw/freewheel.js?v=123

HTTP Request

GET https://fa.efek.stream/jw/gapro.js?v=123

HTTP Request

GET https://fa.efek.stream/jw/googima.js?v=123

HTTP Request

GET https://fa.efek.stream/jw/jwpsrv.js?v=123

HTTP Request

GET https://fa.efek.stream/jw/vast.js?v=123

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fa.efek.stream/theme/static/icons/menu.png

HTTP Response

200

HTTP Request

GET https://fa.efek.stream/uploads/

HTTP Request

GET https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001

HTTP Response

403

HTTP Response

302
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.194.171.18:80

msedge.exe

260 B
5
103.224.182.251:445

zukxd6fkxqn.com

260 B
5
111.90.158.170:443

fa.efek.stream

tls, http2

msedge.exe

1.1kB
4.3kB
10
11
151.101.194.137:443

https://code.jquery.com/jquery-3.5.1.min.js

tls, http2

msedge.exe

2.6kB
38.7kB
34
37

HTTP Request

GET https://code.jquery.com/jquery-3.5.1.min.js

HTTP Response

200
23.109.170.127:443

https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525

tls, http

msedge.exe

2.9kB
5.0kB
10
10

HTTP Request

GET https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525

HTTP Response

200
151.101.2.114:443

ssl.p.jwpcdn.com

tls

msedge.exe

989 B
5.6kB
9
10
151.101.2.114:443

https://ssl.p.jwpcdn.com/player/v/8.8.2/related.js

tls, http2

msedge.exe

4.1kB
112.1kB
64
89

HTTP Request

GET https://ssl.p.jwpcdn.com/player/v/8.8.2/jwplayer.core.controls.html5.js

HTTP Request

GET https://ssl.p.jwpcdn.com/player/v/8.8.2/related.js

HTTP Response

200

HTTP Response

200
152.199.22.243:443

https://entitlements.jwplayer.com/GCCG.json

tls, http2

msedge.exe

2.2kB
5.4kB
13
12

HTTP Request

GET https://entitlements.jwplayer.com/GCCG.json

HTTP Response

400
37.27.25.150:443

https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001

tls, http2

msedge.exe

31.6kB
1.8MB
663
1293

HTTP Request

GET https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001

HTTP Response

206

8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.179.234
8.8.8.8:53

s.w.org

dns

msedge.exe

53 B
69 B
1
1

DNS Request

s.w.org

DNS Response

192.0.77.48
8.8.8.8:53

go.oclasrv.com

dns

60 B
76 B
1
1

DNS Request

go.oclasrv.com

DNS Response

139.45.197.237
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

21.114.53.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

21.114.53.23.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

go.oclasrv.com

dns

60 B
76 B
1
1

DNS Request

go.oclasrv.com

DNS Response

139.45.197.237
224.0.0.251:5353

msedge.exe

456 B
7
8.8.8.8:53

inpagepush.com

dns

60 B
76 B
1
1

DNS Request

inpagepush.com

DNS Response

139.45.197.237
8.8.8.8:53

inpagepush.com

dns

60 B
76 B
1
1

DNS Request

inpagepush.com

DNS Response

139.45.197.237
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

image.filemanager.work

dns

msedge.exe

68 B
100 B
1
1

DNS Request

image.filemanager.work

DNS Response

172.67.164.53

104.21.34.195
8.8.8.8:53

filmapikofficial.com

dns

msedge.exe

66 B
98 B
1
1

DNS Request

filmapikofficial.com

DNS Response

172.67.223.237

104.21.32.156
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

23.14.90.73

23.14.90.91
8.8.8.8:53

53.164.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

53.164.67.172.in-addr.arpa
8.8.8.8:53

104.201.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

104.201.58.216.in-addr.arpa
8.8.8.8:53

237.223.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

237.223.67.172.in-addr.arpa
8.8.8.8:53

73.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.90.14.23.in-addr.arpa
8.8.8.8:53

