7effe2ac62b3cabdd99331810b054c858aa3ec92c4312d64c470971919b6a529

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 21:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html
Size

32KB
MD5

68b7d5bd2fcfa5ee3c3ae43147aa40b6
SHA1

c542164d4ea44cae9aff33f15af9659506ac7529
SHA256

7effe2ac62b3cabdd99331810b054c858aa3ec92c4312d64c470971919b6a529
SHA512

aa26377be9803aac562da68bc788f9828db4b4a86272e527643448ca7b7a3640a1345e745a845deccb8e05b1b5295caa25f0d6bab2233d8411164017c4e6312d
SSDEEP

768:MCMZ0mA3TU+02bCNCfCfCfCfCECECmCmCulLuQb:MCMZ0mAI+0eMee66NNllX9uQb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005cb906978b2f8349a26968649396096600000000020000000000106600000001000020000000f62a958066970fc3eec471e4b3bca567b8dc4d465595f65b9154c6080f314967000000000e8000000002000020000000bfe03f59fb901c41448973d465b14c237d81e3467fc687857e9578ac932c3a24900000001a05e6561485f0ba73ef47d78f5a5cb39eb1fadecdb6d42475386857a5ea9bbd28909ab5ba3d29e79a7c3297306254dbca2893ecbeb16b33ba3aa1bf27596f6d368d402d210c35eb5f471d4832f624b38507803390aae47e6b61d9888bdc77b676a7ffdd0f11763d60e78b311ae1b4a2243d950fd046d7472b0da10b5ef6b73c2cb917a32603c5df2ac53c88253739bc40000000a952350a81cb7c16af708e9e7c25d0f04c6c001238a34061319fd2255e0eb5691d24c9c1febfaa458604230730fe24b326542470f4e4791cd623cc80bc528cda	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005cb906978b2f8349a269686493960966000000000200000000001066000000010000200000006a3ae5b49e4610b60cfcffee29a7d58b91e7e7e75753f0e93457a49f1cb44f1b000000000e800000000200002000000071bbabae3278b9bcab69fc8b3e2d37b0d2ba8d86b50bbd7ba71b2056e85625c7200000006c90742ae93aae06a831238d3d652885edfa30762d83d9bc02a20a2261cb9ea34000000075b52686f8fccf501ba0ebb1e1f1e1ada5c2ed46afdda750454177c86aa691cceeba6fbfc7f0f822a3823a36b0bdbe1e0e4e70a2725ab1e49ffd18504e22bb2f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422575687"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AD4AD41-1883-11EF-8A46-EA263619F6CB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40dd634290acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2336	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2336	iexplore.exe
2336	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2172	2336	iexplore.exe	28
PID 2336 wrote to memory of 2172	2336	iexplore.exe	28
PID 2336 wrote to memory of 2172	2336	iexplore.exe	28
PID 2336 wrote to memory of 2172	2336	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

DNS

dtym7iokkjlif.cloudfront.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dtym7iokkjlif.cloudfront.net

IN A

Response

dtym7iokkjlif.cloudfront.net

IN A

13.225.10.119

dtym7iokkjlif.cloudfront.net

IN A

13.225.10.124

dtym7iokkjlif.cloudfront.net

IN A

13.225.10.35

dtym7iokkjlif.cloudfront.net

IN A

13.225.10.33
DNS

barrygarner.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

barrygarner.net

IN A

Response

barrygarner.net

IN A

103.168.172.37

barrygarner.net

IN A

103.168.172.52
GET

http://dtym7iokkjlif.cloudfront.net/dough/1.0/recipe.js

IEXPLORE.EXE

Remote address:

13.225.10.119:80

Request

GET /dough/1.0/recipe.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dtym7iokkjlif.cloudfront.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 12 Feb 2014 05:07:36 GMT
Accept-Ranges: bytes
Server: AmazonS3
access-control-allow-origin: *
x-shr-origin: S3
x-shr-hello-human: This website grows faster with Shareaholic.
Content-Encoding: gzip
Date: Wed, 22 May 2024 13:36:48 GMT
ETag: W/"a3e40647f4f8479af62dc35cda8d4f4d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e40d39a811ad645349ec75e07c5dfafe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: rdrcLA4_BTw7MZIQkZnZf6x9fLf0tZotz8Fm4SW37W54vpi3PNeSMg==
Age: 28812
GET

http://barrygarner.net/wp-content/themes/flexibility3/style.css

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/themes/flexibility3/style.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_299ac15e18cabec9141b20ec8b04b753
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.4

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.4 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_b22a150e24224148514fa53dabe8a8c6
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.32.0-2013.04.03

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.32.0-2013.04.03 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_ff63ba8be68a0d91b9147429f09e2e3c
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/plugins/commentluv/css/commentluv.css?ver=3.5.1

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/plugins/commentluv/css/commentluv.css?ver=3.5.1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_36a705918e6cfa20173f3db8f6b98e89
Content-Encoding: gzip
GET

http://barrygarner.net/wp-includes/js/jquery/jquery.js?ver=1.8.3

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-includes/js/jquery/jquery.js?ver=1.8.3 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_75172af4e3ed6ff7ab7b71333c48e784
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/themes/flexibility3/js/superfish.js?ver=3.5.1

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/themes/flexibility3/js/superfish.js?ver=3.5.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_460d925159e630a9f63819dbe6c51574
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/uploads/2011/12/article-about-marketing-150x150.jpg

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/uploads/2011/12/article-about-marketing-150x150.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_d3330f03bf72bd4a89d3b2f648b8a4e1
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/plugins/commentluv/js/commentluv.js?ver=2.92.7

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/plugins/commentluv/js/commentluv.js?ver=2.92.7 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_298ad8bfca9b24dd492453a453a7e3c7
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_8de0eaa0264734e871c91154432eca01
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/uploads/shareaholic/spritegen/jquery.shareaholic-publishers-sb.min.js?ver=4.0.6.4

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/uploads/shareaholic/spritegen/jquery.shareaholic-publishers-sb.min.js?ver=4.0.6.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_383e0b53620c7d3701c6fa301061bba6
Content-Encoding: gzip
GET

http://barrygarner.net/wp-content/uploads/2013/04/barrygarnerFO525CE24E03_rw1.jpg

IEXPLORE.EXE

Remote address:

103.168.172.37:80

Request

GET /wp-content/uploads/2013/04/barrygarnerFO525CE24E03_rw1.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: barrygarner.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 22 May 2024 21:37:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
x-backend: web1
X-Frontend: frontend1
X-Trace-Id: ti_2f0f5cb495acdcab5cbf38d63abffe30
Content-Encoding: gzip
DNS

airequipmentrental.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

airequipmentrental.com

IN A

Response

airequipmentrental.com

IN A

185.230.63.171

airequipmentrental.com

IN A

185.230.63.186

airequipmentrental.com

IN A

185.230.63.107
GET

http://airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D

IEXPLORE.EXE

Remote address:

185.230.63.171:80

Request

GET /js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: airequipmentrental.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 22 May 2024 21:37:01 GMT
Content-Length: 0
Connection: keep-alive
location: https://www.airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D
strict-transport-security: max-age=86400
x-wix-request-id: 1716413821.260133812148212172
Age: 0
Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=84
X-Seen-By: WD1HRWp6HtwVKpzxLkVT7rxkNjrXdwdgtu6E0yACibU=,m0j2EEknGIVUW/liY8BLLn3pJ6os+jMZl8eSiOUhV8wFJmEKNgQ96+wiTVoMq713,2d58ifebGbosy5xc+FRalhTR6KjxUERqAjZ8pwF/9age08RMUBobDFfpqUSv1CQUWLFMty25kl2TzTgY3CDODw==,2UNV7KOq4oGjA5+PKsX47AxHptAeyeedZxotCz55vwRYgeUJqUXtid+86vZww+nL,0M9PHGUCcuDacun2z4wXaJyNHHZlkLZqbvP6KFYtGP0=,j1W3GTXLqH1rFP/nP6vn5vRP4suDuCeBoH+L0MBOy1Cz2l05uM4VT51VLcUI3rYo+ESo/js01A4uVxV5tlaZCg==
Cache-Control: no-cache
X-Content-Type-Options: nosniff
DNS

www.airequipmentrental.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.airequipmentrental.com

IN A

Response

www.airequipmentrental.com

IN CNAME

cdn1.wixdns.net

cdn1.wixdns.net

IN CNAME

td-ccm-neg-87-45.wixdns.net

td-ccm-neg-87-45.wixdns.net

IN A

34.149.87.45
GET

https://www.airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D

IEXPLORE.EXE

Remote address:

34.149.87.45:443

Request

GET /js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.airequipmentrental.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Strict-Transport-Security: max-age=86400
X-Wix-Request-Id: 1716413821.93113376882193626814
Age: 0
Cache-Control: no-cache
Server: Pepyaka
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:01 GMT
X-Served-By: cache-lcy-eglc8600047-LCY
X-Cache: MISS
Vary: Accept-Encoding
Server-Timing: cache;desc=miss, varnish;desc=miss_miss, dc;desc=fastly_84_g
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,7U7NzZSqfMgd9YnjHLtUa7xkNjrXdwdgtu6E0yACibU=,m0j2EEknGIVUW/liY8BLLpw3GZpG9QSouPAZi3orbSrJftmKrOReD3ukbbas4YDo,2d58ifebGbosy5xc+FRalt9c+OLDH22arG8y1AuVfrSEtpG6a7BG8hTz0ztPxEpIJ2rBZjdMzNcuyUW0h06lPA==,2UNV7KOq4oGjA5+PKsX47GSQ8Bvk+MfzbzVMLP5Dt7+8ZDY613cHYLbuhNMgAom1,RE3zeycImnB0BocjhRAQoaXhVyuOdM3Wc1DlEMZ//VM=,j1W3GTXLqH1rFP/nP6vn5tvXv2WWiZEFdVisnvG1fB6pfTd6Pn8VZulzJos8COrcPvF8pxRnSIpx275raf2jVg==
Via: 1.1 google
glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

kraneks.ru

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

kraneks.ru

IN A

Response

kraneks.ru

IN A

87.236.16.14
GET

http://kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

IEXPLORE.EXE

Remote address:

87.236.16.14:80

Request

GET /js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: kraneks.ru
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx-reuseport/1.21.1
Date: Wed, 22 May 2024 21:37:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 533
Connection: keep-alive
Keep-Alive: timeout=30
Location: http://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=
DNS

www.kraneks.ru

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.kraneks.ru

IN A

Response

www.kraneks.ru

IN A

87.236.16.14
GET

http://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

IEXPLORE.EXE

Remote address:

87.236.16.14:80

Request

GET /js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.kraneks.ru
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx-reuseport/1.21.1
Date: Wed, 22 May 2024 21:37:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 514
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=
GET

https://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

IEXPLORE.EXE

Remote address:

87.236.16.14:443

Request

GET /js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.kraneks.ru
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx-reuseport/1.21.1
Date: Wed, 22 May 2024 21:37:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=85bde5a073cfc0b2a90588658f67c445; expires=Fri, 21-Jun-2024 21:37:04 GMT; Max-Age=2592000; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

23.63.101.153

a1952.dscq.akamai.net

IN A

23.63.101.171
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

23.63.101.153:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 22 May 2024 22:37:03 GMT
Date: Wed, 22 May 2024 21:37:03 GMT
Connection: keep-alive
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
GET

http://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US

IEXPLORE.EXE

Remote address:

163.70.151.35:80

Request

GET /plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Content-Type: text/plain
Server: proxygen-bolt
Date: Wed, 22 May 2024 21:37:04 GMT
Connection: keep-alive
Content-Length: 0
GET

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80

IEXPLORE.EXE

Remote address:

163.70.151.35:80

Request

GET /plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80
Content-Type: text/plain
Server: proxygen-bolt
Date: Wed, 22 May 2024 21:37:04 GMT
Connection: keep-alive
Content-Length: 0
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Wed, 22 May 2024 21:23:31 GMT
Expires: Wed, 22 May 2024 23:23:31 GMT
Cache-Control: public, max-age=7200
Age: 813
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80

IEXPLORE.EXE

Remote address:

163.70.151.35:443

Request

GET /plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html;charset=utf-8
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-FB-Debug: 1wohxlfm7s+uL2r8M2A2/6WJjwk8k/z+rbIiY4idT745zbNrNOKlia+1HeHEmx9yVj7m3M3gv2zjLCfW3QeplA==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=64, rtx=0, c=10, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=15, ullat=0
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 0
GET

https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US

IEXPLORE.EXE

Remote address:

163.70.151.35:443

Request

GET /plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=15552000; preload
Content-Type: text/html; charset="utf-8"
X-FB-Debug: eEMiKcBBvs/aIlvIlzyuWLyTIRt+IrBltK5XNiNTN8vp1gKnwffoUghrGMi2d+YkzDV+HEFrC+0c4vsQbSvrlg==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=1, c=10, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=286, ullat=0
Alt-Svc: h3=":443"; ma=86400
Transfer-Encoding: chunked
Connection: keep-alive
DNS

static.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

scontent-lhr6-1.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent-lhr6-1.xx.fbcdn.net

IN A

Response

scontent-lhr6-1.xx.fbcdn.net

IN A

163.70.147.23
DNS

scontent-lhr6-2.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent-lhr6-2.xx.fbcdn.net

IN A

Response

scontent-lhr6-2.xx.fbcdn.net

IN A

163.70.151.21
DNS

scontent-lhr8-2.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent-lhr8-2.xx.fbcdn.net

