Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 16:06 UTC

General

  • Target

    3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html

  • Size

    154KB

  • MD5

    3af436e4ab0784e768291ac7cb6f39df

  • SHA1

    32a863b6ce95944571af9b3da92d59802b5948dd

  • SHA256

    6161f58c980f4ac5dcf9b1a7784e30693ac64379c8d6bd535d0e97d261769cee

  • SHA512

    5b262428104190beb9a06f080cc1920974b2e9d2d21445bf2ba3e7aa5581b7c2527dc503a03f467fb4e85249584d4f71fb79d68fb1279cc439ecfa355352c0ee

  • SSDEEP

    3072:2eDdih9fVnXr6GFQ5t3rN941m+cuFaGQfTajTe95dtU93vB6svTgRJ0eEZzUkaNF:2h9fVnXr6GFQ55r81m+cuFaGQfTajTel

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3228
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
      2⤵
        PID:1176
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:2692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
          2⤵
            PID:4976
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:4516
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:1104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
                2⤵
                  PID:4144
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
                  2⤵
                    PID:2616
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3040
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                    2⤵
                      PID:4800
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                      2⤵
                        PID:4588
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                        2⤵
                          PID:3976
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                          2⤵
                            PID:3600
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3180
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4720
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2360

                            Network

                            • flag-us
                              DNS
                              s.w.org
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              s.w.org
                              IN A
                              Response
                              s.w.org
                              IN A
                              192.0.77.48
                            • flag-us
                              DNS
                              rahsabanet.ir
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              rahsabanet.ir
                              IN A
                              Response
                            • flag-us
                              DNS
                              228.249.119.40.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              228.249.119.40.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              71.159.190.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              71.159.190.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              240.197.17.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              240.197.17.2.in-addr.arpa
                              IN PTR
                              Response
                              240.197.17.2.in-addr.arpa
                              IN PTR
                              a2-17-197-240deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              secure.gravatar.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              secure.gravatar.com
                              IN A
                              Response
                              secure.gravatar.com
                              IN A
                              192.0.73.2
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1102
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="88fdaa4264c45bbe2598ed35c2a843d1.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1102
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="ae583c90f0520ec037b7e01981bcc52a.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="986d1b26875105ba43118db1bd2e329b.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1102
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="6240157980dded2e663f7d1a45bc576e.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="59de912b818b932582c09c46c120bd8d.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="4e74962ae2307518b5e594aea018189a.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1102
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="429eb621824e4e4e7a91be14bf5b3b92.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 2266
                              last-modified: Mon, 18 Dec 2017 09:04:49 GMT
                              link: <https://gravatar.com/avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=g>; rel="canonical"
                              content-disposition: inline; filename="741a320467a0796810626079b2d3b981.jpeg"
                              access-control-allow-origin: *
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="0a9238d38c04b560df28def50452d6f8.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1102
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="205d812bb7edea5eeb641d8cc40ce4bd.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="3aeb3fe619b96c130f4a2331f94cec43.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="6369239132b94cba5465e0b2f5745b0f.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="66633afb43162f757754741702defe03.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1125
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="0b8096376eb6d69d0648910758d7db2e.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1099
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="88fdaa4264c45bbe2598ed35c2a843d1.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1131
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="39227c0e01c3b6c7ee12d5b43d054617.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              GET
                              https://secure.gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g
                              msedge.exe
                              Remote address:
                              192.0.73.2:443
                              Request
                              GET /avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g HTTP/2.0
                              host: secure.gravatar.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: image/jpeg
                              content-length: 1131
                              last-modified: Wed, 11 Jan 1984 08:00:00 GMT
                              link: <https://gravatar.com/avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=g>; rel="canonical"
                              access-control-allow-origin: *
                              content-disposition: inline; filename="4c7ec454fd3743c76f1d0b30f93ef266.png"
