0d4b26740ab885dea3c0a85cdf6d78eaff7189370da657fe8888781eb739b33e

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 12:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html
Size

266KB
MD5

0e7b3c1c18d526864359a4d866324f34
SHA1

189b21f4bf467f997e979ea960393e79720c041b
SHA256

0d4b26740ab885dea3c0a85cdf6d78eaff7189370da657fe8888781eb739b33e
SHA512

0cca469731091b76ead6a470e260e83c0d91d8f5a1da362b4a24ee2b22f1787c8b6411a25e3962f59788dfff3a88e161ee2e1e1b9611a8a677e8a3de6c670b29
SSDEEP

6144:N1WcJEJpQJMPB9ErL8wQvtK3pzOm/P/UWtBiuQiCHVptnTpyglfz4Va+tMZrFWj3:N1VJEJpQJMPB9ErL8wQvtopzOm/P/UW9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
4508	msedge.exe
4508	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 740	4508	msedge.exe	85
PID 4508 wrote to memory of 740	4508	msedge.exe	85
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 3608	4508	msedge.exe	86
PID 4508 wrote to memory of 640	4508	msedge.exe	87
PID 4508 wrote to memory of 640	4508	msedge.exe	87
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88
PID 4508 wrote to memory of 4688	4508	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdbec46f8,0x7ffcdbec4708,0x7ffcdbec4718
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4858169501216038761,8318780480402956132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

Network

DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
GET

http://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto+Slab

msedge.exe

Remote address:

172.217.16.234:80

Request

GET /css?family=Open+Sans:400,600,700|Roboto+Slab HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 02 May 2024 12:19:47 GMT
Date: Thu, 02 May 2024 12:19:47 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Thu, 02 May 2024 12:19:47 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Merriweather+Sans|Roboto+Slab

msedge.exe

Remote address:

172.217.16.234:80

Request

GET /css?family=Merriweather+Sans|Roboto+Slab HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 02 May 2024 12:19:47 GMT
Date: Thu, 02 May 2024 12:19:47 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Thu, 02 May 2024 12:19:47 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

172.217.16.234
DNS

yourjavascript.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yourjavascript.com

IN A

Response

yourjavascript.com

IN A

13.248.169.48

yourjavascript.com

IN A

76.223.54.146
DNS

googledrive.com

msedge.exe

Remote address:

8.8.8.8:53

Request

googledrive.com

IN A

Response

googledrive.com

IN A

142.250.187.193
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
GET

http://yourjavascript.com/013120251122/tabview.js

msedge.exe

Remote address:

13.248.169.48:80

Request

GET /013120251122/tabview.js HTTP/1.1
Host: yourjavascript.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Thu, 02 May 2024 12:19:47 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://googledrive.com/host/0Bz224B65C3O2WEJwMkt2LXA0TlU

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /host/0Bz224B65C3O2WEJwMkt2LXA0TlU HTTP/2.0
host: googledrive.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://googledrive.com/host/0Bz224B65C3O2WEJwMkt2LXA0TlU

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /host/0Bz224B65C3O2WEJwMkt2LXA0TlU HTTP/2.0
host: googledrive.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

netdna.bootstrapcdn.com

Remote address:

8.8.8.8:53

Request

netdna.bootstrapcdn.com

IN A

Response

netdna.bootstrapcdn.com

IN A

104.18.11.207

netdna.bootstrapcdn.com

IN A

104.18.10.207
GET

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

msedge.exe

Remote address:

172.217.16.234:443

Request

GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

msedge.exe

Remote address:

216.58.212.227:80

Request

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 48236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 27 Apr 2024 01:23:34 GMT
Expires: Sun, 27 Apr 2025 01:23:34 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Dec 2023 02:08:40 GMT
Content-Type: font/woff2
Age: 471373
GET

http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4ViesH.woff2

msedge.exe

Remote address:

216.58.212.227:80

Request

GET /s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4ViesH.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 16980
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 01 May 2024 12:36:00 GMT
Expires: Thu, 01 May 2025 12:36:00 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 27 Apr 2023 00:13:26 GMT
Content-Type: font/woff2
Age: 85449
DNS

feedjit.com

msedge.exe

Remote address:

8.8.8.8:53

Request

feedjit.com

IN A

Response
DNS

s7.addthis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

104.64.162.56
DNS

lh5.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh5.googleusercontent.com

IN A

Response

lh5.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.9
DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.9
DNS

webpulse.com.br

msedge.exe

Remote address:

8.8.8.8:53

Request

webpulse.com.br

IN A

Response

webpulse.com.br

IN A

50.116.94.95
GET

http://s7.addthis.com/js/250/addthis_widget.js

msedge.exe

Remote address:

104.64.162.56:80

Request

GET /js/250/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 308 Permanent Redirect

Server: nginx/1.15.8
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/250/addthis_widget.js
Date: Thu, 02 May 2024 12:19:47 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
GET

http://4.bp.blogspot.com/-sAHwiiFwt2g/WADjPqyrsfI/AAAAAAAAAGs/FUEx6OSHawsnW2d4K44D1SwdVQ9-2kRSQCK4B/s1600/40%2Bx%2B60%2B%253D10%2Bcopy.jpg

msedge.exe

Remote address:

142.250.178.1:80

Request

GET /-sAHwiiFwt2g/WADjPqyrsfI/AAAAAAAAAGs/FUEx6OSHawsnW2d4K44D1SwdVQ9-2kRSQCK4B/s1600/40%2Bx%2B60%2B%253D10%2Bcopy.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="40 x 60 =10 copy.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 188553
X-XSS-Protection: 0
Date: Thu, 02 May 2024 12:19:46 GMT
Expires: Fri, 03 May 2024 12:19:46 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v6e"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

https://4.bp.blogspot.com/-Ut-fLeb-1Z4/UA-1nKle5CI/AAAAAAAAACc/FndVLNfLZw0/w72-h72-p-k-nu/long-may.jpg

msedge.exe

Remote address:

142.250.178.1:443

Request

GET /-Ut-fLeb-1Z4/UA-1nKle5CI/AAAAAAAAACc/FndVLNfLZw0/w72-h72-p-k-nu/long-may.jpg HTTP/2.0
host: 4.bp.blogspot.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh5.googleusercontent.com/-ObCGpcQDQDk/T35aQPPWQMI/AAAAAAAAAPA/8iDyiJ07n3Y/s48/top.gif

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-ObCGpcQDQDk/T35aQPPWQMI/AAAAAAAAAPA/8iDyiJ07n3Y/s48/top.gif HTTP/2.0
host: lh5.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh5.googleusercontent.com/-mZIfXp3qmSM/T35aP6jrhtI/AAAAAAAAAO0/Dda_pbetGyE/s48/ting.gif

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-mZIfXp3qmSM/T35aP6jrhtI/AAAAAAAAAO0/Dda_pbetGyE/s48/ting.gif HTTP/2.0
host: lh5.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/127631110-widgets.js

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /static/v1/widgets/127631110-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.179.238:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 02 May 2024 11:18:56 GMT
Expires: Thu, 02 May 2024 13:18:56 GMT
Cache-Control: public, max-age=7200
Age: 3651
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://lh4.googleusercontent.com/-HQASFJRYdd0/T35aO4vWfrI/AAAAAAAAAOo/WtpQMguYPLs/s48/back.gif

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-HQASFJRYdd0/T35aO4vWfrI/AAAAAAAAAOo/WtpQMguYPLs/s48/back.gif HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh4.googleusercontent.com/-HW6-lwAajuU/T35aO55KD8I/AAAAAAAAAOs/uWG9m072otc/s48/gun.gif

