Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 09:29 UTC
Static task
static1
Behavioral task
behavioral1
Sample
fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
-
Size
91KB
-
MD5
fa01e41af84eb41076a5df4a6682c865
-
SHA1
d151aab181d2eb0729a3f3cb4eda41344ab15608
-
SHA256
5cb163ef054ff77abd500bff4b07cebda5a0190a7145eb00d633e1be05667cd6
-
SHA512
2796df827f23b6683bb0b51db645a7c5295a98ca7fe43a2cf4fc5c36ff572530e87daeca96f748fcd0dc7d878c5dc2585635a81a47dfb8c64dd7d3c34f59674f
-
SSDEEP
1536:k8SI4H2XAhKOUYIuVFwr6jfedyScDV12xaLYHhOoNqPfvYMc4If:aH2XLG9Cy5DVb/Y94If
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2160 msedge.exe 2160 msedge.exe 2284 msedge.exe 2284 msedge.exe 2312 identity_helper.exe 2312 identity_helper.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1288 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1288 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2284 wrote to memory of 1228 2284 msedge.exe 85 PID 2284 wrote to memory of 1228 2284 msedge.exe 85 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 1172 2284 msedge.exe 86 PID 2284 wrote to memory of 2160 2284 msedge.exe 87 PID 2284 wrote to memory of 2160 2284 msedge.exe 87 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88 PID 2284 wrote to memory of 4900 2284 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b1b46f8,0x7fff5b1b4708,0x7fff5b1b47182⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1132 /prefetch:12⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5808 /prefetch:82⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1572
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3500
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f0 0x3041⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288
Network
-
Remote address:8.8.8.8:53Request20.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A142.250.179.234
-
Remote address:8.8.8.8:53Requests.w.orgIN AResponses.w.orgIN A192.0.77.48
-
Remote address:8.8.8.8:53Requestgo.oclasrv.comIN AResponsego.oclasrv.comIN A139.45.197.237
-
Remote address:142.250.179.234:443RequestGET /ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3 HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.179.234:443RequestGET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request234.179.250.142.in-addr.arpaIN PTRResponse234.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f101e100net
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19; domain=.bing.com; expires=Wed, 14-May-2025 09:29:27 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 875E42F059314884A44780B7BD7672D1 Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
date: Fri, 19 Apr 2024 09:29:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=zNaPYbxWOuZrG5_R-o2YHDfXbHDYnKNanx9KioKsWn4; domain=.bing.com; expires=Wed, 14-May-2025 09:29:27 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 76F16E5A09C441E1A9B479C77816BEE4 Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
date: Fri, 19 Apr 2024 09:29:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1DBE106AC7566C4D2706040CC6ED6D19; MSPTC=zNaPYbxWOuZrG5_R-o2YHDfXbHDYnKNanx9KioKsWn4
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09DFA73124CB4696956B701E71BE0C8A Ref B: LON04EDGE0820 Ref C: 2024-04-19T09:29:27Z
date: Fri, 19 Apr 2024 09:29:26 GMT
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.114.53.23.in-addr.arpaIN PTRResponse21.114.53.23.in-addr.arpaIN PTRa23-53-114-21deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestgo.oclasrv.comIN AResponsego.oclasrv.comIN A139.45.197.237
-