                              expires: Sun, 12 May 2024 16:11:35 GMT
                              cache-control: max-age=300
                              x-nc: HIT lhr 1
                              alt-svc: h3=":443"; ma=86400
                              accept-ranges: bytes
                            • flag-us
                              DNS
                              s1.mediaad.org
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              s1.mediaad.org
                              IN A
                              Response
                              s1.mediaad.org
                              IN CNAME
                              hz.mediaad.org
                              hz.mediaad.org
                              IN A
                              45.94.255.25
                              hz.mediaad.org
                              IN A
                              45.94.254.25
                              hz.mediaad.org
                              IN A
                              45.94.254.24
                            • flag-ir
                              GET
                              https://s1.mediaad.org/serve/rahsabanet.ir/loader.js
                              msedge.exe
                              Remote address:
                              45.94.255.25:443
                              Request
                              GET /serve/rahsabanet.ir/loader.js HTTP/2.0
                              host: s1.mediaad.org
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 302
                              date: Sun, 12 May 2024 16:06:35 GMT
                              content-type: text/html
                              content-length: 138
                              location: https://loader.tapsell.ir/static/loader.js
                            • flag-us
                              DNS
                              apps.identrust.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              apps.identrust.com
                              IN A
                              Response
                              apps.identrust.com
                              IN CNAME
                              identrust.edgesuite.net
                              identrust.edgesuite.net
                              IN CNAME
                              a1952.dscq.akamai.net
                              a1952.dscq.akamai.net
                              IN A
                              2.18.190.81
                              a1952.dscq.akamai.net
                              IN A
                              2.18.190.80
                            • flag-us
                              GET
                              http://apps.identrust.com/roots/dstrootcax3.p7c
                              msedge.exe
                              Remote address:
                              2.18.190.81:80
                              Request
                              GET /roots/dstrootcax3.p7c HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Microsoft-CryptoAPI/10.0
                              Host: apps.identrust.com
                              Response
                              HTTP/1.1 200 OK
                              X-XSS-Protection: 1; mode=block
                              X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              X-Robots-Tag: noindex
                              Referrer-Policy: same-origin
                              Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
                              ETag: "37d-5f433188daa00"
                              Accept-Ranges: bytes
                              Content-Length: 893
                              X-Content-Type-Options: nosniff
                              X-Frame-Options: sameorigin
                              Content-Type: application/pkcs7-mime
                              Cache-Control: max-age=3600
                              Expires: Sun, 12 May 2024 17:06:35 GMT
                              Date: Sun, 12 May 2024 16:06:35 GMT
                              Connection: keep-alive
                            • flag-us
                              DNS
                              2.73.0.192.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              2.73.0.192.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              81.190.18.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              81.190.18.2.in-addr.arpa
                              IN PTR
                              Response
                              81.190.18.2.in-addr.arpa
                              IN PTR
                              a2-18-190-81deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              25.255.94.45.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              25.255.94.45.in-addr.arpa
                              IN PTR
                              Response
                              25.255.94.45.in-addr.arpa
                              IN PTR
                              hostsindadcloud
                            • flag-us
                              DNS
                              loader.tapsell.ir
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              loader.tapsell.ir
                              IN A
                              Response
                              loader.tapsell.ir
                              IN A
                              45.94.254.10
                              loader.tapsell.ir
                              IN A
                              45.94.255.10
                            • flag-ir
                              GET
                              https://loader.tapsell.ir/static/loader.js
                              msedge.exe
                              Remote address:
                              45.94.254.10:443
                              Request
                              GET /static/loader.js HTTP/2.0
                              host: loader.tapsell.ir
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Sun, 12 May 2024 16:06:36 GMT
                              content-type: application/javascript
                              last-modified: Mon, 29 Apr 2024 07:36:52 GMT
                              etag: W/"662f4e14-36994"
                              access-control-allow-origin: *
                              expires: Mon, 13 May 2024 16:06:36 GMT
                              cache-control: max-age=86400
                              x-cache-status: HIT
                              cache-control: public
                              content-encoding: gzip
                              strict-transport-security: max-age=15724800; includeSubDomains
                            • flag-us
                              DNS
                              mediacdn.mediaad.org
