06804478ee8bbcb8774a22a6fae9b71575c9d8771f42fde7e4d28395f664f267

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 05:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66259be1e92cc9abafd8cdac4e5d2dac_JaffaCakes118.html
Size

34KB
MD5

66259be1e92cc9abafd8cdac4e5d2dac
SHA1

f7f81b4067244592828817eb1177d4fc6b5b78ef
SHA256

06804478ee8bbcb8774a22a6fae9b71575c9d8771f42fde7e4d28395f664f267
SHA512

8445ab82be53db47669f251513719d5333eeaaf02560095ffc14268f7766488c4a49b31682dee0f29a6d3628497ed13815cc909a8b4b302a143a7156ab2ad984
SSDEEP

384:KlxQCUrns1daeLZBCW2QZh8hKeynMAqNpCJtLQoTl+tFe37TNH53TLPgGZe86iYv:4KnRbAe7Nk9TpXN6I1/FPvtiVX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
4992	msedge.exe
4992	msedge.exe
3584	identity_helper.exe
3584	identity_helper.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 2340	4992	msedge.exe	83
PID 4992 wrote to memory of 2340	4992	msedge.exe	83
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 4368	4992	msedge.exe	84
PID 4992 wrote to memory of 1012	4992	msedge.exe	85
PID 4992 wrote to memory of 1012	4992	msedge.exe	85
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86
PID 4992 wrote to memory of 4640	4992	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\66259be1e92cc9abafd8cdac4e5d2dac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5448385962836677405,13174674100360818078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

DNS

feldakumai.com

msedge.exe

Remote address:

8.8.8.8:53

Request

feldakumai.com

IN A

Response
DNS

www.linkwithin.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.linkwithin.com

IN A

Response

www.linkwithin.com

IN CNAME

linkwithin.com

linkwithin.com

IN A

118.139.179.30
DNS

www.widgeo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.widgeo.net

IN A

Response

www.widgeo.net

IN A

104.26.10.22

www.widgeo.net

IN A

104.26.11.22

www.widgeo.net

IN A

172.67.69.193
DNS

synad2.nuffnang.com.my

msedge.exe

Remote address:

8.8.8.8:53

Request

synad2.nuffnang.com.my

IN A

Response
DNS

feedjit.com

msedge.exe

Remote address:

8.8.8.8:53

Request

feedjit.com

IN A

Response
DNS

farm4.static.flickr.com

msedge.exe

Remote address:

8.8.8.8:53

Request

farm4.static.flickr.com

IN A

Response

farm4.static.flickr.com

IN A

18.245.160.68
GET

http://www.widgeo.net/geocompteur/geolive.php?c=geolive_caroussel&adult=0&cat=nature&id=2150858

msedge.exe

Remote address:

104.26.10.22:80

Request

GET /geocompteur/geolive.php?c=geolive_caroussel&adult=0&cat=nature&id=2150858 HTTP/1.1
Host: www.widgeo.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Wed, 22 May 2024 05:25:15 GMT
Content-Type: application/javascript
Content-Length: 1681
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 29 May 2024 05:25:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z8eMLFt0UZ6T%2FnKnA9ry7uyvp4owyyQ%2FJQLwh6BxH1qePSRK0fi%2B5axqXP2O%2B6Scv2J1N37MPvw1sO2HLblRVn%2BR3NoRfeeIjSsy0ZssLRoL0KpbzS95ZBrDM7bpQ0l1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 887a62701ec523f0-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.widgeo.net/geocompteur/geocompteur.php?c=geoipod_w&id=2151557&adult=0&cat=nature&fonce=&claire=

msedge.exe

Remote address:

104.26.10.22:80

Request

GET /geocompteur/geocompteur.php?c=geoipod_w&id=2151557&adult=0&cat=nature&fonce=&claire= HTTP/1.1
Host: www.widgeo.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Wed, 22 May 2024 05:25:15 GMT
Content-Type: application/javascript
Content-Length: 1677
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 29 May 2024 05:25:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DRXTQYlpYaVgbQbI7t49g6giAJcNIMuqrfh3%2FTxamN4MkZKebaShHGL0qVcnSvYc1adAOnOEL2BwsRbFy2my0T0RQqqR0Km2fA7qrsoLIX188zC9QWlEGhQp9QH5xRYy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 887a62701e449515-LHR
alt-svc: h3=":443"; ma=86400
DNS

c.gigcount.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.gigcount.com

IN A

Response
GET

http://www.widgeo.net/img/logopm.png

msedge.exe

Remote address:

104.26.10.22:80

Request

GET /img/logopm.png HTTP/1.1
Host: www.widgeo.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Wed, 22 May 2024 05:25:14 GMT
Content-Type: image/webp
Content-Length: 714
Connection: keep-alive
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origFmt=png, origSize=847
Content-Disposition: inline; filename="logopm.webp"
Vary: Accept
cache-control: public, max-age=2592000
expires: Sun, 16 Jun 2024 22:54:03 GMT
last-modified: Thu, 20 Jun 2019 15:14:49 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 369070
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iqylZ9lybl6Py6eyYUELaQmXRT%2B0i3N3c0IyJlTXoa%2BNHqhhfs9rdsFm2WpNXCgdWmp7kESFbLL%2B9jzUmmrg9zOXvAbTnBpQMpvanNyh%2BvNGDLWtK9wJEXVpN77u0yYo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 887a62702900638e-LHR
alt-svc: h3=":443"; ma=86400
GET

http://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg

msedge.exe

Remote address:

18.245.160.68:80

Request

GET /3227/2724159324_18ffcd4ea7.jpg HTTP/1.1
Host: farm4.static.flickr.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Wed, 22 May 2024 05:25:14 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 fe81b7a56101ab7f8f60c8ec19986806.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR5-P2
X-Amz-Cf-Id: muc1Y36ZX4RJ2ljpaU5wPiTPjaJ6Mnj5WseSvN7bDeMGFKBln4EQCQ==
DNS

widgets.al-habib.info

msedge.exe

Remote address:

8.8.8.8:53

Request

widgets.al-habib.info

IN A

Response

widgets.al-habib.info

IN A

172.67.134.81

widgets.al-habib.info

IN A

104.21.25.147
DNS

s10.flagcounter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s10.flagcounter.com

IN A

Response

s10.flagcounter.com

IN A

45.58.124.226
GET

http://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188

msedge.exe

Remote address:

172.67.134.81:80

Request

GET /images/blank.gif?_alhacid=1353305513188 HTTP/1.1
Host: widgets.al-habib.info
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 22 May 2024 05:25:14 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 22 May 2024 06:25:14 GMT
Location: https://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eEozi1yOdGfNGG3FgN9lJu9FviKDCbm00%2B1mKJWsqv6DfUDN5vffVz4ZDUFtO6PI6havzuD0O3qtKkSZIBHufyUmSxQX5HB2fQupkvmmYsl0XJYgy571Z%2FPdYwJV5%2Fkpz%2BxgDlxUiU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 887a6270691048be-LHR
alt-svc: h3=":443"; ma=86400
GET

http://s10.flagcounter.com/count/n61S/bg_FFFFFF/txt_000000/border_CCCCCC/columns_3/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/

msedge.exe

Remote address:

45.58.124.226:80

Request

GET /count/n61S/bg_FFFFFF/txt_000000/border_CCCCCC/columns_3/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/ HTTP/1.1
Host: s10.flagcounter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Wed, 22 May 2024 05:25:17 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Pragma: no-cache
Cache-control: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png
GET

https://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg

msedge.exe

Remote address:

18.245.160.68:443

Request

GET /3227/2724159324_18ffcd4ea7.jpg HTTP/2.0
host: farm4.static.flickr.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
date: Fri, 26 Apr 2024 12:22:42 GMT
edge-control: public, max-age=31536000
surrogate-control: public, max-age=31536000
cache-control: public, max-age=31536000
expires: Sat, 26 Apr 2025 12:22:43 GMT
imagewidth: 400
imageheight: 156
last-modified: Thu, 19 May 2022 07:46:08 GMT
etag: "bee420a0a244c361dc44f0203cf700f5.1"
streaming: false
origintype: X
server: Jubilee
quote: "I'm not a kid anymore, I'm one of you, one of the X-Men. It means more to me than anything in the world."
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
powered-by: Mutation/1.0
hiring: Change the world of photography with us. https://www.flickr.com/jobs/
ourvalues: Dare (#4 of 5)
x-request-id: 16a14797
x-frame-options: DENY
p3p: CP="This is not a P3P policy. We respect your privacy."
x-env: a=live, b=jubilee, c=4cf206a9, e=5e619966f463269b8b69e93562f43b3e64b1c917
x-ttfb: 0.1195
x-ttdb-l: 31002
mib: 2
x-cache: Hit from cloudfront
via: 1.1 afe9a6d1879996dba3777cca894c1cfe.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P2
x-amz-cf-id: 4slDDf5s96pyF2T-9JMHhxpXSMy-krSc-or0w2O7ad3byHmVH0_H3A==
age: 2221352
GET

https://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188

msedge.exe

Remote address:

172.67.134.81:443

Request

GET /images/blank.gif?_alhacid=1353305513188 HTTP/2.0
host: widgets.al-habib.info
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:15 GMT
content-type: image/gif
cache-control: max-age=2592000
expires: Sat, 08 Jun 2024 06:33:44 GMT
vary: User-Agent, Accept-Encoding
last-modified: Thu, 09 May 2024 06:33:45 GMT
cf-cache-status: HIT
age: 340902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOeFcqreiwPtwrVBnzl9Ul%2Fg559TKIVe3mkjVupD87K2ZPOA9aWzgSW2K84gxm1o4qFl0Sc9w1marjcUpmVcKmNYKJIbBOyT%2FXHqesng4qSBYqSoeoLmR6Bd33zwZ8sZfREHeYAoKIk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 887a62710e8f94de-LHR
alt-svc: h3=":443"; ma=86400
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

68.160.245.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.160.245.18.in-addr.arpa

IN PTR

Response

68.160.245.18.in-addr.arpa

IN PTR

server-18-245-160-68lhr5r cloudfrontnet
DNS

22.10.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.10.26.104.in-addr.arpa

IN PTR

Response
DNS

81.134.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.134.67.172.in-addr.arpa

IN PTR

Response
DNS

91.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.90.14.23.in-addr.arpa

IN PTR

Response

91.90.14.23.in-addr.arpa

IN PTR

a23-14-90-91deploystaticakamaitechnologiescom
DNS

226.124.58.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.124.58.45.in-addr.arpa

IN PTR

Response

226.124.58.45.in-addr.arpa

IN PTR

s11flagcountercom
DNS

61.39.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

61.39.156.108.in-addr.arpa

IN PTR

Response

61.39.156.108.in-addr.arpa

IN PTR

server-108-156-39-61lhr50r cloudfrontnet
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.212.110.177:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Wed, 22 May 2024 05:25:17 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.ad6ed417.1716355517.1bda61af
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

177.110.212.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.110.212.23.in-addr.arpa

IN PTR

Response

177.110.212.23.in-addr.arpa

IN PTR

a23-212-110-177deploystaticakamaitechnologiescom
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

platform.twitter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

cs472.wac.edgecastcdn.net

cs472.wac.edgecastcdn.net

IN CNAME

cs1-apr-8315.wac.edgecastcdn.net

cs1-apr-8315.wac.edgecastcdn.net

IN CNAME

wac.apr-8315.edgecastdns.net

wac.apr-8315.edgecastdns.net

IN CNAME

cs1-lb-eu.8315.ecdns.net

cs1-lb-eu.8315.ecdns.net

IN CNAME

cs41.wac.edgecastcdn.net

cs41.wac.edgecastcdn.net

IN A

93.184.220.66
GET

https://www.widgeo.net/hitparade.php?pagexiti=geolive

msedge.exe

Remote address:

104.26.10.22:443

Request

GET /hitparade.php?pagexiti=geolive HTTP/2.0
host: www.widgeo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:35 GMT
content-type: application/javascript
content-length: 0
cf-bgj: minify
cache-control: public, max-age=604800
expires: Mon, 27 May 2024 18:03:03 GMT
last-modified: Mon, 29 Apr 2024 17:57:14 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 127351
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FTkhl2osrbxbpeqe%2FQoFLQtYnhSrvMQUG2VxzeI9ZPQ4FO3Ymbk3Ut4BwOwAteSL%2BZoH1C28ATNlORDmZMorZ7LI6LlltpNbXAOT62r4pC8OrNX76i1zDHom%2BVP2m2b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887a62f3dbe04183-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.widgeo.net/tcm.js

msedge.exe

Remote address:

104.26.10.22:443

Request

GET /tcm.js HTTP/2.0
host: www.widgeo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:35 GMT
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
expires: Mon, 27 May 2024 18:03:03 GMT
last-modified: Mon, 29 Apr 2024 17:57:16 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 127351
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5xJpjEBZrWujhlMzTX5Fq5yl9rd5e1ytxdjfjvblmg3MP8hC32Z%2FcBdbQ%2FKxcJNmEEw%2Bj%2FlL2oE8QFJkfX%2FXPDhFbeg5f6AUJHfADz%2FxX5WATyZW31zeaqbsn9OZWmD4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887a62f3dbde4183-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://www.widgeo.net/tcm_t_u.js

msedge.exe

Remote address:

104.26.10.22:443

Request

GET /tcm_t_u.js HTTP/2.0
host: www.widgeo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:36 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=180
expires: Wed, 22 May 2024 05:28:35 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xime7YxORdIJKFq6L0xbS%2BpqJbCjiQPqbp%2BS584vK94EO3oz%2BWHaO%2BpASU4BNG5cYvzbQUfWUSDGDHMZpQ02a9LcMJ30cALYOem9Xe63otv5JGjwPOMd%2Bef0KT7umAmm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 887a62f3dbda4183-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://www.widgeo.net/cdn-cgi/rum?