Remote address:8.8.8.8:53Requestinpagepush.comIN AResponseinpagepush.comIN A139.45.197.237
-
Remote address:8.8.8.8:53Requestinpagepush.comIN AResponseinpagepush.comIN A139.45.197.237
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestimage.filemanager.workIN AResponseimage.filemanager.workIN A172.67.164.53image.filemanager.workIN A104.21.34.195
-
Remote address:172.67.164.53:443RequestGET /backdrop/backdrop-tt11079148.jpg HTTP/2.0
host: image.filemanager.work
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 301
content-type: text/html
content-length: 167
location: https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpg
cache-control: max-age=3600
expires: Fri, 19 Apr 2024 10:30:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjvFv2yT279lQUg4Er8llGQMaxeeYgYJp3sJSXgxAzFYdq186w%2Fd%2BO3iSJvXvxFI7HMZ3FlcZprlRSQGtjjYF7C6gMeuLRgM9xzBH9%2BTVkwTbi9I8hg%2BF53w%2FZWOYvMJ1bHjZKpANVKd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcafdf06540-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.164.53:443RequestGET /poster/tt11079148.jpg HTTP/2.0
host: image.filemanager.work
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 301
content-type: text/html
content-length: 167
location: https://filmapikofficial.com/poster/tt11079148.jpg
cache-control: max-age=3600
expires: Fri, 19 Apr 2024 10:30:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPLFHD4EOGpsVF%2BfGMM22XstYG%2BXu6ZDprJhHp8MG5q97QUwWwpZU1tPMHQ5uaEudvMOfSX9CBn2XhcIy1M6R9sZs9PPOMrmI0rFqwfefdfHAZjkTd4A8WxlS%2F2pjrwohvvnGVmNIxIS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcafdf36540-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.164.53:443RequestGET /poster/tt11079148.jpg HTTP/2.0
host: image.filemanager.work
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 301
content-type: text/html
content-length: 167
location: https://filmapikofficial.com/poster/tt11079148.jpg
cache-control: max-age=3600
expires: Fri, 19 Apr 2024 10:30:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5G%2BA7qyvFmXIM7jk4MM%2Fpz0dFG1bEhsxisOnSKMXQ8dWaZLLOIQ%2BqZPacvYnPMthlCftCgoDkR2DmWAAivOOgqV6%2BlyBbLFtbbNPGxk9b8rGpQ8plr8t3w4LRfKjgtw%2B74ORh6v5m%2Bo7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876be05de8fe6540-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestfilmapikofficial.comIN AResponsefilmapikofficial.comIN A172.67.223.237filmapikofficial.comIN A104.21.32.156
-
Remote address:172.67.223.237:443RequestGET /backdrop/backdrop-tt11079148.jpg HTTP/2.0
host: filmapikofficial.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/jpeg
content-length: 30358
last-modified: Wed, 09 Sep 2020 07:35:17 GMT
etag: "5f5885b5-7696"
expires: Sun, 19 May 2024 09:27:21 GMT
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpjftFi%2F6SHomEmP4ygGV72eqEuoS5gayTaqXhhRijzHYf9BdQPNvVDhU7ZjHu3qSbIozE6NFDIfQbgCRtTMQpWzasPpjvZzcHUNKqbG9O0N1Xf4g6sugxj%2BwTYsldqvishFk8oOfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcd4fff9492-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.223.237:443RequestGET /poster/tt11079148.jpg HTTP/2.0
host: filmapikofficial.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/jpeg
content-length: 44321
last-modified: Wed, 09 Sep 2020 07:35:17 GMT
etag: "5f5885b5-ad21"
expires: Sun, 19 May 2024 09:27:21 GMT
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6Hl7E166f0DGl5YSs%2BCLgy9Wgq4qjOnyCHTEgI6JWLK%2BS1a2%2FlHDC74YuXehul4SQlbXGHxPrkF4S6zuYOaCsxZh13xpbkob5xqMheE2BLXk28Q4tBOn867zML1MR%2BTMY5cbxSOOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdfcd3ffe9492-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.223.237:443RequestGET /poster/tt11079148.jpg HTTP/2.0