IN A

Response

scontent-lhr8-2.xx.fbcdn.net

IN A

157.240.214.11
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 18:42:57 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: DhXdo/8nVDNhqzTW57WzhQ==
X-FB-Debug: lQtdnfDUEbvPZyNrKM0VotCeB7Xxvi1R9rzINhJry/RcZ9uiR2EOHliQqmo+8q/eTw7Hf4xe04nchDhNoNLxaw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6031
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 15 May 2025 08:15:38 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: PCil07El4hl7RdWxcVlVHw==
X-FB-Debug: sEEQYAKwwl78CZWaeFyB0mqKbcb3uqBfSijd+Z3QMJ/dsVYDN8ygUxk2+ZXlnNA8X0Omjd0VKsoIKR7sre0Bsg==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=22, mss=1357, tbw=11299, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 333
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/D94KH2dXN-z.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yy/r/D94KH2dXN-z.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 15 May 2025 17:58:41 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: fLhxEg/wvr14Eg7QxQ26YQ==
X-FB-Debug: erZUS6nhK03EDrY3EXfrYcImvKz7HbjgJ7LxikSGyW1fu1wPmhXiNiwGLKar5kC4k17nHmJYYlQZSFmGbF05Dw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=26, mss=1357, tbw=13620, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 16534
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/wZ8DZS0aJQd.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yA/l/0,cross/wZ8DZS0aJQd.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 18:50:44 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-ua-compatible: IE=edge
content-md5: 3vaqbfAROOfTRccYSpJzfw==
X-FB-Debug: IMkpb8/796sUF5mfKHbGoYgEXVhVKVwKPbCBq+eeHxIa3KEyKbCFBCjDEq0gIqrPb9g4h+1wv1rGc+B9CFjF2w==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 3984
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/owo2sPJxB2z.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yt/r/owo2sPJxB2z.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 17:15:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: WMRql5KoTTXcMGismwS1ww==
X-FB-Debug: j/kSoUVDLVBEliSuYXi4ZftRwPYpKHjMn3n+ZthTfMGjvHMowM1cZf7e8+kBf2gzHJHtA7fNB012Wgvr3ou+0g==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=20, mss=1357, tbw=9277, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 12375
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/g2XPN2wRGmV.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yW/r/g2XPN2wRGmV.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 18:32:19 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: TpvkYbbnPgsGzEf3q4ZN2w==
X-FB-Debug: TKb5HiYW4Z/IMH2RUedXaE8GbRYqlQmbQ8k8couYewKk/1rk7cEePuUpFyTaX0iOpejvnzuHiFaAi5P+XbY0wQ==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=31, mss=1357, tbw=23743, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 9766
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/sq87GzUHOmV.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yJ/l/0,cross/sq87GzUHOmV.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 18:50:44 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-ua-compatible: IE=edge
content-md5: jWZKbXclDSzP7J7ceT3GDg==
X-FB-Debug: V8690utnc0oG1jtjxaJJYoU8OmhO+u4YoAr+D/OSBcGeaEdhrd4WsVw8Ku0F+NKwthInFjwplSe5LJtC0XjMvw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6513
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/E6qR0C8WEpl.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y7/r/E6qR0C8WEpl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 17:15:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: CHxlnh7WePGvkSuZnrOocg==
X-FB-Debug: DiB9kPou7gtawx0VScnxpv1LD0lGObBowP6yvexJ8WgkwMC6NYFaTl3hxJoIwnckDGe8Wljr+mOZAe2qPVl4gQ==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=22, mss=1357, tbw=11806, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 68280
GET

https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yn/l/en_US/mP12tTiNgO_.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3i7M54/yn/l/en_US/mP12tTiNgO_.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 17:15:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: FwTI6EYGhpPyHiVftrEfZg==
X-FB-Debug: Y8RiEMMSeIDeNYl0miTg/fv59jxkBFevKbNJZXULx77AoHQTt8c/U9O68e28xVG6ThAJy9/PBl6X1RacBp5BVw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=2, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 29507
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/M1MQmWsK7ID.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yS/r/M1MQmWsK7ID.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 17:15:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: 2g4hJpQyPnfwzRezGVKA8w==
X-FB-Debug: Dw8zqyN6qCscV9+NcRzk89vWy31k7qzefhTrHNdHIY+s7Brv6ydasxZq7mla/YfaeBjxsv5GL94+mLKYUO++0Q==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=42, rtx=0, c=39, mss=1357, tbw=34879, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 5778
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 16 May 2025 16:37:05 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-ua-compatible: IE=edge
content-md5: ivkhXUQG4wQzNqI4NjhapA==
X-FB-Debug: uvklT5CPmhA9tbAH8s7+dT6kG+tJ5C+btuIihjOJNj2h+ZVsFt4B9dqM+lkVlWoZl2sdvnA8CLBVtJrSE3QrCw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=47, mss=1357, tbw=42719, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 302
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/ie38mp0O07P.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y9/r/ie38mp0O07P.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 17 May 2025 00:41:05 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: 1ezP5GQ+AmxBfmUBZlBzeA==
X-FB-Debug: fKBHbtBgH1gCMhKt01DqQsTer0SNN6onfBBz7LlD6pu6cP68s4Qh2V723DIwf00Jk96svjFTD3KYsUnTrwXBXQ==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=49, mss=1357, tbw=45093, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 10694
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/VWDhCULazb5.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yi/r/VWDhCULazb5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 16:14:16 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: kxPfwK4chiZhjKv8cV6+TQ==
X-FB-Debug: u9Y/HDcOXSLRs59ZhynG/5501FYPmJQo2hYLQBC+NjKi3gzgwduul4GcE7lOCyueD3t2fR6n6rDBCjqGlk03IQ==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 120098
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/mUnDZSrH5OM.png

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yV/r/mUnDZSrH5OM.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: KXNY2llN47XfKJ2O9s41CA==
Expires: Sat, 17 May 2025 02:59:02 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: OkZ6NpzZXbB+E4e4pmMR02gTJi1m2LQylwL/hf9WJdG8sIPJWLd/YGI5LUqtnk+pYsvNM40GX1kPHdHayt0Nlw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=106, mss=1357, tbw=125876, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 2701
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 15 May 2025 16:43:48 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-fb-optimizer: 0
content-md5: +XuRV7TCFgdTr4rntoaKNw==
X-FB-Debug: bfj0TBx/VNneccclPN0JXO3sCtdvheYRoxP/9KBWrbSHMhKc0xC6gA+lGsAUQCImccOr/asOZkWsXsNZrG0jRQ==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 2348
GET

https://static.xx.fbcdn.net/rsrc.php/v3issO4/yp/l/en_US/DMwA8evzWwy.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3issO4/yp/l/en_US/DMwA8evzWwy.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 17:15:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: mPdHhUt0pHTCuO1zcREe8A==
X-FB-Debug: ++VWf6K08+QhXu2XWWS0PoYnyXHYJ3Y93asS81RA+19nhmGLfuDvucKbhWIZwVBimcaljQnTqx2mzc9dux9EUA==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=19, mss=1357, tbw=7577, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 28580
GET

https://static.xx.fbcdn.net/rsrc.php/v3iEBX4/y5/l/en_US/DPxpTcknHiI.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3iEBX4/y5/l/en_US/DPxpTcknHiI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 17:15:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: VPOmayzeohkbMf3h225fog==
X-FB-Debug: 8x5PQBaHV4qYcJ+2yrmp7mlkoMuZGhUpQuwW4gilsdxzess2HrYXMQtwAekwyH+lupgFYF6Mfipth1AjSldxtw==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=42, mss=1357, tbw=38306, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 7277
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
Expires: Sun, 18 May 2025 04:46:53 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: PBqcqHrfHtMckp7QVH5q3vigp5lOFskW4YdWuOjF9Pt1eQ3WcdrH5VZxHyZsy4DV3oLQ/SJ4txAU/S6w3bz5YA==
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=53, rtx=0, c=51, mss=1357, tbw=47645, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 573
GET

https://scontent-lhr6-1.xx.fbcdn.net/v/t39.30808-1/357384483_676386087876523_1057710215603806227_n.jpg?stp=c0.20.50.50a_cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=u6k8Ck-6_jIQ7kNvgHJUfP2&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAUiaX95fnzO5G96vKYMUnppeGdBXifQGSLKXg1DdeJsA&oe=66544F5E