msedge.exe

Remote address:

104.26.10.22:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.widgeo.net
content-length: 1142
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.widgeo.net
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.widgeo.net/hitparade.php?pagexiti=geolive
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 22 May 2024 05:25:36 GMT
access-control-allow-origin: https://www.widgeo.net
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 887a62f64dcf4183-LHR
x-frame-options: DENY
x-content-type-options: nosniff
GET

http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&counturl=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&count=horizontal&text=5%20tip%20motivasi%20yang%20bagus%20untuk%20kerjaya%20dan%20juga%20perniagaan:

msedge.exe

Remote address:

93.184.220.66:80

Request

GET /widgets/tweet_button.html?url=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&counturl=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&count=horizontal&text=5%20tip%20motivasi%20yang%20bagus%20untuk%20kerjaya%20dan%20juga%20perniagaan: HTTP/1.1
Host: platform.twitter.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1290
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Wed, 22 May 2024 05:25:35 GMT
Etag: "5d0ed6f14a150db4e62857d45493058d+gzip"
Last-Modified: Mon, 11 Dec 2023 17:20:39 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 19243
DNS

mc.yandex.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

77.88.21.119
DNS

www.widgeo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.widgeo.net

IN A

Response

www.widgeo.net

IN A

104.26.11.22

www.widgeo.net

IN A

104.26.10.22

www.widgeo.net

IN A

172.67.69.193
GET

https://mc.yandex.ru/watch/97093088

msedge.exe

Remote address:

87.250.250.119:443

Request

GET /watch/97093088 HTTP/2.0
host: mc.yandex.ru
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

arvigorothan.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arvigorothan.com

IN A

Response

arvigorothan.com

IN A

104.21.30.34

arvigorothan.com

IN A

172.67.150.119
DNS

twitter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.193

twitter.com

IN A

104.244.42.65

twitter.com

IN A

104.244.42.129

twitter.com

IN A

104.244.42.1
DNS

syndication.twitter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

syndication.twitter.com

IN A

Response

syndication.twitter.com

IN A

104.244.42.8
GET

https://arvigorothan.com/tag.min.js

msedge.exe

Remote address:

104.21.30.34:443

Request

GET /tag.min.js HTTP/2.0
host: arvigorothan.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:36 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: dc9a025a6ecd496236789fe102fcf1c2
cache-control: max-age=86400
last-modified: Tue, 21 May 2024 06:22:38 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 22 May 2024 12:55:00 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 59436
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8k42Oat8TWKUxWC2xaA4HErtNZGUdCSkyDDIWJ4gAKuXrYmWlcLyCNOPeqkL0GQab%2BGvNCPNdQFNjsoG4hiIYLJWdcfBjolP%2BLHvwTDeR8HV9EUBn%2FlsI5TtNVLMZ0WMMS1L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887a62f52e7694db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://syndication.twitter.com/i/jot/embeds?l=%7B%22language%22%3A%22en%22%2C%22message%22%3A%22m%3A%22%2C%22widget_origin%22%3A%22%22%2C%22widget_frame%22%3A%7B%22ancestorOrigins%22%3A%7B%220%22%3A%22file%3A%2F%2F%22%7D%2C%22href%22%3A%22http%3A%2F%2Fplatform.twitter.com%2Fwidgets%2Ftweet_button.html%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22origin%22%3A%22http%3A%2F%2Fplatform.twitter.com%22%2C%22protocol%22%3A%22http%3A%22%2C%22host%22%3A%22platform.twitter.com%22%2C%22hostname%22%3A%22platform.twitter.com%22%2C%22port%22%3A%22%22%2C%22pathname%22%3A%22%2Fwidgets%2Ftweet_button.html%22%2C%22search%22%3A%22%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22hash%22%3A%22%22%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1716355535563%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

msedge.exe

Remote address:

104.244.42.8:443

Request

GET /i/jot/embeds?l=%7B%22language%22%3A%22en%22%2C%22message%22%3A%22m%3A%22%2C%22widget_origin%22%3A%22%22%2C%22widget_frame%22%3A%7B%22ancestorOrigins%22%3A%7B%220%22%3A%22file%3A%2F%2F%22%7D%2C%22href%22%3A%22http%3A%2F%2Fplatform.twitter.com%2Fwidgets%2Ftweet_button.html%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22origin%22%3A%22http%3A%2F%2Fplatform.twitter.com%22%2C%22protocol%22%3A%22http%3A%22%2C%22host%22%3A%22platform.twitter.com%22%2C%22hostname%22%3A%22platform.twitter.com%22%2C%22port%22%3A%22%22%2C%22pathname%22%3A%22%2Fwidgets%2Ftweet_button.html%22%2C%22search%22%3A%22%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22hash%22%3A%22%22%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1716355535563%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D HTTP/2.0
host: syndication.twitter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://platform.twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:36 GMT
perf: 7402827104
vary: Origin
server: tsa_f
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Wed, 22 May 2024 05:25:36 GMT
content-length: 43
x-transaction-id: 2c76598190dddea7
strict-transport-security: max-age=631138519
x-response-time: 102
x-connection-hash: bc625c241d15592a23f883f3f6d33b3b808e3b719943d3e78c0f313769498f58
DNS

static.cloudflareinsights.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
DNS

psimpuphoako.com

msedge.exe

Remote address:

8.8.8.8:53

Request

psimpuphoako.com

IN A

Response

psimpuphoako.com

IN A

139.45.197.243
GET

https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

msedge.exe

Remote address:

104.16.80.73:443

Request

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.widgeo.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.widgeo.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 22 May 2024 05:25:36 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 887a62f5dcc2d180-LHR
content-encoding: gzip
GET

https://psimpuphoako.com/5/3294720/?oo=1&js_build=iclick-v1.799.4-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67

msedge.exe

Remote address:

139.45.197.243:443

Request

GET /5/3294720/?oo=1&js_build=iclick-v1.799.4-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67 HTTP/2.0
host: psimpuphoako.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 22 May 2024 05:25:36 GMT
content-type: application/json
x-trace-id: 7efd2ee5de1789934b3f1eb055850b10
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=00806479511f4adeed168e6aece23761; expires=Thu, 22 May 2025 05:25:36 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1716355536; expires=Thu, 22 May 2025 05:25:36 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
DNS

yonmewon.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yonmewon.com

IN A

Response

yonmewon.com

IN A

139.45.197.236
DNS

my.rtmark.net

msedge.exe

Remote address:

8.8.8.8:53

Request

my.rtmark.net

IN A

Response

my.rtmark.net

IN A

139.45.195.8
DNS

sr7pv7n5x.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sr7pv7n5x.com

IN A

Response

sr7pv7n5x.com

IN A

212.117.190.201
GET

https://my.rtmark.net/gid.js?userId=00806479511f4adeed168e6aece23761

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=00806479511f4adeed168e6aece23761 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 22 May 2024 05:25:36 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=00806479511f4adeed168e6aece23761; expires=Thu, 22 May 2025 05:25:36 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
DNS

119.250.250.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.250.250.87.in-addr.arpa

IN PTR

Response

119.250.250.87.in-addr.arpa

IN PTR

mcyandexru
DNS

66.220.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.220.184.93.in-addr.arpa

IN PTR

Response
DNS

34.30.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.30.21.104.in-addr.arpa

IN PTR

Response
DNS

8.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.42.244.104.in-addr.arpa

IN PTR

Response
DNS

73.80.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.80.16.104.in-addr.arpa

IN PTR

Response
DNS

243.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.197.45.139.in-addr.arpa

IN PTR

Response
DNS

8.195.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.195.45.139.in-addr.arpa

IN PTR

Response
DNS

236.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.197.45.139.in-addr.arpa

IN PTR

Response
DNS

201.190.117.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.190.117.212.in-addr.arpa

IN PTR

Response
DNS

201.190.117.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.190.117.212.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B7AA64AFEF334AE9A8A891423A0B4EE9 Ref B: LON04EDGE1022 Ref C: 2024-05-22T05:26:55Z
date: Wed, 22 May 2024 05:26:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 508B73E33C944FBFAFE08BA73EF09008 Ref B: LON04EDGE1022 Ref C: 2024-05-22T05:26:55Z
date: Wed, 22 May 2024 05:26:54 GMT
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response

118.139.179.30:80

www.linkwithin.com

msedge.exe

260 B
5
118.139.179.30:80

www.linkwithin.com

msedge.exe

260 B
5
104.26.10.22:80

http://www.widgeo.net/geocompteur/geolive.php?c=geolive_caroussel&adult=0&cat=nature&id=2150858

http

msedge.exe

690 B
2.8kB
7
7

HTTP Request

GET http://www.widgeo.net/geocompteur/geolive.php?c=geolive_caroussel&adult=0&cat=nature&id=2150858

HTTP Response

200
104.26.10.22:80

http://www.widgeo.net/geocompteur/geocompteur.php?c=geoipod_w&id=2151557&adult=0&cat=nature&fonce=&claire=

http

msedge.exe

701 B
2.8kB
7
7

HTTP Request

GET http://www.widgeo.net/geocompteur/geocompteur.php?c=geoipod_w&id=2151557&adult=0&cat=nature&fonce=&claire=