host: filmapikofficial.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/jpeg
content-length: 30358
last-modified: Wed, 09 Sep 2020 07:35:17 GMT
etag: "5f5885b5-7696"
expires: Sun, 19 May 2024 09:27:21 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 23
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iT5tsxfMLNIpeOD3QaJRjMWFNocALlNjn7e9dZIgUS7Un55kIusuO5YnvwVbpkpLsajwVzJsFTjGHu9Q0rksDwytiu8PEgWXRHto9ujJLx7OGZWwmh%2F%2BJ4YZM9%2BXLnm0XJtojKGxFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876be05e392c9492-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A23.14.90.73a1952.dscq.akamai.netIN A23.14.90.91
-
Remote address:23.14.90.73:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 19 Apr 2024 10:30:08 GMT
Date: Fri, 19 Apr 2024 09:30:08 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Request53.164.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.201.58.216.in-addr.arpaIN PTRResponse104.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f81e100net104.201.58.216.in-addr.arpaIN PTRprg03s02-in-f104�H104.201.58.216.in-addr.arpaIN PTRprg03s02-in-f8�H
-
Remote address:8.8.8.8:53Request237.223.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.90.14.23.in-addr.arpaIN PTRResponse73.90.14.23.in-addr.arpaIN PTRa23-14-90-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request216.197.17.2.in-addr.arpaIN PTRResponse216.197.17.2.in-addr.arpaIN PTRa2-17-197-216deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestfa.efek.streamIN AResponsefa.efek.streamIN A111.90.158.170
-
GEThttps://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==msedge.exeRemote address:111.90.158.170:443RequestGET /v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ== HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=c86ekgg1puqg6bao758kcqhad1; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /theme/assets/css/player.css?v=1713518862 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: text/css
last-modified: Wed, 07 Apr 2021 15:15:32 GMT
vary: Accept-Encoding
etag: W/"606dcc94-c9b"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /file.js?v=4fsa HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 01 Mar 2023 14:34:19 GMT
vary: Accept-Encoding
etag: W/"63ff626b-18d51"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /jw/d.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
content-length: 256
last-modified: Thu, 16 Dec 2021 08:41:14 GMT
etag: "61bafbaa-100"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
Remote address:111.90.158.170:443RequestGET /jw/dai.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:51:21 GMT
vary: Accept-Encoding
etag: W/"6141d029-1fbb"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /jw/freewheel.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:42 GMT
vary: Accept-Encoding
etag: W/"6141d002-6f34"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /jw/gapro.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:46 GMT
vary: Accept-Encoding
etag: W/"6141d006-843"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /jw/googima.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:37 GMT
vary: Accept-Encoding
etag: W/"6141cffd-f5c2"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /jw/jwpsrv.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:50:27 GMT
vary: Accept-Encoding
etag: W/"6141cff3-dd4b"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /jw/vast.js?v=123 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:42 GMT
content-type: application/javascript