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              mediacdn.mediaad.org
                              IN A
                              Response
                              mediacdn.mediaad.org
                              IN A
                              45.94.255.10
                              mediacdn.mediaad.org
                              IN A
                              45.94.254.21
                              mediacdn.mediaad.org
                              IN A
                              45.94.254.10
                            • flag-us
                              DNS
                              storage.backtory.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              storage.backtory.com
                              IN A
                              Response
                              storage.backtory.com
                              IN A
                              45.94.255.10
                              storage.backtory.com
                              IN A
                              45.94.254.10
                            • flag-us
                              DNS
                              ma-cdn.pegah.tech
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              ma-cdn.pegah.tech
                              IN A
                              Response
                              ma-cdn.pegah.tech
                              IN CNAME
                              hz.mediaad.org
                              hz.mediaad.org
                              IN A
                              45.94.255.25
                              hz.mediaad.org
                              IN A
                              45.94.254.25
                              hz.mediaad.org
                              IN A
                              45.94.254.24
                            • flag-ir
                              GET
                              https://mediacdn.mediaad.org/static/fingerprint.html
                              msedge.exe
                              Remote address:
                              45.94.255.10:443
                              Request
                              GET /static/fingerprint.html HTTP/2.0
                              host: mediacdn.mediaad.org
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              upgrade-insecure-requests: 1
                              dnt: 1
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: cross-site
                              sec-fetch-mode: navigate
                              sec-fetch-dest: iframe
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Sun, 12 May 2024 16:06:36 GMT
                              content-type: text/html;charset=UTF-8
                              vary: Accept-Encoding
                              access-control-allow-origin: *
                              access-control-allow-credentials: false
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
                              access-control-allow-headers: x-auth-token, x-requested-with, content-type, content-encoding, accept, origin, referer, Authorization, x-xsrf-token, x-csrf-token
                              access-control-expose-headers: x-requested-with
                              strict-transport-security: max-age=15724800; includeSubDomains
                              expires: Mon, 13 May 2024 16:06:36 GMT
                              cache-control: max-age=86400
                              x-cache-status: HIT
                              cache-control: public
                              content-encoding: gzip
                            • flag-ir
                              GET
                              https://storage.backtory.com/tapsell-server/loader/lottie-player-2.0.2.js
                              msedge.exe
                              Remote address:
                              45.94.255.10:443
                              Request
                              GET /tapsell-server/loader/lottie-player-2.0.2.js HTTP/2.0
                              host: storage.backtory.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: */*
                              origin: null
                              sec-fetch-site: cross-site
                              sec-fetch-mode: cors
                              sec-fetch-dest: empty
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Sun, 12 May 2024 16:06:36 GMT
                              content-type: application/javascript
                              last-modified: Mon, 18 Sep 2023 08:57:04 GMT
                              expires: Mon, 13 May 2024 16:06:36 GMT
                              etag: W/"650810e0-59a52"
                              access-control-allow-origin: *
                              access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
                              access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,x-backtory-cdn-master,x-backtory-cdn-secret
                              cache-control: max-age=86400
                              x-cache-status: HIT
                              cache-control: public
                              x-powered-by: Backtory
                              content-encoding: gzip
                              strict-transport-security: max-age=15724800; includeSubDomains
                            • flag-ir
                              GET
                              https://ma-cdn.pegah.tech/serve/rahsabanet.ir/publisher.json
                              msedge.exe
                              Remote address:
                              45.94.255.25:443
                              Request
                              GET /serve/rahsabanet.ir/publisher.json HTTP/2.0
                              host: ma-cdn.pegah.tech
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              accept: application/json, text/plain, */*
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              origin: null
                              sec-fetch-site: cross-site
                              sec-fetch-mode: cors
                              sec-fetch-dest: empty
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Sun, 12 May 2024 16:06:36 GMT
                              content-type: application/json;charset=UTF-8
                              content-length: 0
                              access-control-allow-origin: *
                              access-control-allow-credentials: false
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
                              access-control-allow-headers: x-auth-token, x-requested-with, content-type, content-encoding, accept, origin, referer, Authorization, x-xsrf-token, x-csrf-token
                              access-control-expose-headers: x-requested-with
