Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
12/05/2024, 16:06 UTC
Static task
static1
Behavioral task
behavioral1
Sample
3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html
-
Size
154KB
-
MD5
3af436e4ab0784e768291ac7cb6f39df
-
SHA1
32a863b6ce95944571af9b3da92d59802b5948dd
-
SHA256
6161f58c980f4ac5dcf9b1a7784e30693ac64379c8d6bd535d0e97d261769cee
-
SHA512
5b262428104190beb9a06f080cc1920974b2e9d2d21445bf2ba3e7aa5581b7c2527dc503a03f467fb4e85249584d4f71fb79d68fb1279cc439ecfa355352c0ee
-
SSDEEP
3072:2eDdih9fVnXr6GFQ5t3rN941m+cuFaGQfTajTe95dtU93vB6svTgRJ0eEZzUkaNF:2h9fVnXr6GFQ55r81m+cuFaGQfTajTel
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2820 msedge.exe 2820 msedge.exe 3228 msedge.exe 3228 msedge.exe 3040 identity_helper.exe 3040 identity_helper.exe 3180 msedge.exe 3180 msedge.exe 3180 msedge.exe 3180 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe 3228 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3228 wrote to memory of 1176 3228 msedge.exe 83 PID 3228 wrote to memory of 1176 3228 msedge.exe 83 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2692 3228 msedge.exe 84 PID 3228 wrote to memory of 2820 3228 msedge.exe 85 PID 3228 wrote to memory of 2820 3228 msedge.exe 85 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86 PID 3228 wrote to memory of 4976 3228 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3228 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad347182⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12266613164932624248,11777902997807326044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3180
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2360
Network
-
Remote address:8.8.8.8:53Requests.w.orgIN AResponses.w.orgIN A192.0.77.48
-
Remote address:8.8.8.8:53Requestrahsabanet.irIN AResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.197.17.2.in-addr.arpaIN PTRResponse240.197.17.2.in-addr.arpaIN PTRa2-17-197-240deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestsecure.gravatar.comIN AResponsesecure.gravatar.comIN A192.0.73.2
-
Remote address:192.0.73.2:443RequestGET /avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1102
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="88fdaa4264c45bbe2598ed35c2a843d1.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1102
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="ae583c90f0520ec037b7e01981bcc52a.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="986d1b26875105ba43118db1bd2e329b.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1102
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="6240157980dded2e663f7d1a45bc576e.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="59de912b818b932582c09c46c120bd8d.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="4e74962ae2307518b5e594aea018189a.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1102
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="429eb621824e4e4e7a91be14bf5b3b92.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 2266
last-modified: Mon, 18 Dec 2017 09:04:49 GMT
link: <https://gravatar.com/avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=g>; rel="canonical"
content-disposition: inline; filename="741a320467a0796810626079b2d3b981.jpeg"
access-control-allow-origin: *
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="0a9238d38c04b560df28def50452d6f8.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1102
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="205d812bb7edea5eeb641d8cc40ce4bd.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="3aeb3fe619b96c130f4a2331f94cec43.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="6369239132b94cba5465e0b2f5745b0f.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="66633afb43162f757754741702defe03.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1125
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="0b8096376eb6d69d0648910758d7db2e.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1099
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="88fdaa4264c45bbe2598ed35c2a843d1.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1131
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="39227c0e01c3b6c7ee12d5b43d054617.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:192.0.73.2:443RequestGET /avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Sun, 12 May 2024 16:06:35 GMT
content-type: image/jpeg
content-length: 1131
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="4c7ec454fd3743c76f1d0b30f93ef266.png"
expires: Sun, 12 May 2024 16:11:35 GMT
cache-control: max-age=300