last-modified: Wed, 15 Sep 2021 10:51:11 GMT
vary: Accept-Encoding
etag: W/"6141d01f-1ae06"
expires: Fri, 19 Apr 2024 21:27:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
Remote address:111.90.158.170:443RequestGET /theme/static/icons/menu.png HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Fri, 19 Apr 2024 09:27:44 GMT
content-type: image/png
content-length: 19864
last-modified: Wed, 07 Apr 2021 15:15:34 GMT
etag: "606dcc96-4d98"
expires: Sun, 19 May 2024 09:27:44 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
Remote address:111.90.158.170:443RequestGET /uploads/ HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 403
date: Fri, 19 Apr 2024 09:27:44 GMT
content-type: text/html
content-length: 548
-
Remote address:111.90.158.170:443RequestGET /stream/720/EwS8m4lCgp5asyI/__001 HTTP/2.0
host: fa.efek.stream
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==
accept-language: en-US,en;q=0.9
range: bytes=0-
ResponseHTTP/2.0 302
date: Fri, 19 Apr 2024 09:27:51 GMT
content-type: text/html; charset=UTF-8
location: https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001
strict-transport-security: max-age=31536000
-
Remote address:8.8.8.8:53Requestzukxd6fkxqn.comIN AResponsezukxd6fkxqn.comIN A103.224.182.251
-
Remote address:8.8.8.8:53Request14.213.58.216.in-addr.arpaIN PTRResponse14.213.58.216.in-addr.arpaIN PTRber01s14-in-f141e100net14.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f14�H
-
Remote address:8.8.8.8:53Request170.158.90.111.in-addr.arpaIN PTRResponse170.158.90.111.in-addr.arpaIN PTRserver1kamonla
-
Remote address:8.8.8.8:53Requestcode.jquery.comIN AResponsecode.jquery.comIN A151.101.194.137code.jquery.comIN A151.101.66.137code.jquery.comIN A151.101.130.137code.jquery.comIN A151.101.2.137
-
Remote address:151.101.194.137:443RequestGET /jquery-3.5.1.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://fa.efek.stream
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 19 Apr 2024 09:30:30 GMT
age: 2144459
x-served-by: cache-lga21981-LGA, cache-lcy-eglc8600051-LCY
x-cache: HIT, HIT
x-cache-hits: 55, 143348
x-timer: S1713519030.423179,VS0,VE0
vary: Accept-Encoding
content-length: 30879
-
Remote address:8.8.8.8:53Request137.194.101.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request137.194.101.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesteq.avodireexcuser.comIN AResponseeq.avodireexcuser.comIN CNAMEwynvalur.comwynvalur.comIN A23.109.170.127wynvalur.comIN A23.109.170.59wynvalur.comIN A23.109.170.34wynvalur.comIN A23.109.170.153wynvalur.comIN A23.109.170.72wynvalur.comIN A94.242.236.130
-
Remote address:8.8.8.8:53Requesteq.avodireexcuser.comIN AResponseeq.avodireexcuser.comIN CNAMEwynvalur.comwynvalur.comIN A23.109.170.127wynvalur.comIN A23.109.170.59wynvalur.comIN A23.109.170.34wynvalur.comIN A23.109.170.153wynvalur.comIN A23.109.170.72wynvalur.comIN A94.242.236.130
-
Remote address:23.109.170.127:443RequestGET /rfyqNUZeNhlQOsnS1/42525 HTTP/1.1
Host: eq.avodireexcuser.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://fa.efek.stream/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:30:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://fa.efek.stream
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jU1OwzAYRPOfFprASDkAR3DSppAlC87AMnLsr8E0sSvHJOL2WEiwG8280QuCIKoeEK7ZHvEXb%2FE0sEEeBR1F3bXsxE9Nxy6MU8PppW3Pz2fs1dI7PkzkEuyWmVvXuzXBYSRNVoleGEkFHj3111y12XSCdLBcywLp7ImpQD5Ysy1kqxiJ5jMheZMj%2BZl%2FGouoa3xU2seQITJLFZd3yN%2BVlv5VHhDVrCyzAPe3ibuLsXOvZBYiHS2XhPAVO8EdjcZ%2BI5e0XJ25AWaS%2FT%2F%2FK423miGTtCrh3cZ9kP0BKYpNOQ%3D%3D; expires=Sat, 20-Apr-2024 09:30:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Set-Cookie: GL_GI10=eJwVxMEKgkAQBuCdCYxAhL98AJ9A3Dp5TcRD0ckeQFyRhZyRdev5q8P3GWM4T8F%2BRWZrW9rKlueqLi81aAZ3V%2FAoyJ7i4%2BSKm5fZ6QIK2LWPDhwE%2B1bm1yAONCK5qzgVkMex6%2Fui0WV5ix%2BH6FU28M%2Bh0bBqGOIEWhMCR%2F2%2FudyAPsnpC19iIto%3D; expires=Sat, 20-Apr-2024 09:30:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