IEXPLORE.EXE

Remote address:

163.70.147.23:443

Request

GET /v/t39.30808-1/357384483_676386087876523_1057710215603806227_n.jpg?stp=c0.20.50.50a_cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=u6k8Ck-6_jIQ7kNvgHJUfP2&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAUiaX95fnzO5G96vKYMUnppeGdBXifQGSLKXg1DdeJsA&oe=66544F5E HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr6-1.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 29 Jun 2023 20:19:57 GMT
X-Needle-Checksum: 1347173829
thrift_fmhk: GBC5uIANyY/FQbzXcMZHmUx+FfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=3590733498
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1703
GET

https://scontent-lhr6-1.xx.fbcdn.net/v/t1.18169-9/16114631_1213827512027624_8886002197090362068_n.jpg?stp=dst-jpg_p160x160&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zEvPriSWVxkQ7kNvgFQ7HCA&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYD0yLjEkqVq3RPo6F39MLmCqXvqEcogsECSmLVLofTBhA&oe=6675EF78

IEXPLORE.EXE

Remote address:

163.70.147.23:443

Request

GET /v/t1.18169-9/16114631_1213827512027624_8886002197090362068_n.jpg?stp=dst-jpg_p160x160&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zEvPriSWVxkQ7kNvgFQ7HCA&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYD0yLjEkqVq3RPo6F39MLmCqXvqEcogsECSmLVLofTBhA&oe=6675EF78 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr6-1.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 24 Jan 2017 12:38:18 GMT
X-Needle-Checksum: 3916599573
thrift_fmhk: GBDCGw+2Xbg9XIHdEfVWPDrqFfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=56622326
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 10286
GET

https://scontent-lhr6-1.xx.fbcdn.net/v/t39.30808-6/357024952_676386091209856_2277908394295248298_n.jpg?stp=dst-jpg_p75x225&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nZWC5yvsdKUQ7kNvgHem1-X&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAnflRdwtMf-M5hvnr-Mm2VIT1rK_HpbfCjHiqKJ19Ggg&oe=665434AE

IEXPLORE.EXE

Remote address:

163.70.147.23:443

Request

GET /v/t39.30808-6/357024952_676386091209856_2277908394295248298_n.jpg?stp=dst-jpg_p75x225&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nZWC5yvsdKUQ7kNvgHem1-X&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAnflRdwtMf-M5hvnr-Mm2VIT1rK_HpbfCjHiqKJ19Ggg&oe=665434AE HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr6-1.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 29 Jun 2023 20:19:57 GMT
X-Needle-Checksum: 3501344207
thrift_fmhk: GBBJzOoHR+uQ9rwpHBQHcajtFfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=2602667629
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 11486
GET

https://scontent-lhr6-1.xx.fbcdn.net/v/t1.6435-9/155406558_108061734673055_3988386720141441714_n.jpg?stp=dst-jpg_s296x100&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4yXcmPjZVWQQ7kNvgEm5zLY&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYDEGTbeOmJuGw_rstA43e_yhbis-uwlQqE9evGy-sKA2g&oe=6675C825

IEXPLORE.EXE

Remote address:

163.70.147.23:443

Request

GET /v/t1.6435-9/155406558_108061734673055_3988386720141441714_n.jpg?stp=dst-jpg_s296x100&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4yXcmPjZVWQQ7kNvgEm5zLY&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYDEGTbeOmJuGw_rstA43e_yhbis-uwlQqE9evGy-sKA2g&oe=6675C825 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr6-1.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 03 Mar 2021 13:42:14 GMT
X-Needle-Checksum: 1908674834
thrift_fmhk: GBAmJVduzUftH0SRzyss5Xi4FfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=2943300906
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6331
GET

https://scontent-lhr6-2.xx.fbcdn.net/v/t1.18169-9/556799_497719793638403_196946453_n.jpg?stp=dst-jpg_p228x119&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=TKZa1pPxn1kQ7kNvgHaKKcD&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYC5cdiu7ZZ6fLtNl0WqgnjzN823-w32RxCQlSFMKu3LmA&oe=6675E441

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /v/t1.18169-9/556799_497719793638403_196946453_n.jpg?stp=dst-jpg_p228x119&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=TKZa1pPxn1kQ7kNvgHaKKcD&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYC5cdiu7ZZ6fLtNl0WqgnjzN823-w32RxCQlSFMKu3LmA&oe=6675E441 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr6-2.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 14 Aug 2013 18:28:13 GMT
X-Needle-Checksum: 2770756614
thrift_fmhk: GBDN0WHwvRsv6wrSdDA8QwGaFfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=3458139176
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 11055
GET

https://scontent-lhr6-2.xx.fbcdn.net/v/t1.18169-9/544495_491128174297565_67762612_n.jpg?_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rruZbMyQeTkQ7kNvgGpG2wM&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYDH-Qn3kwunjmRbEjKS_hX7wx08lYb1m0TKQM-5AilXKA&oe=6675C86B

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /v/t1.18169-9/544495_491128174297565_67762612_n.jpg?_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rruZbMyQeTkQ7kNvgGpG2wM&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYDH-Qn3kwunjmRbEjKS_hX7wx08lYb1m0TKQM-5AilXKA&oe=6675C86B HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr6-2.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 31 Jul 2013 02:02:59 GMT
Content-Type: image/jpeg
X-Needle-Checksum: 563474066
thrift_fmhk: GBAz9/GBHxqj94tuYU/JBjq3FfDr4Z0EvFUAHCYEAAAA
content-digest: adler32=563474066
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 3917
GET

https://scontent-lhr8-2.xx.fbcdn.net/v/t45.1600-4/17860261_6072232713059_6164797581944684544_n.png?stp=c0.34.296.154a_cp0_dst-jpg_p296x100_q90_spS444&_nc_cat=106&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xY1zugNI54EQ7kNvgGtSc9N&_nc_oc=AdhYEEV0Lj-EsSFCMq5apZ_n0Fnymb-NsnsncSYe3aGR-9rTUBJcWysOShnlOXtc_go&_nc_ht=scontent-lhr8-2.xx&edm=APyGNccEAAAA&oh=00_AYDTw4vovcJu3brybmM2F800TbatlzEFCxYPuBEW98fHSw&oe=66543AE9