216.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

216.197.17.2.in-addr.arpa
8.8.8.8:53

fa.efek.stream

dns

msedge.exe

60 B
76 B
1
1

DNS Request

fa.efek.stream

DNS Response

111.90.158.170
8.8.8.8:53

zukxd6fkxqn.com

dns

61 B
77 B
1
1

DNS Request

zukxd6fkxqn.com

DNS Response

103.224.182.251
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

170.158.90.111.in-addr.arpa

dns

73 B
103 B
1
1

DNS Request

170.158.90.111.in-addr.arpa
142.250.179.234:443

ajax.googleapis.com

https

msedge.exe

3.1kB
6.6kB
5
7
8.8.8.8:53

code.jquery.com

dns

msedge.exe

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.194.137

151.101.66.137

151.101.130.137

151.101.2.137
8.8.8.8:53

137.194.101.151.in-addr.arpa

dns

148 B
268 B
2
2

DNS Request

137.194.101.151.in-addr.arpa

DNS Request

137.194.101.151.in-addr.arpa
8.8.8.8:53

eq.avodireexcuser.com

dns

msedge.exe

134 B
372 B
2
2

DNS Request

eq.avodireexcuser.com

DNS Request

eq.avodireexcuser.com

DNS Response

23.109.170.127

23.109.170.59

23.109.170.34

23.109.170.153

23.109.170.72

94.242.236.130

DNS Response

23.109.170.127

23.109.170.59

23.109.170.34

23.109.170.153

23.109.170.72

94.242.236.130
8.8.8.8:53

ssl.p.jwpcdn.com

dns

msedge.exe

124 B
346 B
2
2

DNS Request

ssl.p.jwpcdn.com

DNS Response

151.101.2.114

151.101.66.114

151.101.130.114

151.101.194.114

DNS Request

ssl.p.jwpcdn.com

DNS Response

151.101.2.114

151.101.66.114

151.101.130.114

151.101.194.114
8.8.8.8:53

entitlements.jwplayer.com

dns

msedge.exe

142 B
252 B
2
2

DNS Request

entitlements.jwplayer.com

DNS Request

entitlements.jwplayer.com

DNS Response

152.199.22.243

DNS Response

152.199.22.243
8.8.8.8:53

127.170.109.23.in-addr.arpa

dns

146 B
292 B
2
2

DNS Request

127.170.109.23.in-addr.arpa

DNS Request

127.170.109.23.in-addr.arpa
8.8.8.8:53

114.2.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

114.2.101.151.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

243.22.199.152.in-addr.arpa

dns

146 B
288 B
2
2

DNS Request

243.22.199.152.in-addr.arpa

DNS Request

243.22.199.152.in-addr.arpa
8.8.8.8:53

zukxd6fkxqn.com

dns

122 B
154 B
2
2

DNS Request

zukxd6fkxqn.com

DNS Request

zukxd6fkxqn.com

DNS Response

103.224.182.251

DNS Response

103.224.182.251
8.8.8.8:53

ar5.newsales.sbs

dns

msedge.exe

124 B
156 B
2
2

DNS Request

ar5.newsales.sbs

DNS Request

ar5.newsales.sbs

DNS Response

37.27.25.150

DNS Response

37.27.25.150
8.8.8.8:53

150.25.27.37.in-addr.arpa

dns

142 B
254 B
2
2

DNS Request

150.25.27.37.in-addr.arpa

DNS Request

150.25.27.37.in-addr.arpa
8.8.8.8:53

filmapik.pro

dns

msedge.exe

116 B
280 B
2
2

DNS Request

filmapik.pro

DNS Request

filmapik.pro
8.8.8.8:53

241.197.17.2.in-addr.arpa

dns

142 B
270 B
2
2

DNS Request

241.197.17.2.in-addr.arpa

DNS Request

241.197.17.2.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

48.229.111.52.in-addr.arpa

DNS Request

48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
39ef284ab795dfcd6aa5b0ed3729ce8c

