Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 08:18 UTC
Static task
static1
Behavioral task
behavioral1
Sample
23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html
-
Size
23KB
-
MD5
23f8fc1e15e5448a31f2a12a4616c146
-
SHA1
591e1a12daef59a22a12bd488f24be201e6eeb4e
-
SHA256
f6b203eafc8bccc67b5f9081739a75d1e50f9dfdb01c1f9544d2cfc8da51cd98
-
SHA512
f69fc3eed32c89060765766dd57bcb00e55e3d989c305b0b90aa48e5d8d5c5cd8a0777c2432b0155ad9ab20a6af25223ccd543be92f18ec0c7d9dc504983f49f
-
SSDEEP
384:zVhVtx+dWwputxwQ7U7kSj3Y47ZYZ5iOJtCiCU7uHOeP3x3gdE+uvi40AnZtGkiQ:jVtx+dWx0TA8OarHjP3xaEJvuwGkisi6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 3732 msedge.exe 3732 msedge.exe 2764 identity_helper.exe 2764 identity_helper.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3732 wrote to memory of 1804 3732 msedge.exe 84 PID 3732 wrote to memory of 1804 3732 msedge.exe 84 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 2128 3732 msedge.exe 86 PID 3732 wrote to memory of 2128 3732 msedge.exe 86 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa184e46f8,0x7ffa184e4708,0x7ffa184e47182⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:688
Network
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requests.w.orgIN AResponses.w.orgIN A192.0.77.48
-
Remote address:8.8.8.8:53Requestcls.balantfromsun.comIN AResponsecls.balantfromsun.comIN A75.2.115.196
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/css/dist/block-library/style_min_css&ver=5.2.2msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/css/dist/block-library/style_min_css&ver=5.2.2 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/css/styles_css&ver=5.1.3msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/css/styles_css&ver=5.1.3 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/components_css&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/components_css&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/animations_css&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/animations_css&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/style_css&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/style_css&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/css/bootstrap_css&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/css/bootstrap_css&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/iconsmind/line-icons_min_css&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/iconsmind/line-icons_min_css&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery_js&ver=1.12.4-wpmsedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/jquery/jquery_js&ver=1.12.4-wp HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/css/settings_css&ver=5.4.6.4msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/css/settings_css&ver=5.4.6.4 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/themes/techline/skin_css&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/themes/techline/skin_css&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket102
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FX/BduOOCNdH1jczS9IlRGIzwXb1dNrmqnsB5x5psSH9yKFWCh2jw3BQsW5kWZP98HE+Xhyy26gOk7cAxqN6ug==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: english
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
X-Domain: balantfromsun.com
X-Subdomain: cls
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Request74.204.58.216.in-addr.arpaIN PTRResponse74.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f101e100net74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f74�H74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f10�H
-
Remote address:8.8.8.8:53Request196.115.2.75.in-addr.arpaIN PTRResponse196.115.2.75.in-addr.arpaIN PTRa815a0b269b119624awsglobalacceleratorcom
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-emoji-release.min.js?ver=5.2.2msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/wp-emoji-release.min.js?ver=5.2.2 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requestwww.atg.com.doIN AResponsewww.atg.com.doIN A172.67.189.47www.atg.com.doIN A104.21.9.80
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:172.67.189.47:443RequestGET /2/wp-content/uploads/2016/12/logo-atg.png HTTP/2.0
host: www.atg.com.do