HTTP Response

200
104.26.10.22:80

http://www.widgeo.net/img/logopm.png

http

msedge.exe

681 B
1.9kB
7
6

HTTP Request

GET http://www.widgeo.net/img/logopm.png

HTTP Response

200
18.245.160.68:80

http://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg

http

msedge.exe

706 B
838 B
7
5

HTTP Request

GET http://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg

HTTP Response

301
172.67.134.81:80

http://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188

http

msedge.exe

713 B
1.2kB
7
6

HTTP Request

GET http://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188

HTTP Response

301
45.58.124.226:80

http://s10.flagcounter.com/count/n61S/bg_FFFFFF/txt_000000/border_CCCCCC/columns_3/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/

http

msedge.exe

917 B
15.7kB
10
15

HTTP Request

GET http://s10.flagcounter.com/count/n61S/bg_FFFFFF/txt_000000/border_CCCCCC/columns_3/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/

HTTP Response

200
18.245.160.68:443

https://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg

tls, http2

msedge.exe

2.7kB
39.8kB
38
38

HTTP Request

GET https://farm4.static.flickr.com/3227/2724159324_18ffcd4ea7.jpg

HTTP Response

200
172.67.134.81:443

https://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188

tls, http2

msedge.exe

2.6kB
6.0kB
14
14

HTTP Request

GET https://widgets.al-habib.info/images/blank.gif?_alhacid=1353305513188

HTTP Response

200
118.139.179.30:80

www.linkwithin.com

msedge.exe

260 B
5
23.212.110.177:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.5kB
6.3kB
17
11

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
104.26.10.22:443

https://www.widgeo.net/cdn-cgi/rum?

tls, http2

msedge.exe

3.6kB
7.8kB
21
21

HTTP Request

GET https://www.widgeo.net/hitparade.php?pagexiti=geolive

HTTP Request

GET https://www.widgeo.net/tcm.js

HTTP Request

GET https://www.widgeo.net/tcm_t_u.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.widgeo.net/cdn-cgi/rum?

HTTP Response

204
93.184.220.66:80

http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&counturl=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&count=horizontal&text=5%20tip%20motivasi%20yang%20bagus%20untuk%20kerjaya%20dan%20juga%20perniagaan:

http

msedge.exe

1.4kB
20.7kB
13
19

HTTP Request

GET http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&counturl=http%3A%2F%2Ffeldakumai.com%2Fmotivasi%2F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan&count=horizontal&text=5%20tip%20motivasi%20yang%20bagus%20untuk%20kerjaya%20dan%20juga%20perniagaan:

HTTP Response

200
104.26.10.22:443

www.widgeo.net

tls

msedge.exe

943 B
4.6kB
8
7
104.26.10.22:443

www.widgeo.net

tls

msedge.exe

931 B
4.6kB
9
7
176.31.24.102:80

msedge.exe

260 B
5
87.250.250.119:443

https://mc.yandex.ru/watch/97093088

tls, http2

msedge.exe

1.8kB
6.2kB
14
17

HTTP Request

GET https://mc.yandex.ru/watch/97093088
104.21.30.34:443

https://arvigorothan.com/tag.min.js

tls, http2

msedge.exe

3.7kB
38.2kB
37
39

HTTP Request

GET https://arvigorothan.com/tag.min.js

HTTP Response

200
104.26.11.22:445

www.widgeo.net

260 B
5
104.244.42.8:443

https://syndication.twitter.com/i/jot/embeds?l=%7B%22language%22%3A%22en%22%2C%22message%22%3A%22m%3A%22%2C%22widget_origin%22%3A%22%22%2C%22widget_frame%22%3A%7B%22ancestorOrigins%22%3A%7B%220%22%3A%22file%3A%2F%2F%22%7D%2C%22href%22%3A%22http%3A%2F%2Fplatform.twitter.com%2Fwidgets%2Ftweet_button.html%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22origin%22%3A%22http%3A%2F%2Fplatform.twitter.com%22%2C%22protocol%22%3A%22http%3A%22%2C%22host%22%3A%22platform.twitter.com%22%2C%22hostname%22%3A%22platform.twitter.com%22%2C%22port%22%3A%22%22%2C%22pathname%22%3A%22%2Fwidgets%2Ftweet_button.html%22%2C%22search%22%3A%22%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22hash%22%3A%22%22%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1716355535563%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