IEXPLORE.EXE

Remote address:

157.240.214.11:443

Request

GET /v/t45.1600-4/17860261_6072232713059_6164797581944684544_n.png?stp=c0.34.296.154a_cp0_dst-jpg_p296x100_q90_spS444&_nc_cat=106&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xY1zugNI54EQ7kNvgGtSc9N&_nc_oc=AdhYEEV0Lj-EsSFCMq5apZ_n0Fnymb-NsnsncSYe3aGR-9rTUBJcWysOShnlOXtc_go&_nc_ht=scontent-lhr8-2.xx&edm=APyGNccEAAAA&oh=00_AYDTw4vovcJu3brybmM2F800TbatlzEFCxYPuBEW98fHSw&oe=66543AE9 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent-lhr8-2.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 12 Apr 2017 23:01:47 GMT
X-Needle-Checksum: 2687630439
thrift_fmhk: GBCUKbKF+TyevA+sRa9h7mh2FfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=3575461468
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 22 May 2024 21:37:05 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 18576
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194

13.225.10.119:80

http://dtym7iokkjlif.cloudfront.net/dough/1.0/recipe.js

http

IEXPLORE.EXE

600 B
1.2kB
7
6

HTTP Request

GET http://dtym7iokkjlif.cloudfront.net/dough/1.0/recipe.js

HTTP Response

200
13.225.10.119:80

dtym7iokkjlif.cloudfront.net

IEXPLORE.EXE

466 B
92 B
10
2
103.168.172.37:80

http://barrygarner.net/wp-content/themes/flexibility3/style.css

http

IEXPLORE.EXE

594 B
1.5kB
7
5

HTTP Request

GET http://barrygarner.net/wp-content/themes/flexibility3/style.css

HTTP Response

404
103.168.172.37:80

http://barrygarner.net/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.32.0-2013.04.03

http

IEXPLORE.EXE

939 B
1.6kB
7
6

HTTP Request

GET http://barrygarner.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.4

HTTP Response

404

HTTP Request

GET http://barrygarner.net/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.32.0-2013.04.03

HTTP Response

404
103.168.172.37:80

http://barrygarner.net/wp-includes/js/jquery/jquery.js?ver=1.8.3

http

IEXPLORE.EXE

939 B
2.2kB
8
6

HTTP Request

GET http://barrygarner.net/wp-content/plugins/commentluv/css/commentluv.css?ver=3.5.1

HTTP Response

404

HTTP Request

GET http://barrygarner.net/wp-includes/js/jquery/jquery.js?ver=1.8.3

HTTP Response

404
103.168.172.37:80

http://barrygarner.net/wp-content/uploads/2011/12/article-about-marketing-150x150.jpg

http

IEXPLORE.EXE

943 B
1.6kB
7
6

HTTP Request

GET http://barrygarner.net/wp-content/themes/flexibility3/js/superfish.js?ver=3.5.1

HTTP Response

404

HTTP Request

GET http://barrygarner.net/wp-content/uploads/2011/12/article-about-marketing-150x150.jpg

HTTP Response

404
103.168.172.37:80

http://barrygarner.net/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4

http

IEXPLORE.EXE

929 B
1.6kB
7
6

HTTP Request

GET http://barrygarner.net/wp-content/plugins/commentluv/js/commentluv.js?ver=2.92.7

HTTP Response

404

HTTP Request

GET http://barrygarner.net/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4

HTTP Response

404
103.168.172.37:80

http://barrygarner.net/wp-content/uploads/2013/04/barrygarnerFO525CE24E03_rw1.jpg

http

IEXPLORE.EXE

1.0kB
2.2kB
8
7

HTTP Request

GET http://barrygarner.net/wp-content/uploads/shareaholic/spritegen/jquery.shareaholic-publishers-sb.min.js?ver=4.0.6.4

HTTP Response

404

HTTP Request

GET http://barrygarner.net/wp-content/uploads/2013/04/barrygarnerFO525CE24E03_rw1.jpg

HTTP Response

404
185.230.63.171:80

airequipmentrental.com

IEXPLORE.EXE

190 B
132 B
4
3
185.230.63.171:80

http://airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D

http

IEXPLORE.EXE

679 B
1.2kB
6
5

HTTP Request

GET http://airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D

HTTP Response

301
34.149.87.45:443

www.airequipmentrental.com

tls

IEXPLORE.EXE

781 B
5.2kB
10
10
34.149.87.45:443

https://www.airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D

tls, http

IEXPLORE.EXE

1.3kB
7.8kB
11
12

HTTP Request

GET https://www.airequipmentrental.com/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fairequipmentrental.com%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DOnline%26se_referrer%3D%26source%3D

HTTP Response

404
87.236.16.14:80

http://kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

http

IEXPLORE.EXE

722 B
1.2kB
6
5

HTTP Request

GET http://kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

HTTP Response

301
87.236.16.14:80

kraneks.ru

IEXPLORE.EXE

466 B
84 B
10
2
87.236.16.14:80

www.kraneks.ru

IEXPLORE.EXE

466 B
84 B
10
2
87.236.16.14:80

http://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

http

IEXPLORE.EXE

726 B
1.2kB
6
5

HTTP Request

GET http://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

HTTP Response

302
87.236.16.14:443

https://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

tls, http

IEXPLORE.EXE

1.4kB
6.3kB
12
14

HTTP Request

GET https://www.kraneks.ru/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/68b7d5bd2fcfa5ee3c3ae43147aa40b6_JaffaCakes118.html&utm_term=Online&se_referrer=

HTTP Response

404
23.63.101.153:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

421 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
163.70.151.35:80

http://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US

http

IEXPLORE.EXE

675 B
844 B
7
6

HTTP Request

GET http://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US

HTTP Response

301
163.70.151.35:80

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80

http

IEXPLORE.EXE

804 B
1.0kB
8
6

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80

HTTP Response

301
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

904 B
18.3kB
14
17

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

236 B
132 B
5
3
163.70.151.35:443

https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80

tls, http

IEXPLORE.EXE

1.3kB
7.0kB
13
12

HTTP Request

GET https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fbarrygarner.net%2Fhow-to-write-an-article-about-marketing.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80

HTTP Response

200
163.70.151.35:443

https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US

tls, http

IEXPLORE.EXE

1.9kB
44.5kB
26
41

HTTP Request

GET https://www.facebook.com/plugins/fan.php?id=212215798855472&width=300&connections=10&stream=true&header=true&locale=en_US

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/D94KH2dXN-z.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.8kB
33.7kB
26
37

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/D94KH2dXN-z.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/g2XPN2wRGmV.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.9kB
37.2kB
27
39

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/wZ8DZS0aJQd.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/owo2sPJxB2z.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/g2XPN2wRGmV.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/E6qR0C8WEpl.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

3.1kB
85.3kB
42
71

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/sq87GzUHOmV.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/E6qR0C8WEpl.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/ie38mp0O07P.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