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
-
Remote address:8.8.8.8:53Requests1.mediaad.orgIN AResponses1.mediaad.orgIN CNAMEhz.mediaad.orghz.mediaad.orgIN A45.94.255.25hz.mediaad.orgIN A45.94.254.25hz.mediaad.orgIN A45.94.254.24
-
Remote address:45.94.255.25:443RequestGET /serve/rahsabanet.ir/loader.js HTTP/2.0
host: s1.mediaad.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-type: text/html
content-length: 138
location: https://loader.tapsell.ir/static/loader.js
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A2.18.190.81a1952.dscq.akamai.netIN A2.18.190.80
-
Remote address:2.18.190.81:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sun, 12 May 2024 17:06:35 GMT
Date: Sun, 12 May 2024 16:06:35 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Request2.73.0.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.190.18.2.in-addr.arpaIN PTRResponse81.190.18.2.in-addr.arpaIN PTRa2-18-190-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request25.255.94.45.in-addr.arpaIN PTRResponse25.255.94.45.in-addr.arpaIN PTRhostsindadcloud
-
Remote address:8.8.8.8:53Requestloader.tapsell.irIN AResponseloader.tapsell.irIN A45.94.254.10loader.tapsell.irIN A45.94.255.10
-
Remote address:45.94.254.10:443RequestGET /static/loader.js HTTP/2.0
host: loader.tapsell.ir
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript
last-modified: Mon, 29 Apr 2024 07:36:52 GMT
etag: W/"662f4e14-36994"
access-control-allow-origin: *
expires: Mon, 13 May 2024 16:06:36 GMT
cache-control: max-age=86400
x-cache-status: HIT
cache-control: public
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
-
Remote address:8.8.8.8:53Requestmediacdn.mediaad.orgIN AResponsemediacdn.mediaad.orgIN A45.94.255.10mediacdn.mediaad.orgIN A45.94.254.21mediacdn.mediaad.orgIN A45.94.254.10
-
Remote address:8.8.8.8:53Requeststorage.backtory.comIN AResponsestorage.backtory.comIN A45.94.255.10storage.backtory.comIN A45.94.254.10
-
Remote address:8.8.8.8:53Requestma-cdn.pegah.techIN AResponsema-cdn.pegah.techIN CNAMEhz.mediaad.orghz.mediaad.orgIN A45.94.255.25hz.mediaad.orgIN A45.94.254.25hz.mediaad.orgIN A45.94.254.24
-
Remote address:45.94.255.10:443RequestGET /static/fingerprint.html HTTP/2.0
host: mediacdn.mediaad.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
access-control-allow-headers: x-auth-token, x-requested-with, content-type, content-encoding, accept, origin, referer, Authorization, x-xsrf-token, x-csrf-token
access-control-expose-headers: x-requested-with
strict-transport-security: max-age=15724800; includeSubDomains
expires: Mon, 13 May 2024 16:06:36 GMT
cache-control: max-age=86400
x-cache-status: HIT
cache-control: public
content-encoding: gzip
-
Remote address:45.94.255.10:443RequestGET /tapsell-server/loader/lottie-player-2.0.2.js HTTP/2.0
host: storage.backtory.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript
last-modified: Mon, 18 Sep 2023 08:57:04 GMT
expires: Mon, 13 May 2024 16:06:36 GMT
etag: W/"650810e0-59a52"
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,x-backtory-cdn-master,x-backtory-cdn-secret
cache-control: max-age=86400
x-cache-status: HIT
cache-control: public
x-powered-by: Backtory
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
-
Remote address:45.94.255.25:443RequestGET /serve/rahsabanet.ir/publisher.json HTTP/2.0
host: ma-cdn.pegah.tech
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: application/json, text/plain, */*
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/json;charset=UTF-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
access-control-allow-headers: x-auth-token, x-requested-with, content-type, content-encoding, accept, origin, referer, Authorization, x-xsrf-token, x-csrf-token
access-control-expose-headers: x-requested-with
strict-transport-security: max-age=15724800; includeSubDomains
-
Remote address:8.8.8.8:53Request10.254.94.45.in-addr.arpaIN PTRResponse10.254.94.45.in-addr.arpaIN PTRhostsindadorg
-
Remote address:8.8.8.8:53Requestwww.retain.irIN AResponsewww.retain.irIN CNAMEservice1.parsdata.comservice1.parsdata.comIN A185.128.81.64
-
Remote address:8.8.8.8:53Request10.255.94.45.in-addr.arpaIN PTRResponse10.255.94.45.in-addr.arpaIN PTRhostsindadcloud
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1A826E1C329E6D4904A97A61337E6C21; domain=.bing.com; expires=Fri, 06-Jun-2025 16:06:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CF9B4CC7AED14346A746C2FB571334C3 Ref B: LON04EDGE1218 Ref C: 2024-05-12T16:06:38Z
date: Sun, 12 May 2024 16:06:38 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1A826E1C329E6D4904A97A61337E6C21; _EDGE_S=SID=3E4EAEF2133661FC3CD7BA8F129C6056