tls, http2

msedge.exe

2.8kB
4.6kB
12
11

HTTP Request

GET https://syndication.twitter.com/i/jot/embeds?l=%7B%22language%22%3A%22en%22%2C%22message%22%3A%22m%3A%22%2C%22widget_origin%22%3A%22%22%2C%22widget_frame%22%3A%7B%22ancestorOrigins%22%3A%7B%220%22%3A%22file%3A%2F%2F%22%7D%2C%22href%22%3A%22http%3A%2F%2Fplatform.twitter.com%2Fwidgets%2Ftweet_button.html%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22origin%22%3A%22http%3A%2F%2Fplatform.twitter.com%22%2C%22protocol%22%3A%22http%3A%22%2C%22host%22%3A%22platform.twitter.com%22%2C%22hostname%22%3A%22platform.twitter.com%22%2C%22port%22%3A%22%22%2C%22pathname%22%3A%22%2Fwidgets%2Ftweet_button.html%22%2C%22search%22%3A%22%3Furl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26counturl%3Dhttp%253A%252F%252Ffeldakumai.com%252Fmotivasi%252F5-tip-motivasi-yang-bagus-untuk-kerjaya-dan-juga-perniagaan%26count%3Dhorizontal%26text%3D5%2520tip%2520motivasi%2520yang%2520bagus%2520untuk%2520kerjaya%2520dan%2520juga%2520perniagaan%3A%22%2C%22hash%22%3A%22%22%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1716355535563%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

HTTP Response

200
104.16.80.73:443

https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

tls, http2

msedge.exe

1.8kB
12.5kB
16
19

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

HTTP Response

200
139.45.197.243:443

https://psimpuphoako.com/5/3294720/?oo=1&js_build=iclick-v1.799.4-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67

tls, http2

msedge.exe

1.8kB
6.8kB
14
15

HTTP Request

GET https://psimpuphoako.com/5/3294720/?oo=1&js_build=iclick-v1.799.4-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67