3.9kB
60.2kB
38
57

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yn/l/en_US/mP12tTiNgO_.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/M1MQmWsK7ID.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/ie38mp0O07P.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/mUnDZSrH5OM.png

tls, http

IEXPLORE.EXE

4.0kB
134.9kB
60
107

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/VWDhCULazb5.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/mUnDZSrH5OM.png

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

tls, http

IEXPLORE.EXE

3.6kB
52.3kB
32
51

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3issO4/yp/l/en_US/DMwA8evzWwy.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iEBX4/y5/l/en_US/DPxpTcknHiI.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

HTTP Response

200
163.70.147.23:443

https://scontent-lhr6-1.xx.fbcdn.net/v/t39.30808-1/357384483_676386087876523_1057710215603806227_n.jpg?stp=c0.20.50.50a_cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=u6k8Ck-6_jIQ7kNvgHJUfP2&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAUiaX95fnzO5G96vKYMUnppeGdBXifQGSLKXg1DdeJsA&oe=66544F5E

tls, http

IEXPLORE.EXE

1.6kB
6.2kB
12
13

HTTP Request

GET https://scontent-lhr6-1.xx.fbcdn.net/v/t39.30808-1/357384483_676386087876523_1057710215603806227_n.jpg?stp=c0.20.50.50a_cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=u6k8Ck-6_jIQ7kNvgHJUfP2&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAUiaX95fnzO5G96vKYMUnppeGdBXifQGSLKXg1DdeJsA&oe=66544F5E

HTTP Response

200
163.70.147.23:443

https://scontent-lhr6-1.xx.fbcdn.net/v/t1.18169-9/16114631_1213827512027624_8886002197090362068_n.jpg?stp=dst-jpg_p160x160&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zEvPriSWVxkQ7kNvgFQ7HCA&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYD0yLjEkqVq3RPo6F39MLmCqXvqEcogsECSmLVLofTBhA&oe=6675EF78

tls, http

IEXPLORE.EXE

1.6kB
15.0kB
14
18

HTTP Request

GET https://scontent-lhr6-1.xx.fbcdn.net/v/t1.18169-9/16114631_1213827512027624_8886002197090362068_n.jpg?stp=dst-jpg_p160x160&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zEvPriSWVxkQ7kNvgFQ7HCA&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYD0yLjEkqVq3RPo6F39MLmCqXvqEcogsECSmLVLofTBhA&oe=6675EF78

HTTP Response

200
163.70.147.23:443

https://scontent-lhr6-1.xx.fbcdn.net/v/t39.30808-6/357024952_676386091209856_2277908394295248298_n.jpg?stp=dst-jpg_p75x225&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nZWC5yvsdKUQ7kNvgHem1-X&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAnflRdwtMf-M5hvnr-Mm2VIT1rK_HpbfCjHiqKJ19Ggg&oe=665434AE

tls, http

IEXPLORE.EXE

1.7kB
16.2kB
15
19

HTTP Request

GET https://scontent-lhr6-1.xx.fbcdn.net/v/t39.30808-6/357024952_676386091209856_2277908394295248298_n.jpg?stp=dst-jpg_p75x225&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=nZWC5yvsdKUQ7kNvgHem1-X&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYAnflRdwtMf-M5hvnr-Mm2VIT1rK_HpbfCjHiqKJ19Ggg&oe=665434AE

HTTP Response

200
163.70.147.23:443

https://scontent-lhr6-1.xx.fbcdn.net/v/t1.6435-9/155406558_108061734673055_3988386720141441714_n.jpg?stp=dst-jpg_s296x100&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4yXcmPjZVWQQ7kNvgEm5zLY&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYDEGTbeOmJuGw_rstA43e_yhbis-uwlQqE9evGy-sKA2g&oe=6675C825

tls, http

IEXPLORE.EXE

1.6kB
10.9kB
13
15

HTTP Request

GET https://scontent-lhr6-1.xx.fbcdn.net/v/t1.6435-9/155406558_108061734673055_3988386720141441714_n.jpg?stp=dst-jpg_s296x100&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=4yXcmPjZVWQQ7kNvgEm5zLY&_nc_ht=scontent-lhr6-1.xx&edm=APyGNccEAAAA&oh=00_AYDEGTbeOmJuGw_rstA43e_yhbis-uwlQqE9evGy-sKA2g&oe=6675C825

HTTP Response

200
163.70.151.21:443

https://scontent-lhr6-2.xx.fbcdn.net/v/t1.18169-9/556799_497719793638403_196946453_n.jpg?stp=dst-jpg_p228x119&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=TKZa1pPxn1kQ7kNvgHaKKcD&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYC5cdiu7ZZ6fLtNl0WqgnjzN823-w32RxCQlSFMKu3LmA&oe=6675E441

tls, http

IEXPLORE.EXE

1.7kB
15.8kB
15
19

HTTP Request

GET https://scontent-lhr6-2.xx.fbcdn.net/v/t1.18169-9/556799_497719793638403_196946453_n.jpg?stp=dst-jpg_p228x119&_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=TKZa1pPxn1kQ7kNvgHaKKcD&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYC5cdiu7ZZ6fLtNl0WqgnjzN823-w32RxCQlSFMKu3LmA&oe=6675E441

HTTP Response

200
163.70.151.21:443

https://scontent-lhr6-2.xx.fbcdn.net/v/t1.18169-9/544495_491128174297565_67762612_n.jpg?_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rruZbMyQeTkQ7kNvgGpG2wM&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYDH-Qn3kwunjmRbEjKS_hX7wx08lYb1m0TKQM-5AilXKA&oe=6675C86B

tls, http

IEXPLORE.EXE

1.5kB
8.4kB
12
13

HTTP Request

GET https://scontent-lhr6-2.xx.fbcdn.net/v/t1.18169-9/544495_491128174297565_67762612_n.jpg?_nc_cat=100&ccb=1-7&_nc_sid=5f2048&_nc_ohc=rruZbMyQeTkQ7kNvgGpG2wM&_nc_ht=scontent-lhr6-2.xx&edm=APyGNccEAAAA&oh=00_AYDH-Qn3kwunjmRbEjKS_hX7wx08lYb1m0TKQM-5AilXKA&oe=6675C86B

HTTP Response

200
157.240.214.11:443

scontent-lhr8-2.xx.fbcdn.net

tls

IEXPLORE.EXE

765 B
3.7kB
10
9
157.240.214.11:443

https://scontent-lhr8-2.xx.fbcdn.net/v/t45.1600-4/17860261_6072232713059_6164797581944684544_n.png?stp=c0.34.296.154a_cp0_dst-jpg_p296x100_q90_spS444&_nc_cat=106&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xY1zugNI54EQ7kNvgGtSc9N&_nc_oc=AdhYEEV0Lj-EsSFCMq5apZ_n0Fnymb-NsnsncSYe3aGR-9rTUBJcWysOShnlOXtc_go&_nc_ht=scontent-lhr8-2.xx&edm=APyGNccEAAAA&oh=00_AYDTw4vovcJu3brybmM2F800TbatlzEFCxYPuBEW98fHSw&oe=66543AE9

tls, http

IEXPLORE.EXE

1.9kB
23.6kB
17
24

HTTP Request

GET https://scontent-lhr8-2.xx.fbcdn.net/v/t45.1600-4/17860261_6072232713059_6164797581944684544_n.png?stp=c0.34.296.154a_cp0_dst-jpg_p296x100_q90_spS444&_nc_cat=106&ccb=1-7&_nc_sid=5f2048&_nc_ohc=xY1zugNI54EQ7kNvgGtSc9N&_nc_oc=AdhYEEV0Lj-EsSFCMq5apZ_n0Fnymb-NsnsncSYe3aGR-9rTUBJcWysOShnlOXtc_go&_nc_ht=scontent-lhr8-2.xx&edm=APyGNccEAAAA&oh=00_AYDTw4vovcJu3brybmM2F800TbatlzEFCxYPuBEW98fHSw&oe=66543AE9