                              strict-transport-security: max-age=15724800; includeSubDomains
                            • flag-us
                              DNS
                              10.254.94.45.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              10.254.94.45.in-addr.arpa
                              IN PTR
                              Response
                              10.254.94.45.in-addr.arpa
                              IN PTR
                              hostsindadorg
                            • flag-us
                              DNS
                              www.retain.ir
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.retain.ir
                              IN A
                              Response
                              www.retain.ir
                              IN CNAME
                              service1.parsdata.com
                              service1.parsdata.com
                              IN A
                              185.128.81.64
                            • flag-us
                              DNS
                              10.255.94.45.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              10.255.94.45.in-addr.arpa
                              IN PTR
                              Response
                              10.255.94.45.in-addr.arpa
                              IN PTR
                              hostsindadcloud
                            • flag-us
                              DNS
                              g.bing.com
                              Remote address:
                              8.8.8.8:53
                              Request
                              g.bing.com
                              IN A
                              Response
                              g.bing.com
                              IN CNAME
                              g-bing-com.dual-a-0034.a-msedge.net
                              g-bing-com.dual-a-0034.a-msedge.net
                              IN CNAME
                              dual-a-0034.a-msedge.net
                              dual-a-0034.a-msedge.net
                              IN A
                              204.79.197.237
                              dual-a-0034.a-msedge.net
                              IN A
                              13.107.21.237
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                              Remote address:
                              204.79.197.237:443
                              Request
                              GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              set-cookie: MUID=1A826E1C329E6D4904A97A61337E6C21; domain=.bing.com; expires=Fri, 06-Jun-2025 16:06:38 GMT; path=/; SameSite=None; Secure; Priority=High;
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: CF9B4CC7AED14346A746C2FB571334C3 Ref B: LON04EDGE1218 Ref C: 2024-05-12T16:06:38Z
                              date: Sun, 12 May 2024 16:06:38 GMT
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                              Remote address:
                              204.79.197.237:443
                              Request
                              GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              cookie: MUID=1A826E1C329E6D4904A97A61337E6C21; _EDGE_S=SID=3E4EAEF2133661FC3CD7BA8F129C6056
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              set-cookie: MSPTC=f9H-7PhJazB8Ap1rFWtxSDpBbuD1ZbdzxOwDpo49zuw; domain=.bing.com; expires=Fri, 06-Jun-2025 16:06:39 GMT; path=/; Partitioned; secure; SameSite=None
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: C19A5C0D185742C8AED8940BA1791C8C Ref B: LON04EDGE1218 Ref C: 2024-05-12T16:06:39Z
                              date: Sun, 12 May 2024 16:06:39 GMT
                            • flag-nl
                              GET
                              https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                              Remote address:
                              23.62.61.72:443
                              Request
                              GET /aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
                              host: www.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              cookie: MUID=1A826E1C329E6D4904A97A61337E6C21
                              Response
                              HTTP/2.0 200
                              cache-control: private,no-store
                              pragma: no-cache
                              vary: Origin
                              p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 3B99D80F2A39425F96D224545ED32346 Ref B: DUS30EDGE0815 Ref C: 2024-05-12T16:06:39Z
                              content-length: 0
                              date: Sun, 12 May 2024 16:06:39 GMT
                              set-cookie: _EDGE_S=SID=3E4EAEF2133661FC3CD7BA8F129C6056; path=/; httponly; domain=bing.com
                              set-cookie: MUIDB=1A826E1C329E6D4904A97A61337E6C21; path=/; httponly; expires=Fri, 06-Jun-2025 16:06:39 GMT
                              alt-svc: h3=":443"; ma=93600
                              x-cdn-traceid: 0.443d3e17.1715529999.a9a9cd2
                            • flag-us
                              DNS
                              237.197.79.204.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              237.197.79.204.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              72.61.62.23.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              72.61.62.23.in-addr.arpa
                              IN PTR
                              Response
                              72.61.62.23.in-addr.arpa
                              IN PTR
                              a23-62-61-72deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              88.156.103.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              88.156.103.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-nl
                              GET
                              https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                              Remote address:
                              23.62.61.72:443
                              Request
                              GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                              host: www.bing.com
                              accept: */*
                              cookie: MUID=1A826E1C329E6D4904A97A61337E6C21; _EDGE_S=SID=3E4EAEF2133661FC3CD7BA8F129C6056; MSPTC=f9H-7PhJazB8Ap1rFWtxSDpBbuD1ZbdzxOwDpo49zuw; MUIDB=1A826E1C329E6D4904A97A61337E6C21
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-type: image/png
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              content-length: 1107
                              date: Sun, 12 May 2024 16:06:41 GMT