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fyVLrFo7z5tPxg8iogbB5ZkgArV57Ts%2FGtwAx6JmOnvXY5NGA5vQqDcw8UkXyJGQbTMw7Ve6xiM3pt8jTygOSW%2FbhZJ%2B5L4JWucL5Ae14FErubQbbBOoLJl5dg3l7nuGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8808048afed2949b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.189.47:443RequestGET /wp-content/uploads/2016/12/logo-atg-min.png HTTP/2.0
host: www.atg.com.do
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8808048afed6949b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.189.47:443RequestGET /wp-content/uploads/2016/12/logo-atg-black.jpg HTTP/2.0
host: www.atg.com.do
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=giwAQ81s%2FGf2ENL%2Bh8%2Fcpv9F5WHE3AKlQLhh5NEwwomAgPXzsPDfiuy8K78QwJ9QUhJdV2FIdqVzpiMeaQVrEH9EIQV3BMr1hLIJqW7PeHY7bKZ7ZHIEWtMUXQcJuIbNyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8808048afed4949b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A2.18.190.81a1952.dscq.akamai.netIN A2.18.190.80
-
Remote address:2.18.190.81:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 08 May 2024 09:18:12 GMT
Date: Wed, 08 May 2024 08:18:12 GMT
Connection: keep-alive
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN AResponsea.nel.cloudflare.comIN A35.190.80.1
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Request227.212.58.216.in-addr.arpaIN PTRResponse227.212.58.216.in-addr.arpaIN PTRams16s22-in-f2271e100net227.212.58.216.in-addr.arpaIN PTRams16s22-in-f3�J227.212.58.216.in-addr.arpaIN PTRlhr25s28-in-f3�J
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request47.189.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.190.18.2.in-addr.arpaIN PTRResponse81.190.18.2.in-addr.arpaIN PTRa2-18-190-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request81.190.18.2.in-addr.arpaIN PTR
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
OPTIONShttps://a.nel.cloudflare.com/report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3Dmsedge.exeRemote address:35.190.80.1:443RequestOPTIONS /report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://www.atg.com.do
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
POSThttps://a.nel.cloudflare.com/report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3Dmsedge.exeRemote address:35.190.80.1:443RequestPOST /report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
content-length: 439
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttp://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2msedge.exeRemote address:75.2.115.196:80RequestGET /ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2 HTTP/1.1
Host: cls.balantfromsun.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=11897A27DABC60D22BD86E5EDB5C612F; domain=.bing.com; expires=Mon, 02-Jun-2025 08:18:13 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D7891F5FCD3B4E4696FD447E121E7D47 Ref B: LON04EDGE1208 Ref C: 2024-05-08T08:18:13Z
date: Wed, 08 May 2024 08:18:13 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=11897A27DABC60D22BD86E5EDB5C612F
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=pEQDRFoz72bIBiRFY57pmsGOKHO7gbxAkrrKqvQHwhk; domain=.bing.com; expires=Mon, 02-Jun-2025 08:18:13 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BB7C031A612D4EEBA54C326B5F4CFDDB Ref B: LON04EDGE1208 Ref C: 2024-05-08T08:18:13Z
date: Wed, 08 May 2024 08:18:13 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=11897A27DABC60D22BD86E5EDB5C612F; MSPTC=pEQDRFoz72bIBiRFY57pmsGOKHO7gbxAkrrKqvQHwhk
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B246160E44734E22AE32E677001E82CF Ref B: LON04EDGE1208 Ref C: 2024-05-08T08:18:13Z
date: Wed, 08 May 2024 08:18:13 GMT
-
Remote address:8.8.8.8:53Request1.80.190.35.in-addr.arpaIN PTRResponse1.80.190.35.in-addr.arpaIN PTR18019035bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request142.53.16.96.in-addr.arpaIN PTRResponse142.53.16.96.in-addr.arpaIN PTRa96-16-53-142deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request14.251.17.2.in-addr.arpaIN PTRResponse14.251.17.2.in-addr.arpaIN PTRa2-17-251-14deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 449656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9677AD2BA4574F19B91A25D218E31EC8 Ref B: LON04EDGE1216 Ref C: 2024-05-08T08:19:52Z
date: Wed, 08 May 2024 08:19:51 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 468637