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-HW6-lwAajuU/T35aO55KD8I/AAAAAAAAAOs/uWG9m072otc/s48/gun.gif HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh4.googleusercontent.com/-i00crAzVJK0/T35aO5nmNdI/AAAAAAAAAOw/t0BCAeUQZbY/s48/end.gif

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-i00crAzVJK0/T35aO5nmNdI/AAAAAAAAAOw/t0BCAeUQZbY/s48/end.gif HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://s7.addthis.com/js/250/addthis_widget.js

msedge.exe

Remote address:

104.64.162.56:443

Request

GET /js/250/addthis_widget.js HTTP/2.0
host: s7.addthis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/plain
content-length: 16
server: Oracle API Gateway
strict-transport-security: max-age=31536000
opc-request-id: /29FDDA545D823881F0B41C2B1588E7C3/8E7B0AD92344CA094B42C94977C1BDCD
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
date: Thu, 02 May 2024 12:19:47 GMT
x-distribution: 99
x-host: s7.addthis.com
GET

http://webpulse.com.br/flexmenu/img/texture.png

msedge.exe

Remote address:

50.116.94.95:80

Request

GET /flexmenu/img/texture.png HTTP/1.1
Host: webpulse.com.br
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 02 May 2024 12:19:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Sun, 14 Apr 2019 15:21:28 GMT
Accept-Ranges: bytes
Content-Length: 3555
Content-Type: image/png
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1101e100net

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f14�J

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�J
DNS

193.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.187.250.142.in-addr.arpa

IN PTR

Response

193.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f11e100net
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f31e100net

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f3�H

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f227�H
DNS

48.169.248.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.169.248.13.in-addr.arpa

IN PTR

Response

48.169.248.13.in-addr.arpa

IN PTR

a904c694c05102f30awsglobalacceleratorcom
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f971e100net

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f1�H

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1�H
DNS

9.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.200.250.142.in-addr.arpa

IN PTR

Response

9.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f91e100net
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

56.162.64.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.162.64.104.in-addr.arpa

IN PTR

Response

56.162.64.104.in-addr.arpa

IN PTR

a104-64-162-56deploystaticakamaitechnologiescom
DNS

netdna.bootstrapcdn.com

Remote address:

8.8.8.8:53

Request

netdna.bootstrapcdn.com

IN A

Response

netdna.bootstrapcdn.com

IN A

104.18.11.207

netdna.bootstrapcdn.com

IN A

104.18.10.207
DNS

95.94.116.50.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.94.116.50.in-addr.arpa

IN PTR

Response

95.94.116.50.in-addr.arpa

IN PTR

romanlaufercom
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.72:443

Request

GET /th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1463
date: Thu, 02 May 2024 12:19:49 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.443d3e17.1714652389.d2dc478
DNS

72.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.61.62.23.in-addr.arpa

IN PTR

Response

72.61.62.23.in-addr.arpa

IN PTR

a23-62-61-72deploystaticakamaitechnologiescom
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

jqueryapi.info

msedge.exe

Remote address:

8.8.8.8:53

Request

jqueryapi.info

IN A

Response

jqueryapi.info

IN A

45.56.79.23

jqueryapi.info

IN A

198.58.118.167

jqueryapi.info

IN A

45.33.23.183

jqueryapi.info

IN A

96.126.123.244

jqueryapi.info

IN A

45.79.19.196

jqueryapi.info

IN A

45.33.2.79

jqueryapi.info

IN A

173.255.194.134

jqueryapi.info

IN A

72.14.185.43

jqueryapi.info

IN A

45.33.18.44

jqueryapi.info

IN A

45.33.30.197

jqueryapi.info

IN A

72.14.178.174

jqueryapi.info

IN A

45.33.20.235
GET

http://jqueryapi.info/?getsrc=ok&ref=&url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html

msedge.exe

Remote address:

45.56.79.23:80

Request

GET /?getsrc=ok&ref=&url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html HTTP/1.1
Host: jqueryapi.info
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: openresty/1.13.6.1
date: Thu, 02 May 2024 12:20:09 GMT
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
connection: close
DNS

freeonetemplate.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

freeonetemplate.blogspot.com

IN A

Response

freeonetemplate.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

216.58.201.97
GET

http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4VhusH3xE.woff2

msedge.exe

Remote address:

216.58.212.227:80

Request

GET /s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4VhusH3xE.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 6056
Date: Thu, 02 May 2024 12:20:09 GMT
Expires: Fri, 02 May 2025 12:20:09 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 27 Apr 2023 00:34:33 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
GET

http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

msedge.exe

Remote address:

216.58.212.227:80

Request

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 16552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 26 Apr 2024 01:04:32 GMT
Expires: Sat, 26 Apr 2025 01:04:32 GMT
Cache-Control: public, max-age=31536000
Age: 558937
Last-Modified: Thu, 14 Dec 2023 02:08:40 GMT
Content-Type: font/woff2
GET

http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4Vh-sH3xE.woff2

msedge.exe

Remote address:

216.58.212.227:80

Request

GET /s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4Vh-sH3xE.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 16380
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 01 May 2024 17:07:04 GMT
Expires: Thu, 01 May 2025 17:07:04 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 27 Apr 2023 00:28:29 GMT
Content-Type: font/woff2
Age: 69185
GET

http://freeonetemplate.blogspot.com//feeds/posts/summary/-/Paradigma?max-results=7&orderby=published&alt=json-in-script&callback=jQuery172005941631048470364_1714652386034&_=1714652408343

msedge.exe

Remote address:

216.58.201.97:80

Request

GET //feeds/posts/summary/-/Paradigma?max-results=7&orderby=published&alt=json-in-script&callback=jQuery172005941631048470364_1714652386034&_=1714652408343 HTTP/1.1
Host: freeonetemplate.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Date: Thu, 02 May 2024 12:20:09 GMT
Server: Blogger Render Server 1.0
Content-Length: 3189
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14
GET

https://www.youtube.com/embed/YqVcChC6vi8

msedge.exe

Remote address:

172.217.16.238:443

Request

GET /embed/YqVcChC6vi8 HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

embed.tawk.to

msedge.exe

Remote address:

8.8.8.8:53

Request

embed.tawk.to

IN A

Response

embed.tawk.to

IN A

172.67.38.66

embed.tawk.to

IN A

104.22.24.131

embed.tawk.to

IN A

104.22.25.131
DNS

1-open-opensocial.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1-open-opensocial.googleusercontent.com

IN A

Response

1-open-opensocial.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
GET

https://embed.tawk.to/56a1be1187faab5426897ea4/default

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /56a1be1187faab5426897ea4/default HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:20:10 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-6625f366c87"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f6b8e92b63aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /_s/v4/app/6625f366c87/js/twk-main.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878248
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e36b7f63aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /_s/v4/app/6625f366c87/js/twk-vendor.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"3b341e35b39f6195793ecaf5db7c1d63"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878248
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e36b8363aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-vendors.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"5ff5b56dd253d3fd717915b2773593d3"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878248
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e36b8563aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-common.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"d1dc816c161b3a7313b3d42f478f140a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878248
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e36b8663aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /_s/v4/app/6625f366c87/js/twk-runtime.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"1c73b4eb89bbe24ecf154b671ddbcafc"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878248
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e36b8463aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /_s/v4/app/6625f366c87/js/twk-app.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878248
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e36b8863aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
OPTIONS

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

172.67.38.66:443

Request

OPTIONS /v1/session/start HTTP/2.0
host: va.tawk.to
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: null
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:38 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-c61l
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e43c8763aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://va.tawk.to/v1/widget-settings?propertyId=56a1be1187faab5426897ea4&widgetId=default&sv=null

msedge.exe

Remote address:

172.67.38.66:443

Request

GET /v1/widget-settings?propertyId=56a1be1187faab5426897ea4&widgetId=default&sv=null HTTP/2.0
host: va.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:39 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-hdlb
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-methods: GET,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, max-age=7200, s-maxage=1800
etag: W/"2-10-0"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e43c8a63aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
OPTIONS

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

172.67.38.66:443

Request

OPTIONS /v1/session/start HTTP/2.0
host: va.tawk.to
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-tawk-token
origin: null
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:41 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-8tfz
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8f3d80163aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
OPTIONS

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

172.67.38.66:443

Request

OPTIONS /v1/session/start HTTP/2.0
host: va.tawk.to
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-tawk-token
origin: null
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:42 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-cxkz
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8fb7ab363aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
OPTIONS

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

172.67.38.66:443

Request

OPTIONS /v1/session/start HTTP/2.0
host: va.tawk.to
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-tawk-token
origin: null
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:43 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-cxkz
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f9037dbe63aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
OPTIONS

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

172.67.38.66:443

Request

OPTIONS /v1/session/start HTTP/2.0
host: va.tawk.to
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-tawk-token
origin: null
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:45 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-8tfz
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f90be89d63aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
OPTIONS

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

172.67.38.66:443

Request

OPTIONS /v1/session/start HTTP/2.0
host: va.tawk.to
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-tawk-token
origin: null
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:46 GMT
content-type: text/html; charset=utf-8
x-served-by: visitor-application-preemptive-9mg9
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
cache-control: public, s-maxage=600, max-age=600
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f9171fa863aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

developers.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

172.217.169.78
GET

http://developers.google.com/

msedge.exe

Remote address:

172.217.169.78:80

Request

GET / HTTP/1.1
Host: developers.google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: 6459b5ecc010e005ed911716a4161f61
Date: Thu, 02 May 2024 12:20:09 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
DNS

platform.stumbleupon.com

msedge.exe

Remote address:

8.8.8.8:53

Request

platform.stumbleupon.com

IN A

Response
GET

http://1-open-opensocial.googleusercontent.com/gadgets/ifr?v=1f57dd46cd29573d1d2869e0fd296d8e&container=open&view=home&debug=0&mid=1&lang=all&url=http://www.xemngay.com/gadget.aspx&country=ALL&source=

msedge.exe

Remote address:

216.58.201.97:80

Request

GET /gadgets/ifr?v=1f57dd46cd29573d1d2869e0fd296d8e&container=open&view=home&debug=0&mid=1&lang=all&url=http://www.xemngay.com/gadget.aspx&country=ALL&source= HTTP/1.1
Host: 1-open-opensocial.googleusercontent.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 500 Internal Server Error

P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 02 May 2024 12:20:10 GMT
Expires: Thu, 02 May 2024 12:20:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 52
Server: GSE
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246
GET

https://i.ytimg.com/vi_webp/YqVcChC6vi8/hqdefault.webp

msedge.exe

Remote address:

142.250.200.22:443

Request

GET /vi_webp/YqVcChC6vi8/hqdefault.webp HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://developers.google.com/

msedge.exe

Remote address:

172.217.169.78:443

Request

GET / HTTP/2.0
host: developers.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

209.85.203.84
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

23.79.56.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.79.56.45.in-addr.arpa

IN PTR

Response

23.79.56.45.in-addr.arpa

IN PTR

li929-23memberslinodecom
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

66.38.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.38.67.172.in-addr.arpa

IN PTR

Response
DNS

78.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

22.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.200.250.142.in-addr.arpa

IN PTR

Response

22.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f221e100net
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
GET

https://googleads.g.doubleclick.net/pagead/id

msedge.exe

Remote address:

216.58.201.98:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.180.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

msedge.exe

Remote address:

142.250.180.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

msedge.exe

Remote address:

142.250.180.3:443

Request

GET /cv/js/sender/v1/cast_sender.js HTTP/2.0
host: www.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.180.6
GET

https://static.doubleclick.net/instream/ad_status.js

msedge.exe

Remote address:

142.250.180.6:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

yt3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

142.250.187.234:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AIdro_lzGuZed6OW3mj7lO9yeUwBUxORy27ouyCjdyZNuzssLw=s68-c-k-c0x00ffffff-no-rj

msedge.exe

Remote address:

142.250.178.1:443

Request

GET /ytc/AIdro_lzGuZed6OW3mj7lO9yeUwBUxORy27ouyCjdyZNuzssLw=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/th/-aHqd6-BO3_mjJT7ECguOU3P98pnfei3uuRpfk-xhaw.js

msedge.exe

Remote address:

142.250.178.4:443

Request

GET /js/th/-aHqd6-BO3_mjJT7ECguOU3P98pnfei3uuRpfk-xhaw.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

84.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.203.85.209.in-addr.arpa

IN PTR

Response

84.203.85.209.in-addr.arpa

IN PTR

dh-in-f841e100net
DNS

98.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.201.58.216.in-addr.arpa

IN PTR

Response

98.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f21e100net

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f98�G

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f2�G
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

6.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.180.250.142.in-addr.arpa

IN PTR

Response

6.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f61e100net
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

139.53.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.53.16.96.in-addr.arpa

IN PTR

Response

139.53.16.96.in-addr.arpa

IN PTR

a96-16-53-139deploystaticakamaitechnologiescom
DNS

widgets.amung.us

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

104.22.75.171

widgets.amung.us

IN A

104.22.74.171

widgets.amung.us

IN A

172.67.8.141
DNS

widgets.amung.us

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

104.22.75.171

widgets.amung.us

IN A

104.22.74.171

widgets.amung.us

IN A

172.67.8.141
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

platform.twitter.com

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

cs472.wac.edgecastcdn.net

cs472.wac.edgecastcdn.net

IN CNAME

cs1-apr-8315.wac.edgecastcdn.net

cs1-apr-8315.wac.edgecastcdn.net

IN CNAME

wac.apr-8315.edgecastdns.net

wac.apr-8315.edgecastdns.net

IN CNAME

cs1-lb-eu.8315.ecdns.net

cs1-lb-eu.8315.ecdns.net

IN CNAME

cs41.wac.edgecastcdn.net

cs41.wac.edgecastcdn.net

IN A

93.184.220.66
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

48.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.251.17.2.in-addr.arpa

IN PTR

Response

48.251.17.2.in-addr.arpa

IN PTR

a2-17-251-48deploystaticakamaitechnologiescom
DNS

platform.twitter.com

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

platform.twitter.map.fastly.net

platform.twitter.map.fastly.net

IN A

151.101.8.157
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388067_10M827BSAV5684WY4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239339388067_10M827BSAV5684WY4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 473680
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B187C43CD10B4692869472DAA099D924 Ref B: LON04EDGE0611 Ref C: 2024-05-02T12:21:27Z
date: Thu, 02 May 2024 12:21:27 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388066_1AA9APVCK1AKO8GXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239339388066_1AA9APVCK1AKO8GXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 931905
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F450F5E214E646378CD41C97D7D264C7 Ref B: LON04EDGE0611 Ref C: 2024-05-02T12:21:27Z
date: Thu, 02 May 2024 12:21:27 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 974623
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 31BC2EE306D546B3858E29441F58E14B Ref B: LON04EDGE0611 Ref C: 2024-05-02T12:21:27Z
date: Thu, 02 May 2024 12:21:27 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 329579
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3DDD5BC32C24BAF94FF290843E89141 Ref B: LON04EDGE0611 Ref C: 2024-05-02T12:21:27Z
date: Thu, 02 May 2024 12:21:27 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 502729
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D9F59C6F11914B148C6AC95B2B3C829C Ref B: LON04EDGE0611 Ref C: 2024-05-02T12:21:27Z
date: Thu, 02 May 2024 12:21:27 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 381531
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F841297B6C804016ABC865EC6A0838BF Ref B: LON04EDGE0611 Ref C: 2024-05-02T12:21:28Z
date: Thu, 02 May 2024 12:21:27 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
DNS

www.tuvisomenh.org

msedge.exe

Remote address:

8.8.8.8:53

Request

www.tuvisomenh.org

IN A

Response

www.tuvisomenh.org

IN CNAME

ghs.google.com

ghs.google.com

IN A

142.250.187.211
DNS

www.tuvisomenh.org

msedge.exe

Remote address:

8.8.8.8:53

Request

www.tuvisomenh.org

IN A

Response

www.tuvisomenh.org

IN CNAME

ghs.google.com

ghs.google.com

IN A

142.250.187.211
DNS

va.tawk.to

msedge.exe

Remote address:

8.8.8.8:53

Request

va.tawk.to

IN A

Response

va.tawk.to

IN A

104.22.25.131

va.tawk.to

IN A

104.22.24.131

va.tawk.to

IN A

172.67.38.66
POST

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

104.22.25.131:443

Request

POST /v1/session/start HTTP/2.0
host: va.tawk.to
content-length: 244
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json; charset=utf-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:39 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"d81fc1e3435374600ca4e2b12286a82b"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878235
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e6ffe40eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/languages/vi.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/languages/vi.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-zzxf
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8e5ade70eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"6bf62c737dec7d16542425992be5986c"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: MISS
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef8bf70eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"4f773fe8050dcfd8fd096e061eed08a7"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: MISS
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef9bff0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"838903127a65ec440893b4945c40ca4a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef9bfd0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"70aec2dd89cac4933594c25b71d61f46"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef8bf50eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"44934d48f839e3143311bc044e6e0d89"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: MISS
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878255
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef9c090eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"c506281367048d4a134c9affbc68c8c6"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: MISS
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef9c040eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"2c0a34eb401cadf7cbff6278fee2648e"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: MISS
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef9bfc0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 05:20:13 GMT
etag: W/"1c5ecf371149feca23bd895ba9dfec4d"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8ef9c020eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/css/min-widget.css

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/css/min-widget.css HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=24831
access-control-allow-origin: *
etag: W/"5742a34aaab2a5983c7c11cdeef1c0ee"
last-modified: Mon, 22 Apr 2024 05:20:12 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: MISS
cf-cache-status: HIT
age: 878256
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8f02cae0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/css/message-preview.css

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/css/message-preview.css HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=40905
access-control-allow-origin: *
etag: W/"7060c2e317491c949f29253a1286dad2"
last-modified: Mon, 22 Apr 2024 05:20:12 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
age: 878255
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8f02cb00eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/css/bubble-widget.css

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/css/bubble-widget.css HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=13594
access-control-allow-origin: *
etag: W/"ce7913b80c763449b3895d46419f7a6b"
last-modified: Mon, 22 Apr 2024 05:20:12 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: MISS
cf-cache-status: HIT
age: 878255
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8f04ceb0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://embed.tawk.to/_s/v4/app/6625f366c87/css/max-widget.css

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /_s/v4/app/6625f366c87/css/max-widget.css HTTP/2.0
host: embed.tawk.to
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:40 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=78232
access-control-allow-origin: *
etag: W/"05d886069cda40a8e20243d226b04764"
last-modified: Mon, 22 Apr 2024 05:20:12 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: MISS
cf-cache-status: HIT
age: 878255
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8f04cee0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

104.22.25.131:443

Request

POST /v1/session/start HTTP/2.0
host: va.tawk.to
content-length: 374
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
x-tawk-token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json; charset=utf-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:41 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-9mg9
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8f64b600eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

104.22.25.131:443

Request

POST /v1/session/start HTTP/2.0
host: va.tawk.to
content-length: 374
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
x-tawk-token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json; charset=utf-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:42 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-7m9l
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f8fc7a350eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

104.22.25.131:443

Request

POST /v1/session/start HTTP/2.0
host: va.tawk.to
content-length: 374
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
x-tawk-token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json; charset=utf-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:44 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-9mg9
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f904dac90eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

104.22.25.131:443

Request

POST /v1/session/start HTTP/2.0
host: va.tawk.to
content-length: 374
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
x-tawk-token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json; charset=utf-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:46 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-nzbp
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f90eee5c0eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://va.tawk.to/v1/session/start

msedge.exe

Remote address:

104.22.25.131:443

Request

POST /v1/session/start HTTP/2.0
host: va.tawk.to
content-length: 374
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
x-tawk-token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json; charset=utf-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 02 May 2024 12:21:47 GMT
content-type: application/json
x-served-by: visitor-application-preemptive-2r9x
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87d7f91888880eb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

http://www.tuvisomenh.org/favicon.ico

msedge.exe

Remote address:

142.250.187.211:80

Request

GET /favicon.ico HTTP/1.1
Host: www.tuvisomenh.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.tuvisomenh.org/favicon.ico
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 02 May 2024 12:21:39 GMT
Expires: Thu, 02 May 2024 12:21:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 201
Server: GSE
GET

https://www.tuvisomenh.org/favicon.ico

msedge.exe

Remote address:

142.250.187.211:443

Request

GET /favicon.ico HTTP/2.0
host: www.tuvisomenh.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

131.25.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.25.22.104.in-addr.arpa

IN PTR

Response
DNS

211.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.187.250.142.in-addr.arpa

IN PTR

Response

211.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f191e100net
DNS

vsa98.tawk.to

msedge.exe

Remote address:

8.8.8.8:53

Request

vsa98.tawk.to

IN A

Response

vsa98.tawk.to

IN A

104.22.25.131

vsa98.tawk.to

IN A

104.22.24.131

vsa98.tawk.to

IN A

172.67.38.66
GET

https://vsa98.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGCqv

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGCqv HTTP/1.1
Host: vsa98.tawk.to
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: TjqUt4oLYbi5RSIkkivzpw==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Date: Thu, 02 May 2024 12:21:40 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: HA2U2hjnl1uYBT8/jSeels7YqsU=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87d7f8f02c629fd8-AMS
alt-svc: h3=":443"; ma=86400
DNS

cdn.jsdelivr.net

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.193.229
GET

https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js

msedge.exe

Remote address:

151.101.1.229:443

Request

GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
content-encoding: br
accept-ranges: bytes
date: Thu, 02 May 2024 12:21:40 GMT
age: 3062588
x-served-by: cache-fra-eddf8230136-FRA, cache-lcy-eglc8600045-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 41275
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR

Response
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
DNS

vsa91.tawk.to

msedge.exe

Remote address:

8.8.8.8:53

Request

vsa91.tawk.to

IN A

Response

vsa91.tawk.to

IN A

104.22.25.131

vsa91.tawk.to

IN A

172.67.38.66

vsa91.tawk.to

IN A

104.22.24.131
GET

https://vsa91.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGD8C

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGD8C HTTP/1.1
Host: vsa91.tawk.to
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: 5rYnMlfOtiKhZ8X6JXEi3g==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Date: Thu, 02 May 2024 12:21:42 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: Jrjhk3IV2TcGgMq2ViJNB68JGWo=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87d7f8f7cf74655d-AMS
alt-svc: h3=":443"; ma=86400
GET

https://vsa91.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDSn

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDSn HTTP/1.1
Host: vsa91.tawk.to
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: IDdCfviQsSzL5MVPOeiuxA==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Date: Thu, 02 May 2024 12:21:43 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: Hh769MZrKOwm+8d3TapbVC0zIJw=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87d7f8ffdb3d0b5c-AMS
alt-svc: h3=":443"; ma=86400
DNS

vsa42.tawk.to

msedge.exe

Remote address:

8.8.8.8:53

Request

vsa42.tawk.to

IN A

Response

vsa42.tawk.to

IN A

104.22.24.131

vsa42.tawk.to

IN A

172.67.38.66

vsa42.tawk.to

IN A

104.22.25.131
GET

https://vsa42.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDnE

msedge.exe

Remote address:

104.22.24.131:443

Request

GET /s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDnE HTTP/1.1
Host: vsa42.tawk.to
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: x/j6pwXfZ+YXhQ51mc2BbA==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Date: Thu, 02 May 2024 12:21:44 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: Uy9ShoKcHEaA1+YmkXHeSfHjvXQ=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87d7f9083ed706c2-AMS
alt-svc: h3=":443"; ma=86400
DNS

vsa11.tawk.to

msedge.exe

Remote address:

8.8.8.8:53

Request

vsa11.tawk.to

IN A

Response

vsa11.tawk.to

IN A

104.22.25.131

vsa11.tawk.to

IN A

172.67.38.66

vsa11.tawk.to

IN A

104.22.24.131
GET

https://vsa11.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGED8

msedge.exe

Remote address:

104.22.25.131:443

Request

GET /s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGED8 HTTP/1.1
Host: vsa11.tawk.to
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: BvoiKfvtSSRWLLjFz4J/Bw==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Date: Thu, 02 May 2024 12:21:46 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: r+t7S7OIPFxwmsjo2mqcfWM1Cfc=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87d7f9136d2d1ed6-AMS
alt-svc: h3=":443"; ma=86400
DNS

131.24.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.24.22.104.in-addr.arpa

IN PTR

Response

172.217.16.234:80

http://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto+Slab

http

msedge.exe

728 B
2.8kB
8
8

HTTP Request

GET http://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto+Slab

HTTP Response

200
172.217.16.234:80

http://fonts.googleapis.com/css?family=Merriweather+Sans|Roboto+Slab

http

msedge.exe

678 B
1.7kB
7
7

HTTP Request

GET http://fonts.googleapis.com/css?family=Merriweather+Sans|Roboto+Slab

HTTP Response

200
13.248.169.48:80

http://yourjavascript.com/013120251122/tabview.js

http

msedge.exe

552 B
431 B
5
4

HTTP Request

GET http://yourjavascript.com/013120251122/tabview.js

HTTP Response

200
216.58.201.110:443

https://apis.google.com/js/plusone.js

tls, http2

msedge.exe

2.5kB
29.6kB
32
32

HTTP Request

GET https://apis.google.com/js/plusone.js
142.250.187.193:443

https://googledrive.com/host/0Bz224B65C3O2WEJwMkt2LXA0TlU

tls, http2

msedge.exe

2.2kB
15.0kB
22
26

HTTP Request

GET https://googledrive.com/host/0Bz224B65C3O2WEJwMkt2LXA0TlU

HTTP Request

GET https://googledrive.com/host/0Bz224B65C3O2WEJwMkt2LXA0TlU
172.217.16.234:443

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

tls, http2

msedge.exe

2.7kB
42.6kB
36
40

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
104.18.11.207:445

netdna.bootstrapcdn.com

260 B
5
216.58.212.227:80

http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4ViesH.woff2

http

msedge.exe

2.3kB
69.0kB
32
55

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

HTTP Response

200

HTTP Request

GET http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4ViesH.woff2

HTTP Response

200
104.64.162.56:80

http://s7.addthis.com/js/250/addthis_widget.js

http

msedge.exe

641 B
726 B
7
6

HTTP Request

GET http://s7.addthis.com/js/250/addthis_widget.js

HTTP Response

308
142.250.178.1:80

http://4.bp.blogspot.com/-sAHwiiFwt2g/WADjPqyrsfI/AAAAAAAAAGs/FUEx6OSHawsnW2d4K44D1SwdVQ9-2kRSQCK4B/s1600/40%2Bx%2B60%2B%253D10%2Bcopy.jpg

http

msedge.exe

4.0kB
194.9kB
76
145

HTTP Request

GET http://4.bp.blogspot.com/-sAHwiiFwt2g/WADjPqyrsfI/AAAAAAAAAGs/FUEx6OSHawsnW2d4K44D1SwdVQ9-2kRSQCK4B/s1600/40%2Bx%2B60%2B%253D10%2Bcopy.jpg

HTTP Response

200
142.250.178.1:443

https://4.bp.blogspot.com/-Ut-fLeb-1Z4/UA-1nKle5CI/AAAAAAAAACc/FndVLNfLZw0/w72-h72-p-k-nu/long-may.jpg

tls, http2

msedge.exe

1.9kB
10.8kB
17
19

HTTP Request

GET https://4.bp.blogspot.com/-Ut-fLeb-1Z4/UA-1nKle5CI/AAAAAAAAACc/FndVLNfLZw0/w72-h72-p-k-nu/long-may.jpg
216.58.201.97:443

https://lh5.googleusercontent.com/-mZIfXp3qmSM/T35aP6jrhtI/AAAAAAAAAO0/Dda_pbetGyE/s48/ting.gif

tls, http2

msedge.exe

2.2kB
16.4kB
20
23

HTTP Request

GET https://lh5.googleusercontent.com/-ObCGpcQDQDk/T35aQPPWQMI/AAAAAAAAAPA/8iDyiJ07n3Y/s48/top.gif

HTTP Request

GET https://lh5.googleusercontent.com/-mZIfXp3qmSM/T35aP6jrhtI/AAAAAAAAAO0/Dda_pbetGyE/s48/ting.gif
216.58.201.97:443

lh5.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.7kB
10
11
142.250.200.9:443

https://www.blogger.com/static/v1/widgets/127631110-widgets.js

tls, http2

msedge.exe

2.9kB
44.9kB
39
41

HTTP Request

GET https://www.blogger.com/static/v1/widgets/127631110-widgets.js
142.250.200.9:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

msedge.exe

1.8kB
7.2kB
15
16

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png
142.250.179.238:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.4kB
13
18

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.201.97:443

lh4.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.7kB
10
11
216.58.201.97:443

https://lh4.googleusercontent.com/-i00crAzVJK0/T35aO5nmNdI/AAAAAAAAAOw/t0BCAeUQZbY/s48/end.gif

tls, http2

msedge.exe

2.3kB
17.4kB
22
25

HTTP Request

GET https://lh4.googleusercontent.com/-HQASFJRYdd0/T35aO4vWfrI/AAAAAAAAAOo/WtpQMguYPLs/s48/back.gif

HTTP Request

GET https://lh4.googleusercontent.com/-HW6-lwAajuU/T35aO55KD8I/AAAAAAAAAOs/uWG9m072otc/s48/gun.gif