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=f9H-7PhJazB8Ap1rFWtxSDpBbuD1ZbdzxOwDpo49zuw; domain=.bing.com; expires=Fri, 06-Jun-2025 16:06:39 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C19A5C0D185742C8AED8940BA1791C8C Ref B: LON04EDGE1218 Ref C: 2024-05-12T16:06:39Z
date: Sun, 12 May 2024 16:06:39 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644Remote address:23.62.61.72:443RequestGET /aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1A826E1C329E6D4904A97A61337E6C21
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3B99D80F2A39425F96D224545ED32346 Ref B: DUS30EDGE0815 Ref C: 2024-05-12T16:06:39Z
content-length: 0
date: Sun, 12 May 2024 16:06:39 GMT
set-cookie: _EDGE_S=SID=3E4EAEF2133661FC3CD7BA8F129C6056; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1A826E1C329E6D4904A97A61337E6C21; path=/; httponly; expires=Fri, 06-Jun-2025 16:06:39 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.443d3e17.1715529999.a9a9cd2
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request72.61.62.23.in-addr.arpaIN PTRResponse72.61.62.23.in-addr.arpaIN PTRa23-62-61-72deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.72:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=1A826E1C329E6D4904A97A61337E6C21; _EDGE_S=SID=3E4EAEF2133661FC3CD7BA8F129C6056; MSPTC=f9H-7PhJazB8Ap1rFWtxSDpBbuD1ZbdzxOwDpo49zuw; MUIDB=1A826E1C329E6D4904A97A61337E6C21
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Sun, 12 May 2024 16:06:41 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.443d3e17.1715530001.a9aa68d
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request142.53.16.96.in-addr.arpaIN PTRResponse142.53.16.96.in-addr.arpaIN PTRa96-16-53-142deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 382817
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DA43B01354242D9B548510C3DBB36BB Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
date: Sun, 12 May 2024 16:08:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 476246
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3AB043FCB25490C886B681530611AB6 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
date: Sun, 12 May 2024 16:08:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 30917FF79798448082F4B322F205058C Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
date: Sun, 12 May 2024 16:08:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 499516
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9E6682E48F074AA1A14E939B3B8E6C43 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
date: Sun, 12 May 2024 16:08:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 464243
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 90254F77834F45808BC7C520E4207890 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:18Z
date: Sun, 12 May 2024 16:08:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 97B267DF40A8495EB286616BA06034A8 Ref B: LON04EDGE1105 Ref C: 2024-05-12T16:08:19Z
date: Sun, 12 May 2024 16:08:18 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request24.73.42.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request24.73.42.20.in-addr.arpaIN PTRResponse
-
192.0.73.2:443https://secure.gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=gtls, http2msedge.exe4.7kB 33.7kB 49 49
HTTP Request
GET https://secure.gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/6240157980dded2e663f7d1a45bc576e?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/ae583c90f0520ec037b7e01981bcc52a?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/59de912b818b932582c09c46c120bd8d?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/986d1b26875105ba43118db1bd2e329b?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/4e74962ae2307518b5e594aea018189a?s=54&d=mm&r=gHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://secure.gravatar.com/avatar/429eb621824e4e4e7a91be14bf5b3b92?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/0a9238d38c04b560df28def50452d6f8?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/741a320467a0796810626079b2d3b981?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/205d812bb7edea5eeb641d8cc40ce4bd?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/3aeb3fe619b96c130f4a2331f94cec43?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/6369239132b94cba5465e0b2f5745b0f?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/0b8096376eb6d69d0648910758d7db2e?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/66633afb43162f757754741702defe03?s=54&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/88fdaa4264c45bbe2598ed35c2a843d1?s=52&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/4c7ec454fd3743c76f1d0b30f93ef266?s=52&d=mm&r=gHTTP Request