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12

8.8.8.8:53

dtym7iokkjlif.cloudfront.net

dns

IEXPLORE.EXE

74 B
138 B
1
1

DNS Request

dtym7iokkjlif.cloudfront.net

DNS Response

13.225.10.119

13.225.10.124

13.225.10.35

13.225.10.33
8.8.8.8:53

barrygarner.net

dns

IEXPLORE.EXE

61 B
93 B
1
1

DNS Request

barrygarner.net

DNS Response

103.168.172.37

103.168.172.52
8.8.8.8:53

airequipmentrental.com

dns

IEXPLORE.EXE

68 B
116 B
1
1

DNS Request

airequipmentrental.com

DNS Response

185.230.63.171

185.230.63.186

185.230.63.107
8.8.8.8:53

www.airequipmentrental.com

dns

IEXPLORE.EXE

72 B
148 B
1
1

DNS Request

www.airequipmentrental.com

DNS Response

34.149.87.45
8.8.8.8:53

kraneks.ru

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

kraneks.ru

DNS Response

87.236.16.14
8.8.8.8:53

www.kraneks.ru

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.kraneks.ru

DNS Response

87.236.16.14
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

23.63.101.153

23.63.101.171
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

static.xx.fbcdn.net

dns

IEXPLORE.EXE

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

scontent-lhr6-1.xx.fbcdn.net

dns

IEXPLORE.EXE

74 B
90 B
1
1

DNS Request

scontent-lhr6-1.xx.fbcdn.net

DNS Response

163.70.147.23
8.8.8.8:53

scontent-lhr6-2.xx.fbcdn.net

dns

IEXPLORE.EXE

74 B
90 B
1
1

DNS Request

scontent-lhr6-2.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

scontent-lhr8-2.xx.fbcdn.net

dns

IEXPLORE.EXE

74 B
90 B
1
1

DNS Request

scontent-lhr8-2.xx.fbcdn.net

DNS Response

157.240.214.11
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4a467275a0231db47600369103c2ee67

SHA1
f84651748c8f875f6c9bad9c04675575e8014c59

SHA256
97b73f37214c03b981004a15051ee3b276acd9549420f83b18b08c87352cf56d

SHA512
8d939aaad5e98fefb2da70a789a0f3f9fb932091ef2e70981b7cd81265d5f0bd54c013107adfc1ee925385c0a657c2967da6d5a7db43066ab6fa142974192240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06bfd43449749a27938a6b6a9c6d538d

SHA1
c2f81073a445b8248bb3d644412351d980b05b29

SHA256
87533621ca8900802cf5da23f901f2403f047619b1891ed38f5bf52faa2fb3ed

SHA512
6be1bea42168af6a1981b96f24a1b41ad72664d1b1b58dbc8adc2b6e070a594acf7cf9af9a6a35e5eff3f5e77c44e61a64c2e35ecba12d060e3a7b61c32af351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ad969c3c1dacfc25ea03de3888322e1

SHA1
80877a496f4a43f65270b4db0042bd550b90c113

SHA256
250bb9127091de4219e8732ec27c85d3632f66ee8942380a1bf32053b5a95f5b

SHA512
9bc0f578c22db14758b1de4641c3e9db6d10a4060e672f1ab08ac08b6306d6dfc043c063185325b509c19d719c2c9fc82a6dd10c01c2feb797d3d3357e2d2a69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b8c0c8ccb603c8954c154b515d6cab4

SHA1
321a3b9372c4a869671db3461a7f673210212e15

SHA256
895292a215fe2fcda3e9a37dd0a836818bbdafbbe17954ad50b72e0528ac5903

SHA512
557ced2986a50a7b2019e88b943bdd2120ad8eb22e661fe6857c41077633b46d968293f8585bb5d721cf191b8649152e3f077ae48b512a0941a4619ce928172e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
060795358a64f53790c8dd899a3b69c3

SHA1
f1fbacd703bed661521e29a6208422caa10ff81d

SHA256
3d4c4ac8ef336f74e381795ad483db0ce7d5c35e02cf1bd39fbf93f12824e82f

SHA512
08eb26047aa2fe75c963b388db3bd564af737e6ceb0f11b34f3cd2e8c83d603d133c109940275d51fa976f02cdfbe6e9ce95e06a32ed7df93810b64cfeaa8a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d18bfd26374ced06cf2e8f47b41195e4

SHA1
45f9a77910baf1f16faf5ad7677507c8146bdbc2

SHA256
c5b0f44db9f701d921c7d49b5c472d6294fc55fff0be919a14c53eeec513371b

SHA512
5414aa4056e72216cdd401a08fba1f9e1fece70e653a2100ca0114219287617e4864c6bc853cc9543d0b415b5b1dc101fbd455c157a38a602f6c7568a4ac5d3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93164c3db9c0ec3d820a881d007b377e

SHA1
749796304b1fcaa416edaeae0db9d291490f0e01

SHA256
27a8ceeb3b31426e4f5524c14a2d3aa2a512fab72247099a17099fac34675726

SHA512
df6452663b5aa77d3f084a11faafd2d756ec23f8504c9f38808a01282396b90b656540b3c400518f583173cec637654478e406bff7ebc482f3c6da97fc217869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c290e87359c6e6078b82883321a2de5

SHA1
37f0c3e695b273096611c0ea14418143f84c5580

SHA256
41cb6be911b45f21e10a8513a13aba44feb99dce0fc90e4b7211543706c055bf

SHA512
6475422ab83e84b258e4e0452bb93266a1182f1ffc5bfacce7a314286854317832cb95eccd48ab0d142389e56931e86aecbb65ce256daf266984bce9bdd030a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
358e33d44ca121bc684f7d672b90e7fc

SHA1
296987a67460115a9b8e376342633533f6f0888f

SHA256
d2dd23d746c8587827164c3805d25c57b9c84d69b375db9a26e0414147e2ddc4

SHA512
f070f0b1761aea9c9f015d94d442f4b161edb85f5d4e96a996954bb6f941a6b561a80d29c61b593e2278d9d3abbe2374b1bb04988d16fcc4c7d9babd6fa79097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c053c7eed7fa1d118c3849ba72410c3