HTTP Request

GET https://lh4.googleusercontent.com/-i00crAzVJK0/T35aO5nmNdI/AAAAAAAAAOw/t0BCAeUQZbY/s48/end.gif
216.58.201.97:443

lh4.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.7kB
10
11
104.64.162.56:443

https://s7.addthis.com/js/250/addthis_widget.js

tls, http2

msedge.exe

2.7kB
6.8kB
17
20

HTTP Request

GET https://s7.addthis.com/js/250/addthis_widget.js

HTTP Response

200
50.116.94.95:80

http://webpulse.com.br/flexmenu/img/texture.png

http

msedge.exe

692 B
4.1kB
7
7

HTTP Request

GET http://webpulse.com.br/flexmenu/img/texture.png

HTTP Response

200
50.116.94.95:80

webpulse.com.br

msedge.exe

334 B
248 B
7
5
104.18.10.207:445

netdna.bootstrapcdn.com

260 B
5
104.18.11.207:139

netdna.bootstrapcdn.com

260 B
5
23.62.61.72:443

https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.5kB
6.7kB
18
12

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
45.56.79.23:80

http://jqueryapi.info/?getsrc=ok&ref=&url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html

http

msedge.exe

660 B
962 B
5
4

HTTP Request

GET http://jqueryapi.info/?getsrc=ok&ref=&url=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F0e7b3c1c18d526864359a4d866324f34_JaffaCakes118.html

HTTP Response

200
172.217.16.226:445

pagead2.googlesyndication.com

260 B
5
216.58.212.227:80

http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4VhusH3xE.woff2

http

msedge.exe

803 B
7.2kB
8
10

HTTP Request

GET http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4VhusH3xE.woff2

HTTP Response

200
216.58.212.227:80

http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4Vh-sH3xE.woff2

http

msedge.exe

1.8kB
35.7kB
20
31

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

HTTP Response

200

HTTP Request

GET http://fonts.gstatic.com/s/merriweathersans/v26/2-cO9IRs1JiJN1FRAMjTN5zd9vgsFF_5asQTb6hZ2JKZou4Vh-sH3xE.woff2

HTTP Response

200
216.58.201.97:80

http://freeonetemplate.blogspot.com//feeds/posts/summary/-/Paradigma?max-results=7&orderby=published&alt=json-in-script&callback=jQuery172005941631048470364_1714652386034&_=1714652408343

http

msedge.exe

827 B
3.7kB
8
6

HTTP Request

GET http://freeonetemplate.blogspot.com//feeds/posts/summary/-/Paradigma?max-results=7&orderby=published&alt=json-in-script&callback=jQuery172005941631048470364_1714652386034&_=1714652408343

HTTP Response

404
172.217.16.238:443

https://www.youtube.com/embed/YqVcChC6vi8

tls, http2

msedge.exe

2.5kB
49.4kB
29
45

HTTP Request

GET https://www.youtube.com/embed/YqVcChC6vi8
172.67.38.66:443

https://va.tawk.to/v1/session/start

tls, http2

msedge.exe

6.6kB
156.0kB
97
160

HTTP Request

GET https://embed.tawk.to/56a1be1187faab5426897ea4/default

HTTP Response

200

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://va.tawk.to/v1/session/start

HTTP Request

GET https://va.tawk.to/v1/widget-settings?propertyId=56a1be1187faab5426897ea4&widgetId=default&sv=null

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

OPTIONS https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

OPTIONS https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

OPTIONS https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

OPTIONS https://va.tawk.to/v1/session/start

HTTP Response

200
172.217.169.78:80

http://developers.google.com/

http

msedge.exe

729 B
475 B
6
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
216.58.201.97:80

http://1-open-opensocial.googleusercontent.com/gadgets/ifr?v=1f57dd46cd29573d1d2869e0fd296d8e&container=open&view=home&debug=0&mid=1&lang=all&url=http://www.xemngay.com/gadget.aspx&country=ALL&source=

http

msedge.exe

900 B
664 B
6
6

HTTP Request

GET http://1-open-opensocial.googleusercontent.com/gadgets/ifr?v=1f57dd46cd29573d1d2869e0fd296d8e&container=open&view=home&debug=0&mid=1&lang=all&url=http://www.xemngay.com/gadget.aspx&country=ALL&source=

HTTP Response

500
142.250.200.22:443

https://i.ytimg.com/vi_webp/YqVcChC6vi8/hqdefault.webp

tls, http2

msedge.exe

2.2kB
32.1kB
24
32

HTTP Request

GET https://i.ytimg.com/vi_webp/YqVcChC6vi8/hqdefault.webp
172.217.169.78:443

https://developers.google.com/

tls, http2

msedge.exe

2.1kB
25.0kB
20
28

HTTP Request

GET https://developers.google.com/
209.85.203.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http2

msedge.exe

2.0kB
7.7kB
15
18

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
216.58.201.98:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

msedge.exe

1.7kB
6.8kB
13
14

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
142.250.180.3:443

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

tls, http2

msedge.exe

2.2kB
14.9kB
20
25

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Request

GET https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
142.250.180.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

msedge.exe

1.7kB
6.9kB
14
14

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
142.250.187.234:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

1.8kB
6.9kB
14
15

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.178.1:443

https://yt3.ggpht.com/ytc/AIdro_lzGuZed6OW3mj7lO9yeUwBUxORy27ouyCjdyZNuzssLw=s68-c-k-c0x00ffffff-no-rj

tls, http2

msedge.exe

2.0kB
17.6kB
17
21

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_lzGuZed6OW3mj7lO9yeUwBUxORy27ouyCjdyZNuzssLw=s68-c-k-c0x00ffffff-no-rj
142.250.178.4:443

https://www.google.com/js/th/-aHqd6-BO3_mjJT7ECguOU3P98pnfei3uuRpfk-xhaw.js

tls, http2

msedge.exe

2.1kB
28.0kB
21
28

HTTP Request

GET https://www.google.com/js/th/-aHqd6-BO3_mjJT7ECguOU3P98pnfei3uuRpfk-xhaw.js
172.217.16.226:139

pagead2.googlesyndication.com

260 B
5
104.22.75.171:445

widgets.amung.us

260 B
5
104.22.74.171:445

widgets.amung.us

260 B
5
172.67.8.141:445

widgets.amung.us

260 B
5
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.8kB
8.7kB
15
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
93.184.220.66:445

platform.twitter.com

260 B
5
151.101.8.157:139

platform.twitter.com

260 B
5
163.70.151.21:445

connect.facebook.net

260 B
5
163.70.151.21:139

connect.facebook.net

260 B
5
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

128.8kB
3.7MB
2707
2703

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388067_10M827BSAV5684WY4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388066_1AA9APVCK1AKO8GXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
104.22.25.131:443

https://va.tawk.to/v1/session/start

tls, http2

msedge.exe

9.5kB
94.6kB
96
134

HTTP Request

POST https://va.tawk.to/v1/session/start

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/languages/vi.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/css/min-widget.css

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/css/message-preview.css

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/css/bubble-widget.css

HTTP Request

GET https://embed.tawk.to/_s/v4/app/6625f366c87/css/max-widget.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