-
Remote address:8.8.8.8:53Requestssl.p.jwpcdn.comIN AResponsessl.p.jwpcdn.comIN CNAMEjwplayer-dualstack.map.fastly.netjwplayer-dualstack.map.fastly.netIN A151.101.2.114jwplayer-dualstack.map.fastly.netIN A151.101.66.114jwplayer-dualstack.map.fastly.netIN A151.101.130.114jwplayer-dualstack.map.fastly.netIN A151.101.194.114
-
Remote address:8.8.8.8:53Requestssl.p.jwpcdn.comIN AResponsessl.p.jwpcdn.comIN CNAMEjwplayer-dualstack.map.fastly.netjwplayer-dualstack.map.fastly.netIN A151.101.2.114jwplayer-dualstack.map.fastly.netIN A151.101.66.114jwplayer-dualstack.map.fastly.netIN A151.101.130.114jwplayer-dualstack.map.fastly.netIN A151.101.194.114
-
Remote address:8.8.8.8:53Requestentitlements.jwplayer.comIN AResponseentitlements.jwplayer.comIN CNAMEcs386.wpc.edgecastcdn.netcs386.wpc.edgecastcdn.netIN A152.199.22.243
-
Remote address:8.8.8.8:53Requestentitlements.jwplayer.comIN AResponseentitlements.jwplayer.comIN CNAMEcs386.wpc.edgecastcdn.netcs386.wpc.edgecastcdn.netIN A152.199.22.243
-
Remote address:151.101.2.114:443RequestGET /player/v/8.8.2/jwplayer.core.controls.html5.js HTTP/2.0
host: ssl.p.jwpcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
last-modified: Fri, 29 Mar 2019 23:26:35 GMT
etag: "71040b81c44a237abf39e05c76451830"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 19 Apr 2024 09:30:31 GMT
via: 1.1 varnish
age: 1484492
x-served-by: cache-lcy-eglc8600044-LCY
x-cache: HIT
x-cache-hits: 1316
x-timer: S1713519032.800156,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 76169
-
Remote address:151.101.2.114:443RequestGET /player/v/8.8.2/related.js HTTP/2.0
host: ssl.p.jwpcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
last-modified: Fri, 29 Mar 2019 23:26:40 GMT
etag: "1583406067dd52c5312be4a9bd82cebd"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 19 Apr 2024 09:30:31 GMT
via: 1.1 varnish
age: 1231644
x-served-by: cache-lcy-eglc8600044-LCY
x-cache: HIT
x-cache-hits: 2651
x-timer: S1713519032.800702,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 26504
-
Remote address:152.199.22.243:443RequestGET /GCCG.json HTTP/2.0
host: entitlements.jwplayer.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://fa.efek.stream
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://fa.efek.stream/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 400
access-control-allow-origin: *
age: 41978
cache-control: max-age=1800, s-maxage=4680
content-type: application/json
date: Fri, 19 Apr 2024 09:30:31 GMT
last-modified: Thu, 18 Apr 2024 21:50:53 GMT
server: ECAcc (lhd/35D9)
x-cache: 400-HIT
content-length: 71
-
Remote address:8.8.8.8:53Request127.170.109.23.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request127.170.109.23.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request114.2.101.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request226.21.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request243.22.199.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request243.22.199.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestzukxd6fkxqn.comIN AResponsezukxd6fkxqn.comIN A103.224.182.251
-
Remote address:8.8.8.8:53Requestzukxd6fkxqn.comIN AResponsezukxd6fkxqn.comIN A103.224.182.251