SHA1
67550c4b43edd263846f405b5e1a619b0515a5cf

SHA256
1cc95c4e62d9a725c0a790ca124812b107a2dd75d36b0db126674a341a18db3b

SHA512
ccdc3f99762ba13d5dd1f77fb2bb40630ef95e19d3bdd349bc85e2d07840b871e8d7a0b49fe0f1895b43503ef94a80825d3161648e5abb6236ae90f842e2bbd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb89ef376164b74f2dc0f69f1386a4dd

SHA1
5e66e195087105e798aebfb46b99c3a60f526261

SHA256
f29df4c947113ccd3007faab1715944d6452eebbf7ece91d788f808510e4b6db

SHA512
bd3c3baa5c16bfff0b6dce6e85f5d2ace353c369963c537920467529ea265bea16652d2350ad3307a68944cefb483d1fa8ed83517c5872b73cae59111f33281e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ddd15ba2f6e7246410fb6cef83e7099

SHA1
751e527b6b2f18c19331546ccf038352dd4659cc

SHA256
f1d3cb34371d8da8201e0835ac1d281354541cfac2607c6982feaeb1d93d6351

SHA512
9d804e0fdefbcd52ee3ea4c193d0b81e2c342a084ecca0ec3996a51912ba57d5865ad438e8c4cc87f6617e20f860ed2c5b5d583101f5fe6e8073feb2e123fa16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63b26a4ddd775138a91c256181a15e14

SHA1
7fbaa407fbcef4b6a0094225d6c2c773c7b015b2

SHA256
f8ce2e51ff8dcb4e7f9d7f7fae4a24c0d8f7f98c9bf6cf89f45a0584fe8bac92

SHA512
4bf0732dc6d8d8e51a69798d0031b49f63b072b08d7115132364e8f9809af48027a4b400919889fa4fb7fc7c65f6acc253b11df005ebc6b9188d3d95315bb73f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d35dc3e875993362b766f9a03223ca93

SHA1
4de7784c660e860b9c4ec49247ea5c7ddd3fca12

SHA256
9beb88e314b70bd5381c3fb81de61fdc78cc4bbb7ec29ec1d87fb655115cacc8

SHA512
261ac02acb694ae5fa6295f919aa1c4d0bcd4966fe1c21ffb5fa94ddebb3f3b59f19569d56c6604f15a078ae62b872df89eb867707e098362ce54b7dee6c17c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85552d657bd583d592b7d6841c857eb9

SHA1
1d810ac02232647433120151905c2de89ca41ed4

SHA256
a6b8e3eadc3e6f4c49f23c7b7d7712bb44462806d64eb64c10122bb552439f9f

SHA512
87a59a30b9b5fdc21ba5e70468d88a12faaa7bb04209139db39910cc68398dfb00fcf804abc5c930ab769addb2cb49a11a62b280afd2bc4daed1cb4530b17e63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b38d4717a1598805d9e89eb6efa55395

SHA1
ac30f6c784108f5057688b91dcd6fd82be29fc5c

SHA256
1b713eb3a506613e53c0a1f11b8599a5a91b12a2fdb3f3586361b0fecbc4b1fb

SHA512
7c00f039d020e782f08e31cff76613d51e233573afff2b91dea91e0686933121a6fa5ed357aa380676a145bd9baf658f00e087399533ccb5d85ca40cb41597e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4929550f5f833428a4c5f405a75cd815

SHA1
b2c248fcade74154aeeb4f7ccb96954383d85252

SHA256
538748b3c7f6e11062417ee77cfad46873bd52a6d84de5f40eda864f20804f87

SHA512
a7197ad95d0b8e7373ba499f53cbbbcab905b2be0d8fbdeca154e87e68e9f958d1e1ddd59e99296759f5e5503e4cedac6e1a6fb6c3ddae43b41e53ab762db810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e7aa825bd912b14f0559db3b19e7549

SHA1
7258fa25b9a06cf532c0324cb8b31e5d96c19774

SHA256
bcff8fe28a1737872905e11fe1fad6728f9334ac0c8361162931fb40f3e23c10

SHA512
d50b7eba52b58b0e455bbf150733f3bb3e14d330908fefd6ac87b7cbff24843bef22fef562fc5fe8fb97d6f84c58dfe99b1d5c5e06605155b97c7dfb8ca58b38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15be6369c0de12148f59c1c55724f7bd

SHA1
4ef0e31f4189ce7e88280d9e9bf85d3017d0e73e

SHA256
0629ebd18ecbfffbcabcf9274367a46fd52aec367d4d327686adfd651860c2c0

SHA512
768550b12d8f0484016866966ff058506a861e83b67b1a508bd916d69f2b4d3804dc284d608be85e7f0bf914b29420236e97d9f50074d1ac1f8d18e6bfc85aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3d5f752158878d7907cca7e2a4ea818

SHA1
d4b4073decee83a7f94416000939626a18a9114c

SHA256
7a3ecf9a433b988177e22a22016b9de0ae8dfff1e52db8f92acaa36ef8ada963

SHA512
fd39b5f7d036c5f8b4039634ef176395b6f571e0179ee20efc922b64a071ca6abf3ffd9673d7b9e8b6a628c9cb4879046d90d723ecc30d40fd6557c9a2f61264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba6c48f85ff1f5cc250f9ea9377d6719

SHA1
f41b635140298d8776aaa06338fc43f940033d78

SHA256
5fb5d5f1aa660efe45012df635447f218d6c75f0eb074dbdbf52520e75b29046

SHA512
494cd193f113c6f1e19d8ccf29847611771ac5149235ef56d6b61484fcabcadd424bec15c7b501e351074a39ddc37b6ea3d5e0c5ebd4ac4f18b513e96bff362b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a12c11388efb0298ca3df73d686b81d

SHA1
2825bc0e11171d49fe186170bde012d570540ad3

SHA256
1b22f7c34a05151f38ddfd0d1359c2a8ee8981b70f577f1c60ff62ed5bfda032

SHA512
cf0a24cff8f903d41d4a2e5ccece96a85ab9b3950bde26b73a87ab1d0df6e2c6b76da79006db1a4779bae88ec2056621d0b5c299965e57dd112c377048b27469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd976f1c5038ffa3e1dac6f6335dd49d

SHA1
1f0645bc751338bbb3a1099f83b9f4e36a3e10dd

SHA256
7638c528104c4f864e83317ebca9dfa81316d7d6c28276ef4e459d639fe20215

SHA512
3064d1911bd9a9e56a33993c4f38b0b7e41b291ab29b7b5e322e91277ca4d113bc982eea1735f397ae78757994c83c745997672cc1e0602e31b098c34e26acf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d1022733a83ff23ed9fe3b628350fb9b

SHA1
bfc7a347e345f4418458971a366dbb478c966425

SHA256
063c1b2b8247b0bb7dc18a122a6a51d38a985c7eb596ccf95a20b829e79b0006

SHA512
a354206cf925b623bf63da75ab5e0081e680f865c064528dc2121557dda898db75309d3c50882027e12ed2f2ae370af461c443785d33d19db064dcc53be778ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2ADA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2AFC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C49.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request