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD4F260DB1B24AD988C9A16B61981851 Ref B: LON04EDGE1216 Ref C: 2024-05-08T08:19:52Z
date: Wed, 08 May 2024 08:19:51 GMT
-
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/css/dist/block-library/style_min_css&ver=5.2.2httpmsedge.exe720 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/css/dist/block-library/style_min_css&ver=5.2.2HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/css/styles_css&ver=5.1.3httpmsedge.exe729 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/css/styles_css&ver=5.1.3HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/components_css&ver=1.0httpmsedge.exe723 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/components_css&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/animations_css&ver=1.0httpmsedge.exe625 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/css/animations_css&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/style_css&ver=1.0httpmsedge.exe616 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/style_css&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/css/bootstrap_css&ver=1.0httpmsedge.exe786 B 639 B 8 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/css/bootstrap_css&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/iconsmind/line-icons_min_css&ver=1.0httpmsedge.exe741 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/iconsmind/line-icons_min_css&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery_js&ver=1.12.4-wphttpmsedge.exe692 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery_js&ver=1.12.4-wpHTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/css/settings_css&ver=5.4.6.4httpmsedge.exe733 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/css/settings_css&ver=5.4.6.4HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/themes/techline/skin_css&ver=1.0httpmsedge.exe843 B 8.1kB 10 10
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/themes/techline/skin_css&ver=1.0HTTP Response
200 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1httpmsedge.exe602 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4httpmsedge.exe775 B 639 B 8 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4httpmsedge.exe740 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1httpmsedge.exe700 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/jquery/jquery-migrate_min_js&ver=1.4.1HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0httpmsedge.exe618 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3httpmsedge.exe753 B 639 B 8 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4httpmsedge.exe735 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_tools_min_js&ver=5.4.6.4HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4httpmsedge.exe780 B 639 B 8 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/revslider/public/assets/js/jquery_themepunch_revolution_min_js&ver=5.4.6.4HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0httpmsedge.exe707 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0httpmsedge.exe629 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0httpmsedge.exe691 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-emoji-release.min.js?ver=5.2.2httpmsedge.exe597 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-emoji-release.min.js?ver=5.2.2HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2httpmsedge.exe687 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0httpmsedge.exe706 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0httpmsedge.exe618 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/3cx-live-chat-talk/includes/js/callus_js&ver=1.4.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3httpmsedge.exe753 B 639 B 8 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/contact-form-7/includes/js/scripts_js&ver=5.1.3HTTP Response
403 -
172.67.189.47:443https://www.atg.com.do/wp-content/uploads/2016/12/logo-atg-black.jpgtls, http2msedge.exe3.0kB 7.0kB 18 18
HTTP Request
GET https://www.atg.com.do/2/wp-content/uploads/2016/12/logo-atg.pngHTTP Request
GET https://www.atg.com.do/wp-content/uploads/2016/12/logo-atg-min.pngHTTP Request
GET https://www.atg.com.do/wp-content/uploads/2016/12/logo-atg-black.jpgHTTP Response
404HTTP Response
404HTTP Response
404 -
2.0kB 4.2kB 10 7
-
2.0kB 4.7kB 10 7
-
468 B 1.7kB 7 6
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0httpmsedge.exe701 B 599 B 7 5