SHA1
0fa8424399f64eb11b712af59c49be4aaee9164e

SHA256
ae5834d22edd57d2971866682364a1e76e8655c23a042f1a6f197790b2c7dccb

SHA512
da5bf7ca3dbd3d187d887c4298a7cb9d1c8144d2a8ceffe20866d90a5e9caea4ebe34f94347689e68b7ddf75fa7b3b88c4216c2d04f5280caf1c2fba8f920b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
669B

MD5
ba97292516906889e4f9abc53a81168a

SHA1
28da2ea6f5273090d068d38145e7252c679acd48

SHA256
4bbe3a4713cbcc1d436eafbd68e8e5045f664a76bebfb388d1bcf63e55b077da

SHA512
e585d53c7be0118ce679159874275feda6b2e6c5ac9c09240431d9df47e5679ed3e387802cba298bcdf73126fc730ed48e1ffc216af568b1874b0625f22708b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b121cd41a14f5641e96fc8e4d08b47c1

SHA1
1ec351dfbf2cde57741d405a47522687a0363332

SHA256
156c8c973d15460bd2cbde75f2b595dc42415a56897ce1b0e57da157d84b5358

SHA512
f691161c211f376c8687fa9a52263b362ea1a992b4b07842569db2bc0e9572f1ac7d06ddf8cdbfdfbd2d58e32071ff2dfe82b8b3f1e6b88edcf5325cfc9590ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b29005cfa93b9ae7aacec215bed82cd

SHA1
868659b641bf4a2cb340fb38de18327dc48913dc

SHA256
276e65dda827da07976ee850dd6dbce71976a0848db570c45abd09a4c8d95343

SHA512
966b3d20100878b1ebe5aa2ba616caca03fb57abd251a77e0335a39ce59dc51051a3e6e83518c93fff4c2c34604fe4c04bdb503e93b6150cac57717d59881b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdb064dba3d4deef9447dcb589d15cb4

SHA1
47c16c1a0cabab909454d235456c6327e641e29e

SHA256
4d04aaeba28e57d18687bcfc136a69ed1c299e85aa135de11118c0e685d3f646

SHA512
d7a55a3e53ecca05e6c7068b681a8e1486ba6eaa604ba35be3a6742168733e78e0648f61c736060b7eabf375f46b593df4e32ff089850f7db2b5fb566046837b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
af5c7d02344f2eaf2717fb5081b8ce2a

SHA1
83d02caf6ddf802f2d2d235077a1038f278f57c2

SHA256
8a896afeecb322dbf055d77fa26a1de627a3aae33a988d4cb98d0f69d660ed2b

SHA512
8d32bfbd467c73acb76f50b84a7b84999ae1cd07263b276def34f2d1b294669f47d1acf35856fa0cb4aab7bd15aa934ee15b24b7ef9a80054e23a8d343cecaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ee8f06b3fe0cbe9a45121b1d8122c96c

SHA1
eb9271f2eb61a5c7cd885b2a1dace4ffdbcdcb41

SHA256
c393fa3cf89454858dd92e19b694cef702d0358ea3caf5bae362020aa919a8ca

SHA512
2ffe17b9e9486c5854cc2f0d0f6ec4c8ce086726f3ea27a3520b826b410e87276c7bbd783a48eeb23f161297c843063577b700ca51256688d549eb5211da3cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58588b.TMP

Filesize
203B

MD5
a4f9cf315c638db70074ed9c81859dab

SHA1
07899605d3286c40e9668161761ea3b1d61f56ad

SHA256
fa743f2d5367143da821542789f70e792b7948dd960c8d313c3329debb000939

SHA512
102217f0d021d17162aa488616c8fda34ee7028e95086cd5b2c59f96602f6cfa3e466821579ae26aa6c458fab63289bc2a5528d30cb39e76daa4397f37f24085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92500ceeca34f16feb0177f9dcd16bca

SHA1
30c9cbcc3acca364963f0098198a2a46a588abb3

SHA256
d365da937b0583d694f2eff6af7e1c71818f1686d38b31bac687cf465067bded

SHA512
d0571f636c18af9b910695570a1b63f0517209cc002d39ed3b86536919bbf9e7c4f84700fc5dddac24707a6af33b661719765d50484af519be7311f69c4abf1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request