-
Remote address:8.8.8.8:53Requestar5.newsales.sbsIN AResponsear5.newsales.sbsIN A37.27.25.150
-
Remote address:8.8.8.8:53Requestar5.newsales.sbsIN AResponsear5.newsales.sbsIN A37.27.25.150
-
Remote address:37.27.25.150:443RequestGET /stream/720/EwS8m4lCgp5asyI/__001 HTTP/2.0
host: ar5.newsales.sbs
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://fa.efek.stream/
accept-language: en-US,en;q=0.9
range: bytes=0-
ResponseHTTP/2.0 206
date: Fri, 19 Apr 2024 09:30:46 GMT
content-type: video/mp4
content-length: 658896145
accept-ranges: bytes
developed-by: CodySeller
content-disposition: attachment; filename="[FILMAPIK.info]-justice-league-dark-apokolips-war.mp4.mp4"
content-range: bytes 0-658896144/658896145
strict-transport-security: max-age=31536000
-
Remote address:8.8.8.8:53Request150.25.27.37.in-addr.arpaIN PTRResponse150.25.27.37.in-addr.arpaIN PTRstatic150252737clientsyour-serverde
-
Remote address:8.8.8.8:53Request150.25.27.37.in-addr.arpaIN PTRResponse150.25.27.37.in-addr.arpaIN PTRstatic150252737clientsyour-serverde
-
Remote address:8.8.8.8:53Requestfilmapik.proIN AResponse
-
Remote address:8.8.8.8:53Requestfilmapik.proIN AResponse
-
Remote address:8.8.8.8:53Request241.197.17.2.in-addr.arpaIN PTRResponse241.197.17.2.in-addr.arpaIN PTRa2-17-197-241deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request241.197.17.2.in-addr.arpaIN PTRResponse241.197.17.2.in-addr.arpaIN PTRa2-17-197-241deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
142.250.179.234:443https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.jstls, http2msedge.exe3.5kB 70.3kB 48 64
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js?ver=2.1.3HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js -
260 B 5
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=tls, http22.0kB 9.2kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ebc31a61c8cd4cdb9ce15b563e384880&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=HTTP Response
204 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
2.1kB 7.6kB 18 23
HTTP Request
GET https://image.filemanager.work/backdrop/backdrop-tt11079148.jpgHTTP Request
GET https://image.filemanager.work/poster/tt11079148.jpgHTTP Response
301HTTP Response
301HTTP Request
GET https://image.filemanager.work/poster/tt11079148.jpgHTTP Response
301 -
989 B 5.1kB 9 8
-
260 B 5
-
4.1kB 116.3kB 63 107
HTTP Request
GET https://filmapikofficial.com/backdrop/backdrop-tt11079148.jpgHTTP Request
GET https://filmapikofficial.com/poster/tt11079148.jpgHTTP Response
200HTTP Response
200HTTP Request
GET https://filmapikofficial.com/poster/tt11079148.jpgHTTP Response
200 -
989 B 4.7kB 9 7
-
468 B 1.7kB 7 6
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
260 B 5
-
6.3kB 168.2kB 87 141
HTTP Request
GET https://fa.efek.stream/v/EwS8m4lCgp5asyI/360&p=V0duL0ZrcVgrOWx5QlEyTXZmMjNMVm1GdlRSUjIwQk03enlxSHpzREZkb2ZXRDgrTmI4T1VybXJwcUZhZXAvSWpSWnFGSHR6ajlmYWd2VkZmMlFIZnc9PQ==HTTP Response
200HTTP Request
GET https://fa.efek.stream/theme/assets/css/player.css?v=1713518862HTTP Request
GET https://fa.efek.stream/file.js?v=4fsaHTTP Request
GET https://fa.efek.stream/jw/d.js?v=123HTTP Request
GET https://fa.efek.stream/jw/dai.js?v=123HTTP Request
GET https://fa.efek.stream/jw/freewheel.js?v=123HTTP Request
GET https://fa.efek.stream/jw/gapro.js?v=123HTTP Request
GET https://fa.efek.stream/jw/googima.js?v=123HTTP Request
GET https://fa.efek.stream/jw/jwpsrv.js?v=123HTTP Request
GET https://fa.efek.stream/jw/vast.js?v=123HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://fa.efek.stream/theme/static/icons/menu.pngHTTP Response