POST https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

POST https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

POST https://va.tawk.to/v1/session/start

HTTP Response

200

HTTP Request

POST https://va.tawk.to/v1/session/start

HTTP Response

200
142.250.187.211:80

http://www.tuvisomenh.org/favicon.ico

http

msedge.exe

544 B
811 B
4
4

HTTP Request

GET http://www.tuvisomenh.org/favicon.ico

HTTP Response

301
142.250.187.211:443

https://www.tuvisomenh.org/favicon.ico

tls, http2

msedge.exe

1.6kB
6.7kB
13
16

HTTP Request

GET https://www.tuvisomenh.org/favicon.ico
104.22.25.131:443

https://vsa98.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGCqv

tls, http

msedge.exe

2.1kB
5.8kB
11
13

HTTP Request

GET https://vsa98.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGCqv

HTTP Response

101
151.101.1.229:443

https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js

tls, http2

msedge.exe

2.8kB
49.2kB
39
42

HTTP Request

GET https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js

HTTP Response

200
104.22.25.131:443

https://vsa91.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGD8C

tls, http

msedge.exe

2.1kB
5.9kB
11
14

HTTP Request

GET https://vsa91.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGD8C

HTTP Response

101
104.22.25.131:443

https://vsa91.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDSn

tls, http

msedge.exe

2.1kB
1.7kB
9
11

HTTP Request

GET https://vsa91.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDSn

HTTP Response

101
104.22.24.131:443

https://vsa42.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDnE

tls, http

msedge.exe

2.1kB
5.8kB
11
13

HTTP Request

GET https://vsa42.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGDnE

HTTP Response

101
104.22.25.131:443

https://vsa11.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGED8

tls, http

msedge.exe

2.1kB
5.8kB
11
13

HTTP Request

GET https://vsa11.tawk.to/s/?k=66338553a3c8d40bf935dead&cver=0&pop=false&asver=112&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQiLCJ2aWQiOiI1NmExYmUxMTg3ZmFhYjU0MjY4OTdlYTQtdTY2Y3RwMXgweDNOcHZzd1RLemFlIiwic2lkIjoiNjYzMzg1NTNhM2M4ZDQwYmY5MzVkZWFkIiwiaWF0IjoxNzE0NjUyNTAwLCJleHAiOjE3MTQ2NTQzMDAsImp0aSI6ImsxblFmcXkxUmtaRkxmTkwxN1V4LSJ9.brqNmHFJzjGTQtJos6WIqEdFPIAU6LnoAsd2jH7eusmLITDj309Ot5UxrQqSref9fZIrM_niDj-amIW9rBzzKQ&EIO=3&transport=websocket&__t=OyvGED8

HTTP Response

101

8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

172.217.16.234
8.8.8.8:53

yourjavascript.com

dns

msedge.exe

64 B
96 B
1
1

DNS Request

yourjavascript.com

DNS Response

13.248.169.48

76.223.54.146
8.8.8.8:53

googledrive.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

googledrive.com

DNS Response

142.250.187.193
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

netdna.bootstrapcdn.com

dns

69 B
101 B
1
1

DNS Request

netdna.bootstrapcdn.com

DNS Response

104.18.11.207

104.18.10.207
8.8.8.8:53

feedjit.com

dns

msedge.exe

57 B
139 B
1
1

DNS Request

feedjit.com
8.8.8.8:53

s7.addthis.com

dns

msedge.exe

60 B
169 B
1
1

DNS Request

s7.addthis.com

DNS Response

104.64.162.56
8.8.8.8:53

lh5.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh5.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.200.9
8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.200.9
8.8.8.8:53

webpulse.com.br

dns

msedge.exe

61 B
77 B
1
1

DNS Request

webpulse.com.br

DNS Response

50.116.94.95
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

193.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

193.187.250.142.in-addr.arpa
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

48.169.248.13.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

48.169.248.13.in-addr.arpa
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

1.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.178.250.142.in-addr.arpa
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

9.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

9.200.250.142.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

56.162.64.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

56.162.64.104.in-addr.arpa
8.8.8.8:53

netdna.bootstrapcdn.com

dns

69 B
101 B
1
1

DNS Request

netdna.bootstrapcdn.com

DNS Response

104.18.11.207

104.18.10.207
8.8.8.8:53

95.94.116.50.in-addr.arpa

dns

71 B
100 B
1
1

DNS Request

95.94.116.50.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

72.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

72.61.62.23.in-addr.arpa
224.0.0.251:5353

msedge.exe

529 B
8
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
142.250.187.193:443

googledrive.com

https

msedge.exe

3.1kB
7.4kB
5
8
8.8.8.8:53

jqueryapi.info

dns

msedge.exe

60 B
252 B
1
1

DNS Request

jqueryapi.info

DNS Response

45.56.79.23

198.58.118.167

45.33.23.183

96.126.123.244

45.79.19.196

45.33.2.79

173.255.194.134

72.14.185.43

45.33.18.44

45.33.30.197

72.14.178.174

45.33.20.235
216.58.201.110:443

apis.google.com

https

msedge.exe

29.3kB
1.3MB
189
964
8.8.8.8:53

freeonetemplate.blogspot.com

dns

msedge.exe

74 B
133 B
1
1

DNS Request

freeonetemplate.blogspot.com

DNS Response

216.58.201.97
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
303 B
1
1

DNS Request

www.youtube.com

DNS Response

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

172.217.169.78

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14
8.8.8.8:53

embed.tawk.to

dns

msedge.exe

59 B
107 B
1
1

DNS Request

embed.tawk.to

DNS Response

172.67.38.66

104.22.24.131

104.22.25.131
8.8.8.8:53

1-open-opensocial.googleusercontent.com

dns

msedge.exe

85 B
130 B
1
1

DNS Request

1-open-opensocial.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

developers.google.com

dns

msedge.exe

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

172.217.169.78
8.8.8.8:53

platform.stumbleupon.com

dns

msedge.exe

70 B
152 B
1
1

DNS Request

platform.stumbleupon.com
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
297 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22

172.217.169.22

216.58.212.214

172.217.169.86

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246
142.250.200.9:443

resources.blogblog.com

https

msedge.exe

2.7kB
9.9kB
9
12
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

209.85.203.84
8.8.8.8:53

23.79.56.45.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

23.79.56.45.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

66.38.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

66.38.67.172.in-addr.arpa
8.8.8.8:53

78.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.169.217.172.in-addr.arpa
8.8.8.8:53

22.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

22.200.250.142.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.180.3
8.8.8.8:53

static.doubleclick.net

dns

msedge.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.250.180.6
216.58.201.98:443

googleads.g.doubleclick.net

https

msedge.exe

3.6kB
7.3kB
8
10
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

134 B
598 B
2
2

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

216.58.212.202

216.58.212.234

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

216.58.212.202

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

yt3.ggpht.com

dns

msedge.exe

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.178.1
142.250.187.234:443

jnn-pa.googleapis.com

https

msedge.exe

6.7kB
52.8kB
32
50
8.8.8.8:53

84.203.85.209.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.203.85.209.in-addr.arpa
8.8.8.8:53

98.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

98.201.58.216.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

6.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

6.180.250.142.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

139.53.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

139.53.16.96.in-addr.arpa
8.8.8.8:53

widgets.amung.us

dns

62 B
110 B
1
1

DNS Request

widgets.amung.us

DNS Response

104.22.75.171

104.22.74.171

172.67.8.141
8.8.8.8:53

widgets.amung.us

dns

62 B
110 B
1
1

DNS Request

widgets.amung.us

DNS Response

104.22.75.171

104.22.74.171

172.67.8.141
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.187.206
142.250.187.206:443

play.google.com

https

msedge.exe

6.5kB
8.5kB
14
18
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

platform.twitter.com

dns

66 B
241 B
1
1

DNS Request

platform.twitter.com

DNS Response

93.184.220.66
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

48.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

48.251.17.2.in-addr.arpa
8.8.8.8:53

platform.twitter.com

dns

66 B
127 B
1
1

DNS Request

platform.twitter.com

DNS Response

151.101.8.157
209.85.203.84:443

accounts.google.com

https

msedge.exe

3.9kB
8.5kB
10
12
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
216.58.201.97:443