                              alt-svc: h3=":443"; ma=93600
                              x-cdn-traceid: 0.443d3e17.1715530001.a9aa68d
                            • flag-us
                              DNS
                              232.168.11.51.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              232.168.11.51.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              26.165.165.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              26.165.165.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              15.164.165.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              15.164.165.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              142.53.16.96.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              142.53.16.96.in-addr.arpa
                              IN PTR
                              Response
                              142.53.16.96.in-addr.arpa
                              IN PTR
                              a96-16-53-142deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              55.36.223.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              55.36.223.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              22.236.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              22.236.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              tse1.mm.bing.net
                              Remote address:
                              8.8.8.8:53
                              Request
                              tse1.mm.bing.net
                              IN A
                              Response
                              tse1.mm.bing.net
                              IN CNAME
                              mm-mm.bing.net.trafficmanager.net
                              mm-mm.bing.net.trafficmanager.net
                              IN CNAME
                              dual-a-0001.a-msedge.net
                              dual-a-0001.a-msedge.net
                              IN A
                              204.79.197.200
                              dual-a-0001.a-msedge.net
                              IN A
                              13.107.21.200
                            • flag-us
                              DNS
                              43.58.199.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              43.58.199.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              Remote address:
                              204.79.197.200:443
                              Request
                              GET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 382817
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 0DA43B01354242D9B548510C3DBB36BB Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
                              date: Sun, 12 May 2024 16:08:18 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                              Remote address:
                              204.79.197.200:443
                              Request
                              GET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 476246
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: A3AB043FCB25490C886B681530611AB6 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
                              date: Sun, 12 May 2024 16:08:18 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                              Remote address:
                              204.79.197.200:443
                              Request
                              GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 627437
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 30917FF79798448082F4B322F205058C Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
                              date: Sun, 12 May 2024 16:08:18 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                              Remote address:
                              204.79.197.200:443
                              Request
                              GET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 499516
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 9E6682E48F074AA1A14E939B3B8E6C43 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
                              date: Sun, 12 May 2024 16:08:18 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              Remote address:
                              204.79.197.200:443
                              Request
                              GET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 464243
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 90254F77834F45808BC7C520E4207890 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
                              date: Sun, 12 May 2024 16:08:18 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              Remote address:
                              204.79.197.200:443
                              Request
                              GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 792794
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 97B267DF40A8495EB286616BA06034A8 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:19Z
                              date: Sun, 12 May 2024 16:08:18 GMT
                            • flag-us
                              DNS
                              200.197.79.204.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              200.197.79.204.in-addr.arpa
                              IN PTR
                              Response
                              200.197.79.204.in-addr.arpa
                              IN PTR
                              a-0001a-msedgenet
                            • flag-us
                              DNS
                              200.197.79.204.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              200.197.79.204.in-addr.arpa
                              IN PTR
                              Response
                              200.197.79.204.in-addr.arpa
                              IN PTR
                              a-0001a-msedgenet
                            • flag-us
                              DNS
                              24.73.42.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              24.73.42.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              24.73.42.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              24.73.42.20.in-addr.arpa
                              IN PTR
                              Response
                            • 192.0.73.2:443
                              https://secure.gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g
                              tls, http2
                              msedge.exe
                              4.7kB
                              33.7kB
                              49
                              49