200HTTP Request
GET https://fa.efek.stream/uploads/HTTP Request
GET https://fa.efek.stream/stream/720/EwS8m4lCgp5asyI/__001HTTP Response
403HTTP Response
302 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
1.1kB 4.3kB 10 11
-
2.6kB 38.7kB 34 37
HTTP Request
GET https://code.jquery.com/jquery-3.5.1.min.jsHTTP Response
200 -
2.9kB 5.0kB 10 10
HTTP Request
GET https://eq.avodireexcuser.com/rfyqNUZeNhlQOsnS1/42525HTTP Response
200 -
989 B 5.6kB 9 10
-
4.1kB 112.1kB 64 89
HTTP Request
GET https://ssl.p.jwpcdn.com/player/v/8.8.2/jwplayer.core.controls.html5.jsHTTP Request
GET https://ssl.p.jwpcdn.com/player/v/8.8.2/related.jsHTTP Response
200HTTP Response
200 -
2.2kB 5.4kB 13 12
HTTP Request
GET https://entitlements.jwplayer.com/GCCG.jsonHTTP Response
400 -
31.6kB 1.8MB 663 1293
HTTP Request
GET https://ar5.newsales.sbs/stream/720/EwS8m4lCgp5asyI/__001HTTP Response
206
-
72 B 158 B 1 1
DNS Request
20.160.190.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
65 B 81 B 1 1
DNS Request
ajax.googleapis.com
DNS Response
142.250.179.234
-
53 B 69 B 1 1
DNS Request
s.w.org
DNS Response
192.0.77.48
-
60 B 76 B 1 1
DNS Request
go.oclasrv.com
DNS Response
139.45.197.237
-
74 B 113 B 1 1
DNS Request
234.179.250.142.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
21.114.53.23.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
60 B 76 B 1 1
DNS Request
go.oclasrv.com
DNS Response
139.45.197.237
-
456 B 7
-
60 B 76 B 1 1
DNS Request
inpagepush.com
DNS Response
139.45.197.237
-
60 B 76 B 1 1
DNS Request
inpagepush.com
DNS Response
139.45.197.237
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
68 B 100 B 1 1
DNS Request
image.filemanager.work
DNS Response
172.67.164.53104.21.34.195
-
66 B 98 B 1 1
DNS Request
filmapikofficial.com
DNS Response
172.67.223.237104.21.32.156
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
23.14.90.7323.14.90.91
-
72 B 134 B 1 1
DNS Request
53.164.67.172.in-addr.arpa
-
73 B 171 B 1 1
DNS Request
104.201.58.216.in-addr.arpa
-
73 B 135 B 1 1
DNS Request
237.223.67.172.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.90.14.23.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
216.197.17.2.in-addr.arpa
-
60 B 76 B 1 1
DNS Request
fa.efek.stream
DNS Response
111.90.158.170
-
61 B 77 B 1 1
DNS Request
zukxd6fkxqn.com
DNS Response
103.224.182.251
-
72 B 141 B 1 1
DNS Request
14.213.58.216.in-addr.arpa
-
73 B 103 B 1 1
DNS Request
170.158.90.111.in-addr.arpa
-
3.1kB 6.6kB 5 7
-
61 B 125 B 1 1
DNS Request
code.jquery.com
DNS Response
151.101.194.137151.101.66.137151.101.130.137151.101.2.137
-
148 B 268 B 2 2
DNS Request
137.194.101.151.in-addr.arpa
DNS Request
137.194.101.151.in-addr.arpa
-
134 B 372 B 2 2
DNS Request
eq.avodireexcuser.com
DNS Request
eq.avodireexcuser.com
DNS Response
23.109.170.12723.109.170.5923.109.170.3423.109.170.15323.109.170.7294.242.236.130
DNS Response
23.109.170.12723.109.170.5923.109.170.3423.109.170.15323.109.170.7294.242.236.130
-
124 B 346 B 2 2
DNS Request
ssl.p.jwpcdn.com
DNS Response
151.101.2.114151.101.66.114151.101.130.114151.101.194.114
DNS Request
ssl.p.jwpcdn.com
DNS Response
151.101.2.114151.101.66.114151.101.130.114151.101.194.114
-
142 B 252 B 2 2
DNS Request
entitlements.jwplayer.com
DNS Request
entitlements.jwplayer.com
DNS Response
152.199.22.243
DNS Response
152.199.22.243
-
146 B 292 B 2 2
DNS Request
127.170.109.23.in-addr.arpa
DNS Request
127.170.109.23.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
114.2.101.151.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