GET https://secure.gravatar.com/avatar/39227c0e01c3b6c7ee12d5b43d054617?s=52&d=mm&r=gHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.1kB 4.8kB 11 9
-
1.1kB 4.8kB 11 9
-
1.1kB 4.8kB 11 9
-
1.0kB 4.7kB 10 8
-
1.1kB 4.8kB 11 9
-
1.7kB 5.7kB 14 17
HTTP Request
GET https://s1.mediaad.org/serve/rahsabanet.ir/loader.jsHTTP Response
302 -
468 B 1.7kB 7 6
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
3.3kB 83.8kB 49 73
HTTP Request
GET https://loader.tapsell.ir/static/loader.jsHTTP Response
200 -
1.9kB 7.8kB 15 17
HTTP Request
GET https://mediacdn.mediaad.org/static/fingerprint.htmlHTTP Response
200 -
45.94.255.10:443https://storage.backtory.com/tapsell-server/loader/lottie-player-2.0.2.jstls, http2msedge.exe4.0kB 119.8kB 63 99
HTTP Request
GET https://storage.backtory.com/tapsell-server/loader/lottie-player-2.0.2.jsHTTP Response
200 -
1.8kB 5.9kB 15 17
HTTP Request
GET https://ma-cdn.pegah.tech/serve/rahsabanet.ir/publisher.jsonHTTP Response
200 -
260 B 5
-
260 B 5
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4tls, http22.5kB 9.0kB 19 16
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4HTTP Response
204 -
23.62.61.72:443https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644tls, http21.5kB 5.4kB 17 13
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644HTTP Response
200 -
23.62.61.72:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.6kB 6.4kB 17 13
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 13
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2116.5kB 3.4MB 2450 2444
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 13
-
53 B 69 B 1 1
DNS Request
s.w.org
DNS Response
192.0.77.48
-
59 B 108 B 1 1
DNS Request
rahsabanet.ir
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
240.197.17.2.in-addr.arpa
-
65 B 81 B 1 1
DNS Request
secure.gravatar.com
DNS Response
192.0.73.2
-
60 B 125 B 1 1
DNS Request
s1.mediaad.org
DNS Response
45.94.255.2545.94.254.2545.94.254.24
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
2.18.190.812.18.190.80
-
69 B 134 B 1 1
DNS Request
2.73.0.192.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.190.18.2.in-addr.arpa
-
71 B 102 B 1 1
DNS Request
25.255.94.45.in-addr.arpa
-
63 B 95 B 1 1
DNS Request
loader.tapsell.ir
DNS Response
45.94.254.1045.94.255.10
-
66 B 114 B 1 1
DNS Request
mediacdn.mediaad.org
DNS Response
45.94.255.1045.94.254.2145.94.254.10
-
66 B 98 B 1 1
DNS Request
storage.backtory.com
DNS Response
45.94.255.1045.94.254.10
-
63 B 139 B 1 1
DNS Request
ma-cdn.pegah.tech
DNS Response
45.94.255.2545.94.254.2545.94.254.24
-
71 B 100 B 1 1
DNS Request
10.254.94.45.in-addr.arpa
-
59 B 110 B 1 1
DNS Request
www.retain.ir
DNS Response
185.128.81.64
-
71 B 102 B 1 1
DNS Request
10.255.94.45.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
468 B 7
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
72.61.62.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
142.53.16.96.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
146 B 212 B 2 2
DNS Request
200.197.79.204.in-addr.arpa
DNS Request
200.197.79.204.in-addr.arpa
-
140 B 312 B 2 2
DNS Request
24.73.42.20.in-addr.arpa
DNS Request
24.73.42.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
565B
MD5abee18d9d9df7a896c80f55dc1369106
SHA1dbd15875c8eb1cb74e7b25f6ed64d3f21effced6
SHA25681be6c7617949aded8024f2a6885d4e46937cc3e346ac8c42ca60e2231d2a017
SHA5122f7463ef71a1806d80d584727b60f67b87ef69b3904be47ba68569f183a0340384ed1ed9a452188be426824181f02e50b58cea4bf6c1cba75af9bee6a19afa9a
-
Filesize
5KB
MD5c2889adeaf57902191811245f1792abb
SHA19bf069bb7f5e1fbd684e784a32be1f97bde7aacd
SHA2560be116cd11ce0e30ec2fc492aeb09c8d0f264919a9df7c3107a8cefc3560ba40
SHA5127bc9ba9e19952dfc2986d9091e1ca80230ec17c66b1df35bdbe45afa34eb56172ad8a4214d16122bfe1a41e8b2804f16f5dada022d30b0c48d4e2a7c9e40b325
-
Filesize
6KB
MD5b5b481653775d0a808c7795f48089859
SHA16ab9d708b78ed594af61d4dfe9ae81b5c0dde135
SHA2566d0c45bf2dfad6a8f57cc845e05bb21c334abda9607997d00d4b123371e75d38
SHA512e561e5df0b6f49ca0ff1bf349794b54dbc1fca8cfefb1c894c8e30a1a209d04c6d10049ced0d185055d14cc417fce4402d20e6325b37291e3c185e9e1eafabc4
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD57e8d6a5fb379b1fb186b664f346b7975
SHA1338e9a55d3cef7af3a7a783e8d942c99f39507f7
SHA2562714b26058ac5161aedbb7781dd07109aa6892b681be1b3f1aea368368066f5c
SHA512e2442206953e3021ec6b55e440c477e710b30ab519aed9db927bd799dd04ff550f8629df137599b3cd6dd16bd4df22a221fe83df672916be658d0c0e5ab0023e