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=g

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=g

                              HTTP Request

                              GET https://secure.gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200
                            • 192.0.73.2:443
                              secure.gravatar.com
                              tls, http2
                              msedge.exe
                              1.1kB
                              4.8kB
                              11
                              9
                            • 192.0.73.2:443
                              secure.gravatar.com
                              tls, http2
                              msedge.exe
                              1.1kB
                              4.8kB
                              11
                              9
                            • 192.0.73.2:443
                              secure.gravatar.com
                              tls, http2
                              msedge.exe
                              1.1kB
                              4.8kB
                              11
                              9
                            • 192.0.73.2:443
                              secure.gravatar.com
                              tls
                              msedge.exe
                              1.0kB
                              4.7kB
                              10
                              8
                            • 192.0.73.2:443
                              secure.gravatar.com
                              tls, http2
                              msedge.exe
                              1.1kB
                              4.8kB
                              11
                              9
                            • 45.94.255.25:443
                              https://s1.mediaad.org/serve/rahsabanet.ir/loader.js
                              tls, http2
                              msedge.exe
                              1.7kB
                              5.7kB
                              14
                              17

                              HTTP Request

                              GET https://s1.mediaad.org/serve/rahsabanet.ir/loader.js

                              HTTP Response

                              302
                            • 2.18.190.81:80
                              http://apps.identrust.com/roots/dstrootcax3.p7c
                              http
                              msedge.exe
                              468 B
                              1.7kB
                              7
                              6

                              HTTP Request

                              GET http://apps.identrust.com/roots/dstrootcax3.p7c

                              HTTP Response

                              200
                            • 45.94.254.10:443
                              https://loader.tapsell.ir/static/loader.js
                              tls, http2
                              msedge.exe
                              3.3kB
                              83.8kB
                              49
                              73

                              HTTP Request

                              GET https://loader.tapsell.ir/static/loader.js

                              HTTP Response

                              200
                            • 45.94.255.10:443
                              https://mediacdn.mediaad.org/static/fingerprint.html
                              tls, http2
                              msedge.exe
                              1.9kB
                              7.8kB
                              15
                              17

                              HTTP Request

                              GET https://mediacdn.mediaad.org/static/fingerprint.html

                              HTTP Response

                              200
                            • 45.94.255.10:443
                              https://storage.backtory.com/tapsell-server/loader/lottie-player-2.0.2.js
                              tls, http2
                              msedge.exe
                              4.0kB
                              119.8kB
                              63
                              99

                              HTTP Request

                              GET https://storage.backtory.com/tapsell-server/loader/lottie-player-2.0.2.js

                              HTTP Response

                              200
                            • 45.94.255.25:443
                              https://ma-cdn.pegah.tech/serve/rahsabanet.ir/publisher.json
                              tls, http2
                              msedge.exe
                              1.8kB
                              5.9kB
                              15
                              17

                              HTTP Request

                              GET https://ma-cdn.pegah.tech/serve/rahsabanet.ir/publisher.json

                              HTTP Response

                              200
                            • 185.128.81.64:443
                              www.retain.ir
                              msedge.exe
                              260 B
                              5
                            • 185.128.81.64:443
                              www.retain.ir
                              msedge.exe
                              260 B
                              5
                            • 204.79.197.237:443
                              https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                              tls, http2
                              2.5kB
                              9.0kB
                              19
                              16

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                              HTTP Response

                              204

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                              HTTP Response

                              204
                            • 23.62.61.72:443
                              https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                              tls, http2
                              1.5kB
                              5.4kB
                              17
                              13

                              HTTP Request

                              GET https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

                              HTTP Response

                              200
                            • 23.62.61.72:443
                              https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                              tls, http2
                              1.6kB
                              6.4kB
                              17
                              13

                              HTTP Request

                              GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                              HTTP Response

                              200
                            • 204.79.197.200:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              8.1kB
                              16
                              14
                            • 204.79.197.200:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              8.1kB
                              16
                              13
                            • 204.79.197.200:443
                              https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              tls, http2
                              116.5kB
                              3.4MB
                              2450
                              2444

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                              HTTP Response

                              200
                            • 204.79.197.200:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              8.1kB
                              16
                              14
                            • 204.79.197.200:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              8.1kB
                              16
                              13
                            • 8.8.8.8:53
                              s.w.org
                              dns
                              msedge.exe
                              53 B
                              69 B
                              1
                              1

                              DNS Request

                              s.w.org

                              DNS Response

                              192.0.77.48

                            • 8.8.8.8:53
                              rahsabanet.ir
                              dns
                              msedge.exe
                              59 B
                              108 B
                              1
                              1

                              DNS Request

                              rahsabanet.ir

                            • 8.8.8.8:53
                              228.249.119.40.in-addr.arpa
                              dns
                              73 B
                              159 B
                              1
                              1

                              DNS Request

                              228.249.119.40.in-addr.arpa

                            • 8.8.8.8:53
                              71.159.190.20.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              71.159.190.20.in-addr.arpa

                            • 8.8.8.8:53
                              240.197.17.2.in-addr.arpa
                              dns
                              71 B
                              135 B
                              1
                              1