HTTP Response

200
176.31.24.102:80

msedge.exe

260 B
5
139.45.195.8:443

https://my.rtmark.net/gid.js?userId=00806479511f4adeed168e6aece23761

tls, http2

msedge.exe

1.7kB
4.6kB
13
14

HTTP Request

GET https://my.rtmark.net/gid.js?userId=00806479511f4adeed168e6aece23761

HTTP Response

200
139.45.197.236:443

yonmewon.com

tls, http2

msedge.exe

1.1kB
5.3kB
11
14
212.117.190.201:443

sr7pv7n5x.com

tls, http2

msedge.exe

1.1kB
4.5kB
11
13
104.26.10.22:445

www.widgeo.net

260 B
5
172.67.69.193:445

www.widgeo.net

260 B
5
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

53.1kB
1.5MB
1083
1080

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

8.8.8.8:53

feldakumai.com

dns

msedge.exe

60 B
133 B
1
1

DNS Request

feldakumai.com
8.8.8.8:53

www.linkwithin.com

dns

msedge.exe

64 B
94 B
1
1

DNS Request

www.linkwithin.com

DNS Response

118.139.179.30
8.8.8.8:53

www.widgeo.net

dns

msedge.exe

60 B
108 B
1
1

DNS Request

www.widgeo.net

DNS Response

104.26.10.22

104.26.11.22

172.67.69.193
8.8.8.8:53

synad2.nuffnang.com.my

dns

msedge.exe

68 B
132 B
1
1

DNS Request

synad2.nuffnang.com.my
8.8.8.8:53

feedjit.com

dns

msedge.exe

57 B
139 B
1
1

DNS Request

feedjit.com
8.8.8.8:53

farm4.static.flickr.com

dns

msedge.exe

69 B
85 B
1
1

DNS Request

farm4.static.flickr.com

DNS Response

18.245.160.68
8.8.8.8:53

c.gigcount.com

dns

msedge.exe

60 B
121 B
1
1

DNS Request

c.gigcount.com
8.8.8.8:53

widgets.al-habib.info

dns

msedge.exe

67 B
99 B
1
1

DNS Request

widgets.al-habib.info

DNS Response

172.67.134.81

104.21.25.147
8.8.8.8:53

s10.flagcounter.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

s10.flagcounter.com

DNS Response

45.58.124.226
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

68.160.245.18.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

68.160.245.18.in-addr.arpa
8.8.8.8:53

22.10.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

22.10.26.104.in-addr.arpa
8.8.8.8:53

81.134.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

81.134.67.172.in-addr.arpa
8.8.8.8:53

91.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

91.90.14.23.in-addr.arpa
8.8.8.8:53

226.124.58.45.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

226.124.58.45.in-addr.arpa
8.8.8.8:53

61.39.156.108.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

61.39.156.108.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

177.110.212.23.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

177.110.212.23.in-addr.arpa
224.0.0.251:5353

msedge.exe

527 B
8
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

platform.twitter.com

dns

msedge.exe

66 B
241 B
1
1

DNS Request

platform.twitter.com

DNS Response

93.184.220.66
8.8.8.8:53

mc.yandex.ru

dns

msedge.exe

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

87.250.250.119

87.250.251.119

93.158.134.119

77.88.21.119
8.8.8.8:53

www.widgeo.net

dns

msedge.exe

60 B
108 B
1
1

DNS Request

www.widgeo.net

DNS Response

104.26.11.22

104.26.10.22

172.67.69.193
8.8.8.8:53

arvigorothan.com

dns

msedge.exe

62 B
94 B
1
1

DNS Request

arvigorothan.com

DNS Response

104.21.30.34

172.67.150.119
8.8.8.8:53

twitter.com

dns

msedge.exe

57 B
121 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.193

104.244.42.65

104.244.42.129

104.244.42.1
8.8.8.8:53

syndication.twitter.com

dns

msedge.exe

69 B
85 B
1
1

DNS Request

syndication.twitter.com

DNS Response

104.244.42.8
8.8.8.8:53

static.cloudflareinsights.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
8.8.8.8:53

psimpuphoako.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

psimpuphoako.com

DNS Response

139.45.197.243
8.8.8.8:53

yonmewon.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

yonmewon.com

DNS Response

139.45.197.236
8.8.8.8:53

my.rtmark.net

dns

msedge.exe

59 B
75 B
1
1

DNS Request

my.rtmark.net

DNS Response

139.45.195.8
8.8.8.8:53

sr7pv7n5x.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

sr7pv7n5x.com

DNS Response

212.117.190.201
8.8.8.8:53

119.250.250.87.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

119.250.250.87.in-addr.arpa
8.8.8.8:53

66.220.184.93.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

66.220.184.93.in-addr.arpa
8.8.8.8:53

34.30.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

34.30.21.104.in-addr.arpa
8.8.8.8:53

8.42.244.104.in-addr.arpa

dns

71 B
71 B
1
1

DNS Request

8.42.244.104.in-addr.arpa
8.8.8.8:53

73.80.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.80.16.104.in-addr.arpa
8.8.8.8:53

243.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

243.197.45.139.in-addr.arpa
8.8.8.8:53

8.195.45.139.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

8.195.45.139.in-addr.arpa
8.8.8.8:53

236.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

236.197.45.139.in-addr.arpa
8.8.8.8:53

201.190.117.212.in-addr.arpa

dns

148 B
294 B
2
2

DNS Request

201.190.117.212.in-addr.arpa

DNS Request

201.190.117.212.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e98a81736152d67ad95605bd65517480

SHA1
dc0702eda78047a1ba3e19d66b4e1780ca4e684f

SHA256
febb6fa4011dc900f0b8617887d72cd08c50fd6287b6cf21256bb2e6725ab82f

SHA512
27baec4f2cf40dcd75a75c63e80de350b96f5341f4fa2a9c552d76e2859b8dd1a94a44cd67e2bc661312391b1a0f8bac7a6743b6584b22ca31259fa4818a6b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
799B

MD5
90198441fd76083641ec13ec67392d4a

SHA1
2133cc87d5752a0f7334c36125bff308b74c8409

SHA256
2c82b7b82d127ec218febd6df637e839eccc0fac22a03e1d4ac73e0a245a6733

SHA512
b6c286aa2aa920a9d51cbb6aae2a9effa0660d3cd5a9fa2d5c9f0a92a81e00e65d096084c84923444633aa0fe58205006bf02ad9ee04d15b665d851fd6e20bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96a27ddd8f16b769521a66098c64b89f

SHA1
991ec4f9969d01a7357fcf1cf411c1c2b78966d7

SHA256
5cf94bfaadc14fb7b8540db8f4314fcf2c326b754e9ba2e5475012c55e028bfa

SHA512
b753bf8495caaf462d31a89ca4f8d1cdd26a5babcfebd5352018456c44d7e2e57a1531505bbffe7479ec544b4928bf2ced6650e4d6eda664b1e6625f9c136982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff84352aeefea71aa524e303e833f0c6

SHA1
e0e51ca6a30c5c814af1f2a78904b7bdfd25357a

SHA256
a7f3980b88cf60efde6a9f043f9aa323ea7854f9824fbd8bafc95d13486730d8

SHA512
1f62f3b6d5d63e31bf295e6d92a5fac77892a90c85a27899b8075a1f65b57b7d6a15e1134a042fb911a9aaeda66c45e56e22f2b55b55eafd3db84cd0a509ead7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd2e1bf19113a10049d2576cbd045f69

SHA1
0eba388b0875fa93b8e87762018f3d7ad4dc7541

SHA256
ce02b393457a2069f58757907a205d5ffabac9842726d2898dbf94993b5f1372

SHA512
046ccf71eb4f0e314e7da4af3b5989f2b24f71412c4f111f08bdfe51caecc23f34a0942eea9ca96ccfba237ff6eb3c54dae1591e71fc7b82b70995615e0eae15

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request