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/script_js&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0httpmsedge.exe727 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/scripts/bootstrap/js/bootstrap_min_js&ver=1.0HTTP Response
403 -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0httpmsedge.exe691 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/imagesloaded_min_js&ver=3.2.0HTTP Response
403 -
1.0kB 1.1kB 8 6
-
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0httpmsedge.exe608 B 554 B 5 4
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-content/plugins/hybrid-composer/custom/custom_js&ver=1.0HTTP Response
403 -
35.190.80.1:443https://a.nel.cloudflare.com/report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3Dtls, http2msedge.exe2.7kB 4.9kB 18 20
HTTP Request
OPTIONS https://a.nel.cloudflare.com/report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3DHTTP Request
POST https://a.nel.cloudflare.com/report/v4?s=1AlTXw5BikRghmy8oCilTB0ppHB7XHeRcmboe04HPVrGSGYzOiJyOzjSzjFEnEinYj8aFWu4ubZ8qNp1jP3n4hd4axF5ZMM4RPG1GM8b%2FQ4yLUO6DMt0MmrpFn7kz6Xxnw%3D%3D -
75.2.115.196:80http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2httpmsedge.exe687 B 639 B 7 6
HTTP Request
GET http://cls.balantfromsun.com/ddb/rend.js?l=1&/wp-includes/js/wp-embed_min_js&ver=5.2.2HTTP Response
403 -
260 B 5
-
260 B 5
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=tls, http22.0kB 9.2kB 22 18
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=72d11eb8cf3d4af1a97bfdaf999e2afd&localId=w:D3F44B69-51EC-77F5-ABEE-EFD974F351D8&deviceId=6755467847604707&anid=HTTP Response
204 -
260 B 5
-
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http233.0kB 957.7kB 699 697
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
53 B 69 B 1 1
DNS Request
s.w.org
DNS Response
192.0.77.48
-
67 B 83 B 1 1
DNS Request
cls.balantfromsun.com
DNS Response
75.2.115.196
-
72 B 171 B 1 1
DNS Request
74.204.58.216.in-addr.arpa
-
71 B 127 B 1 1
DNS Request
196.115.2.75.in-addr.arpa
-
60 B 92 B 1 1
DNS Request
www.atg.com.do
DNS Response
172.67.189.47104.21.9.80
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
2.18.190.812.18.190.80
-
66 B 82 B 1 1
DNS Request
a.nel.cloudflare.com
DNS Response
35.190.80.1
-
73 B 171 B 1 1
DNS Request
227.212.58.216.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
75.159.190.20.in-addr.arpa
DNS Request
75.159.190.20.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
47.189.67.172.in-addr.arpa
-
140 B 133 B 2 1
DNS Request
81.190.18.2.in-addr.arpa
DNS Request
81.190.18.2.in-addr.arpa
-
3.1kB 3.9kB 5 6
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
70 B 120 B 1 1
DNS Request
1.80.190.35.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
448 B 7
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
142.53.16.96.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
3.3kB 2.5kB 9 8
-
70 B 133 B 1 1
DNS Request
14.251.17.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
11.227.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
670B
MD50c0839d63c389934dd7d552149430482
SHA159c3f32f31e862dd4e5e62728f3d62ad3e386a7c
SHA256bf28118f88886e8a2773081a5100f0ae21d40c6d118bd402487bcbe406b42d9c
SHA512bffa77348f0d2c1237ed383af5a0353224af768c873da836dba35f40192f18bc73a2da7207b62be1f263ca577c03049ce2194865845bee6ea7ac1f96d86e0988
-
Filesize
5KB
MD5f06d9c3d83278e6a618db89f9638df60
SHA1760e90abc7d489a790140ead0e4ad202b55b5cc5
SHA25672feaaff315582bd3dbfb433affeca610255daa83594ba57f5824d0cd04e495a
SHA512920aa609f5a01f51413b81bb412368cd49996f8c60521689f1a10cb452303d3e96e8a4ac2acf6b5520e528b0d671f8611474b373c306ca2add63fd76be41b5fe
-
Filesize
6KB
MD50dd14d12a1ac7f6edd039753e1ffa0bf
SHA19f74851903dfd0ffae423a43fe33dc5f84ab03df
SHA256df7951e599eeb7cdee3010ace9537103681291a9a97cc356686f0d133d009d21
SHA512f8000a2e3d7b55de3ae2954228c6b598856839f9778187388b71f793493a4f20df9fb9401d97733aae1030105083d5c30d0e3dac75e21921ab2c72ac7f45e556
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD555413f12bb3dc2e93b49c1a2fa9fc272
SHA12593af58868d59481b8df05742023f125e506486
SHA256abe1f00c98a7390b263f837816aba786fbb9e05097d2c18ea25d0af651350b2a
SHA51280d0ee1b47200f437796fdc9fc1bfad0f8aad0a7184a9a0fe49fbe42cee2a031a9955972a509ced480bf585a02ca69857b47dd35a8b42d76ab2900e09804a1ae