                              DNS Request

                              240.197.17.2.in-addr.arpa

                            • 8.8.8.8:53
                              secure.gravatar.com
                              dns
                              msedge.exe
                              65 B
                              81 B
                              1
                              1

                              DNS Request

                              secure.gravatar.com

                              DNS Response

                              192.0.73.2

                            • 8.8.8.8:53
                              s1.mediaad.org
                              dns
                              msedge.exe
                              60 B
                              125 B
                              1
                              1

                              DNS Request

                              s1.mediaad.org

                              DNS Response

                              45.94.255.25
                              45.94.254.25
                              45.94.254.24

                            • 8.8.8.8:53
                              apps.identrust.com
                              dns
                              msedge.exe
                              64 B
                              165 B
                              1
                              1

                              DNS Request

                              apps.identrust.com

                              DNS Response

                              2.18.190.81
                              2.18.190.80

                            • 8.8.8.8:53
                              2.73.0.192.in-addr.arpa
                              dns
                              69 B
                              134 B
                              1
                              1

                              DNS Request

                              2.73.0.192.in-addr.arpa

                            • 8.8.8.8:53
                              81.190.18.2.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              81.190.18.2.in-addr.arpa

                            • 8.8.8.8:53
                              25.255.94.45.in-addr.arpa
                              dns
                              71 B
                              102 B
                              1
                              1

                              DNS Request

                              25.255.94.45.in-addr.arpa

                            • 8.8.8.8:53
                              loader.tapsell.ir
                              dns
                              msedge.exe
                              63 B
                              95 B
                              1
                              1

                              DNS Request

                              loader.tapsell.ir

                              DNS Response

                              45.94.254.10
                              45.94.255.10

                            • 8.8.8.8:53
                              mediacdn.mediaad.org
                              dns
                              msedge.exe
                              66 B
                              114 B
                              1
                              1

                              DNS Request

                              mediacdn.mediaad.org

                              DNS Response

                              45.94.255.10
                              45.94.254.21
                              45.94.254.10

                            • 8.8.8.8:53
                              storage.backtory.com
                              dns
                              msedge.exe
                              66 B
                              98 B
                              1
                              1

                              DNS Request

                              storage.backtory.com

                              DNS Response

                              45.94.255.10
                              45.94.254.10

                            • 8.8.8.8:53
                              ma-cdn.pegah.tech
                              dns
                              msedge.exe
                              63 B
                              139 B
                              1
                              1

                              DNS Request

                              ma-cdn.pegah.tech

                              DNS Response

                              45.94.255.25
                              45.94.254.25
                              45.94.254.24

                            • 8.8.8.8:53
                              10.254.94.45.in-addr.arpa
                              dns
                              71 B
                              100 B
                              1
                              1

                              DNS Request

                              10.254.94.45.in-addr.arpa

                            • 8.8.8.8:53
                              www.retain.ir
                              dns
                              msedge.exe
                              59 B
                              110 B
                              1
                              1

                              DNS Request

                              www.retain.ir

                              DNS Response

                              185.128.81.64

                            • 8.8.8.8:53
                              10.255.94.45.in-addr.arpa
                              dns
                              71 B
                              102 B
                              1
                              1

                              DNS Request

                              10.255.94.45.in-addr.arpa

                            • 8.8.8.8:53
                              g.bing.com
                              dns
                              56 B
                              151 B
                              1
                              1

                              DNS Request

                              g.bing.com

                              DNS Response

                              204.79.197.237
                              13.107.21.237

                            • 224.0.0.251:5353
                              468 B
                              7
                            • 8.8.8.8:53
                              237.197.79.204.in-addr.arpa
                              dns
                              73 B
                              143 B
                              1
                              1

                              DNS Request

                              237.197.79.204.in-addr.arpa

                            • 8.8.8.8:53
                              72.61.62.23.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              72.61.62.23.in-addr.arpa

                            • 8.8.8.8:53
                              88.156.103.20.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              88.156.103.20.in-addr.arpa

                            • 8.8.8.8:53
                              232.168.11.51.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              232.168.11.51.in-addr.arpa