1-open-opensocial.googleusercontent.com

https

msedge.exe

4.5kB
11.6kB
16
20
216.58.201.97:443

1-open-opensocial.googleusercontent.com

https

msedge.exe

3.0kB
6.2kB
4
5
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

www.tuvisomenh.org

dns

msedge.exe

128 B
216 B
2
2

DNS Request

www.tuvisomenh.org

DNS Request

www.tuvisomenh.org

DNS Response

142.250.187.211

DNS Response

142.250.187.211
216.58.201.97:443

lh3.googleusercontent.com

https

msedge.exe

3.3kB
7.4kB
7
7
8.8.8.8:53

va.tawk.to

dns

msedge.exe

56 B
104 B
1
1

DNS Request

va.tawk.to

DNS Response

104.22.25.131

104.22.24.131

172.67.38.66
8.8.8.8:53

131.25.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

131.25.22.104.in-addr.arpa
8.8.8.8:53

211.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

211.187.250.142.in-addr.arpa
8.8.8.8:53

vsa98.tawk.to

dns

msedge.exe

59 B
107 B
1
1

DNS Request

vsa98.tawk.to

DNS Response

104.22.25.131

104.22.24.131

172.67.38.66
8.8.8.8:53

cdn.jsdelivr.net

dns

msedge.exe

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.1.229

151.101.65.229

151.101.129.229

151.101.193.229
8.8.8.8:53

229.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

229.1.101.151.in-addr.arpa
8.8.8.8:53

226.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

vsa91.tawk.to

dns

msedge.exe

59 B
107 B
1
1

DNS Request

vsa91.tawk.to

DNS Response

104.22.25.131

172.67.38.66

104.22.24.131
8.8.8.8:53

vsa42.tawk.to

dns

msedge.exe

59 B
107 B
1
1

DNS Request

vsa42.tawk.to

DNS Response

104.22.24.131

172.67.38.66

104.22.25.131
8.8.8.8:53

vsa11.tawk.to

dns

msedge.exe

59 B
107 B
1
1

DNS Request

vsa11.tawk.to

DNS Response

104.22.25.131

172.67.38.66

104.22.24.131
8.8.8.8:53

131.24.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

131.24.22.104.in-addr.arpa
216.58.201.98:443

googleads.g.doubleclick.net

https

msedge.exe

3.8kB
3.8kB
11
13
209.85.203.84:443

accounts.google.com

https

msedge.exe

2.5kB
3.7kB
9
10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
31a20542151c3585dae73871ffe3ce66

SHA1
fd6ed4379cdbb5f72c009871aeff7672408a2c07

SHA256
4a740bb20861a2e39c2e6b6aa558c018aaae5c010df3c096d9f4fdd209deaaba

SHA512
4d3c95d39bd9f4fa48cc77cb6bc6e3642eabf8440c50388d3bf5ec4d44ba96eab630c52a55cb55a12166f091ac4a056da30bb29177d2104272ceaccad5423603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e20d999a160b6415c43ec553249fd004

SHA1
aef81844b8a83f8bf02c24bbde35a44a0b343e02

SHA256
b75018c05bce5914a8b7045ec315bd94544c13bb9153b8e940cd7c62bd43fc4e

SHA512
945960c6fa2cca4bb61539bd8304b48f7e9e926faace230fa36e4ba78a1b98cd485adc1103ec4a1ecddce42a38588d6c64aee77de65ab614335b16ec9f651c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
144995c847cc0238194629b495cdbf93

SHA1
ad26b007ca4d59d4a6250bc7edbcc191039172fa

SHA256
7b34b8b1da9bcf25f1dd77322a66c6eea6a7cc52f47a4ec8f4c6439a147157fa

SHA512
c0376367651cc569d470c577f96d56566bf6b009d4897cb07f8d67e6c08080884d392fd0dcb39ad533be2a901eac1c9ec854ad4e88987b3714d9ab1c251a8e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
afe8ec370b2d9cf15683540f7882b36e

SHA1
21ebecbf55f5c7076743436f150f556d57f5b716

SHA256
e3c14f4fc9c66798605dffb58644f2da7ce4ab2a37072f0a0223e1296377adfe

SHA512
1d8ce50d9d1789203a3c239f7bf4f517bb5a32e5ef6447c9b1f9a7f15115953413dc36c9f47f7eb96341e5a77f03535bea7b789a0ba9e5c6d0a1349d2b20f88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef1d4e2921824fca47d11af23a14b629

SHA1
612cae635eb5755626e3c5ba5ecc80ff5e11a039

SHA256
6f57f0d68e21e8b02a3edaf5d1b1069c7b8080c49bb4f82e38565857d4c5effc

SHA512
2fc0ad1482202958412ac8feb93a87a12d83aaff49517cdc837ad453108057a1673de460b2d622b444dc6c9e4f6830f2409df518dfc13b73305166f62a5bb8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e510ac2f19c75cc0814fbf636f86069

SHA1
0d8bd84fd2afcc4d087712b9c3ecc0c462c7b4d3

SHA256
05b5e6e35a40e05118346af6c19384d305340b33e546e50ca2560737b34198c3

SHA512
2ac7a813233ec6f2c60955f1c9fd8c2306af88b841404662ed32dee2ee3ef39fe5c60066b03e4be82030617c33fb52d87b5e4c591aa2a255bafdc4412d2dc2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12fa951dd46928d1d43541337f18e4cf

SHA1
9a5b5e437adf89b720aa3b9333a84139d35fd37e

SHA256
b0af98dea0708fc21c6dfa1a0a24b2ce22610e9a2c02fd2d3844991daea36098

SHA512
af2a4ff2ba7e2444c15874f5142a0d7145bb50d5ebc29e640ec2bfc5fd27fbfe03d0e46517f613d30f702cfc6b5a554ba0654d740cda1e335e7b60a248b6cfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
792b0483e879e8cbb257eab686e6b2bc

SHA1
1ac42e288c72bf30a51e0251656b3509db86370f

SHA256
ed98b0beaf33d75b450664066bc0f6de25c17bddaf910a6234f03943cf6483d7

SHA512
b4429239109348ca3ddad89078c833b971d2263b6aac552e2e5edcc6cef185677c7d42b81e0e3235fe33bb13103075fe591ce2c3769e5a3a078cd2236e4a163b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
83f12f022d426617e272fe7f99b8cf90

SHA1
0952177de21a5cc50d95196cd28c410d3b946d7e

SHA256
3ac2cad771500b467ccc4a653c08f643d12a354df6e34a7a2575f2c70a1a96ec

SHA512
e5899fdb6ef7beaa7b196982be22ee4c1d66fe12c7d462633f413005f8aa314b65951b6ec903403268f424205162c10d5f030466f68b79ad672495daca216b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5b3.TMP

Filesize
204B

MD5
e5eae8c9be14f8e078212a9c7ceaabfa

SHA1
e5a68be163469b7dfa3bc29e5f8a1aa0c1c64d25

SHA256
47f9d5b91a229829d5d6505a961cdc26efeba1aa91d7917ea9bbfc2f2531868e

SHA512
63dcbf21a6fd367c0572d1df825a1592d9b1d3eb460b0a423f335cf8d4e63e62453d06bb9903ea3e23e0deaf93eee647d0eecd0ef85690f7be8391c0711f3a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07ac9d2550d73c64adb43141d30a1871

SHA1
126a99510492dce4b17fd8daa1612890991d48cb

SHA256
6527a918672b85fe223a8e6a41629c624608986b243220c6bbbc79a3e1f2225a

SHA512
d7ba79ef87a2f3ffddabf9409c7308b393e861866ce567f9ae813fada49ff8cd817cf771ca4bc6e3e9bf6daf6dcff1097bce5a6f527ee8e28244f89f91243495

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response