226.21.18.104.in-addr.arpa
-
146 B 288 B 2 2
DNS Request
243.22.199.152.in-addr.arpa
DNS Request
243.22.199.152.in-addr.arpa
-
122 B 154 B 2 2
DNS Request
zukxd6fkxqn.com
DNS Request
zukxd6fkxqn.com
DNS Response
103.224.182.251
DNS Response
103.224.182.251
-
124 B 156 B 2 2
DNS Request
ar5.newsales.sbs
DNS Request
ar5.newsales.sbs
DNS Response
37.27.25.150
DNS Response
37.27.25.150
-
142 B 254 B 2 2
DNS Request
150.25.27.37.in-addr.arpa
DNS Request
150.25.27.37.in-addr.arpa
-
116 B 280 B 2 2
DNS Request
filmapik.pro
DNS Request
filmapik.pro
-
142 B 270 B 2 2
DNS Request
241.197.17.2.in-addr.arpa
DNS Request
241.197.17.2.in-addr.arpa
-
144 B 316 B 2 2
DNS Request
48.229.111.52.in-addr.arpa
DNS Request
48.229.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
Filesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD539ef284ab795dfcd6aa5b0ed3729ce8c
SHA10fa8424399f64eb11b712af59c49be4aaee9164e
SHA256ae5834d22edd57d2971866682364a1e76e8655c23a042f1a6f197790b2c7dccb
SHA512da5bf7ca3dbd3d187d887c4298a7cb9d1c8144d2a8ceffe20866d90a5e9caea4ebe34f94347689e68b7ddf75fa7b3b88c4216c2d04f5280caf1c2fba8f920b20
-
Filesize
669B
MD5ba97292516906889e4f9abc53a81168a
SHA128da2ea6f5273090d068d38145e7252c679acd48
SHA2564bbe3a4713cbcc1d436eafbd68e8e5045f664a76bebfb388d1bcf63e55b077da
SHA512e585d53c7be0118ce679159874275feda6b2e6c5ac9c09240431d9df47e5679ed3e387802cba298bcdf73126fc730ed48e1ffc216af568b1874b0625f22708b8
-
Filesize
1KB
MD5b121cd41a14f5641e96fc8e4d08b47c1
SHA11ec351dfbf2cde57741d405a47522687a0363332
SHA256156c8c973d15460bd2cbde75f2b595dc42415a56897ce1b0e57da157d84b5358
SHA512f691161c211f376c8687fa9a52263b362ea1a992b4b07842569db2bc0e9572f1ac7d06ddf8cdbfdfbd2d58e32071ff2dfe82b8b3f1e6b88edcf5325cfc9590ae
-
Filesize
6KB
MD54b29005cfa93b9ae7aacec215bed82cd
SHA1868659b641bf4a2cb340fb38de18327dc48913dc
SHA256276e65dda827da07976ee850dd6dbce71976a0848db570c45abd09a4c8d95343
SHA512966b3d20100878b1ebe5aa2ba616caca03fb57abd251a77e0335a39ce59dc51051a3e6e83518c93fff4c2c34604fe4c04bdb503e93b6150cac57717d59881b67
-
Filesize
6KB
MD5bdb064dba3d4deef9447dcb589d15cb4
SHA147c16c1a0cabab909454d235456c6327e641e29e
SHA2564d04aaeba28e57d18687bcfc136a69ed1c299e85aa135de11118c0e685d3f646
SHA512d7a55a3e53ecca05e6c7068b681a8e1486ba6eaa604ba35be3a6742168733e78e0648f61c736060b7eabf375f46b593df4e32ff089850f7db2b5fb566046837b
-
Filesize
874B
MD5af5c7d02344f2eaf2717fb5081b8ce2a
SHA183d02caf6ddf802f2d2d235077a1038f278f57c2
SHA2568a896afeecb322dbf055d77fa26a1de627a3aae33a988d4cb98d0f69d660ed2b
SHA5128d32bfbd467c73acb76f50b84a7b84999ae1cd07263b276def34f2d1b294669f47d1acf35856fa0cb4aab7bd15aa934ee15b24b7ef9a80054e23a8d343cecaa5
-
Filesize
706B
MD5ee8f06b3fe0cbe9a45121b1d8122c96c
SHA1eb9271f2eb61a5c7cd885b2a1dace4ffdbcdcb41
SHA256c393fa3cf89454858dd92e19b694cef702d0358ea3caf5bae362020aa919a8ca
SHA5122ffe17b9e9486c5854cc2f0d0f6ec4c8ce086726f3ea27a3520b826b410e87276c7bbd783a48eeb23f161297c843063577b700ca51256688d549eb5211da3cf9
-
Filesize
203B
MD5a4f9cf315c638db70074ed9c81859dab
SHA107899605d3286c40e9668161761ea3b1d61f56ad
SHA256fa743f2d5367143da821542789f70e792b7948dd960c8d313c3329debb000939
SHA512102217f0d021d17162aa488616c8fda34ee7028e95086cd5b2c59f96602f6cfa3e466821579ae26aa6c458fab63289bc2a5528d30cb39e76daa4397f37f24085
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD592500ceeca34f16feb0177f9dcd16bca
SHA130c9cbcc3acca364963f0098198a2a46a588abb3
SHA256d365da937b0583d694f2eff6af7e1c71818f1686d38b31bac687cf465067bded
SHA512d0571f636c18af9b910695570a1b63f0517209cc002d39ed3b86536919bbf9e7c4f84700fc5dddac24707a6af33b661719765d50484af519be7311f69c4abf1f