                            • 8.8.8.8:53
                              26.165.165.52.in-addr.arpa
                              dns
                              72 B
                              146 B
                              1
                              1

                              DNS Request

                              26.165.165.52.in-addr.arpa

                            • 8.8.8.8:53
                              15.164.165.52.in-addr.arpa
                              dns
                              72 B
                              146 B
                              1
                              1

                              DNS Request

                              15.164.165.52.in-addr.arpa

                            • 8.8.8.8:53
                              142.53.16.96.in-addr.arpa
                              dns
                              71 B
                              135 B
                              1
                              1

                              DNS Request

                              142.53.16.96.in-addr.arpa

                            • 8.8.8.8:53
                              55.36.223.20.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              55.36.223.20.in-addr.arpa

                            • 8.8.8.8:53
                              22.236.111.52.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              22.236.111.52.in-addr.arpa

                            • 8.8.8.8:53
                              tse1.mm.bing.net
                              dns
                              62 B
                              173 B
                              1
                              1

                              DNS Request

                              tse1.mm.bing.net

                              DNS Response

                              204.79.197.200
                              13.107.21.200

                            • 8.8.8.8:53
                              43.58.199.20.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              43.58.199.20.in-addr.arpa

                            • 8.8.8.8:53
                              200.197.79.204.in-addr.arpa
                              dns
                              146 B
                              212 B
                              2
                              2

                              DNS Request

                              200.197.79.204.in-addr.arpa

                              DNS Request

                              200.197.79.204.in-addr.arpa

                            • 8.8.8.8:53
                              24.73.42.20.in-addr.arpa
                              dns
                              140 B
                              312 B
                              2
                              2

                              DNS Request

                              24.73.42.20.in-addr.arpa

                              DNS Request

                              24.73.42.20.in-addr.arpa

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              c9c4c494f8fba32d95ba2125f00586a3

                              SHA1

                              8a600205528aef7953144f1cf6f7a5115e3611de

                              SHA256

                              a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                              SHA512

                              9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              4dc6fc5e708279a3310fe55d9c44743d

                              SHA1

                              a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                              SHA256

                              a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                              SHA512

                              5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              565B

                              MD5

                              abee18d9d9df7a896c80f55dc1369106

                              SHA1

                              dbd15875c8eb1cb74e7b25f6ed64d3f21effced6

                              SHA256

                              81be6c7617949aded8024f2a6885d4e46937cc3e346ac8c42ca60e2231d2a017

                              SHA512

                              2f7463ef71a1806d80d584727b60f67b87ef69b3904be47ba68569f183a0340384ed1ed9a452188be426824181f02e50b58cea4bf6c1cba75af9bee6a19afa9a

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              c2889adeaf57902191811245f1792abb

                              SHA1

                              9bf069bb7f5e1fbd684e784a32be1f97bde7aacd

                              SHA256

                              0be116cd11ce0e30ec2fc492aeb09c8d0f264919a9df7c3107a8cefc3560ba40

                              SHA512

                              7bc9ba9e19952dfc2986d9091e1ca80230ec17c66b1df35bdbe45afa34eb56172ad8a4214d16122bfe1a41e8b2804f16f5dada022d30b0c48d4e2a7c9e40b325

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              b5b481653775d0a808c7795f48089859

                              SHA1

                              6ab9d708b78ed594af61d4dfe9ae81b5c0dde135

                              SHA256

                              6d0c45bf2dfad6a8f57cc845e05bb21c334abda9607997d00d4b123371e75d38

                              SHA512

                              e561e5df0b6f49ca0ff1bf349794b54dbc1fca8cfefb1c894c8e30a1a209d04c6d10049ced0d185055d14cc417fce4402d20e6325b37291e3c185e9e1eafabc4

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              11KB

                              MD5

                              7e8d6a5fb379b1fb186b664f346b7975

                              SHA1

                              338e9a55d3cef7af3a7a783e8d942c99f39507f7

                              SHA256

                              2714b26058ac5161aedbb7781dd07109aa6892b681be1b3f1aea368368066f5c

                              SHA512

                              e2442206953e3021ec6b55e440c477e710b30ab519aed9db927bd799dd04ff550f8629df137599b3cd6dd16bd4df22a221fe83df672916be658d0c0e5ab0023e

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.