977a6b141d612165ad6744c4c7e35f576773102cefebac749e0612c300742416

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 02:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

847f6b2ec7be9bdfe4f15ba285fa30d6_JaffaCakes118.html
Size

56KB
MD5

847f6b2ec7be9bdfe4f15ba285fa30d6
SHA1

1df892e39882ae53afc423ab52ccc1bfa3539e62
SHA256

977a6b141d612165ad6744c4c7e35f576773102cefebac749e0612c300742416
SHA512

854c60ffc268367d63bf57fade06af53369e9a551964d5f7ea4ce4fdf2e103f36beee18e69f2666b0ed1c32137c3f3858c772df8f3de8ce59e262a030b9d18ab
SSDEEP

1536:gQZBCCOdu0IxCF7Y+gjmMhlnPUwcsI846egKaUGAaCWaYWASWUqyy0i86uUuw2UO:gk2A0Ixv+gjmMhlnPUwcsI846egKaUGQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
4720	msedge.exe
4720	msedge.exe
4204	identity_helper.exe
4204	identity_helper.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 896	4720	msedge.exe	84
PID 4720 wrote to memory of 896	4720	msedge.exe	84
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 4716	4720	msedge.exe	85
PID 4720 wrote to memory of 1672	4720	msedge.exe	86
PID 4720 wrote to memory of 1672	4720	msedge.exe	86
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87
PID 4720 wrote to memory of 2268	4720	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\847f6b2ec7be9bdfe4f15ba285fa30d6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda94d46f8,0x7ffda94d4708,0x7ffda94d4718
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,14732211158943479095,13085773694096097137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

double.boublebarelled.ws

msedge.exe

Remote address:

8.8.8.8:53

Request

double.boublebarelled.ws

IN A

Response

double.boublebarelled.ws

IN A

64.70.19.203
GET

http://double.boublebarelled.ws/FrMal

msedge.exe

Remote address:

64.70.19.203:80

Request

GET /FrMal HTTP/1.1
Host: double.boublebarelled.ws
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:24 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 577
Connection: keep-alive
Access-Control-Allow-Origin: *
DNS

spellmanshow.com

msedge.exe

Remote address:

8.8.8.8:53

Request

spellmanshow.com

IN A

Response
DNS

web.icq.com

msedge.exe

Remote address:

8.8.8.8:53

Request

web.icq.com

IN A

Response

web.icq.com

IN CNAME

www.icq.com

www.icq.com

IN CNAME

www.ovip.icq.com

www.ovip.icq.com

IN A

5.61.236.229
GET

http://web.icq.com/whitepages/online?icq=8765463453&img=5

msedge.exe

Remote address:

5.61.236.229:80

Request

GET /whitepages/online?icq=8765463453&img=5 HTTP/1.1
Host: web.icq.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: kittenx
Date: Sat, 10 Aug 2024 02:36:24 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://web.icq.com/whitepages/online?icq=8765463453&img=5
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
GET

https://web.icq.com/whitepages/online?icq=8765463453&img=5

msedge.exe

Remote address:

5.61.236.229:443

Request

GET /whitepages/online?icq=8765463453&img=5 HTTP/1.1
Host: web.icq.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: kittenx
Date: Sat, 10 Aug 2024 02:36:24 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://icq.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

203.19.70.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.19.70.64.in-addr.arpa

IN PTR

Response

203.19.70.64.in-addr.arpa

IN PTR

mailrelay203websitews
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

229.236.61.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.236.61.5.in-addr.arpa

IN PTR

Response

229.236.61.5.in-addr.arpa

IN PTR

is-antiddos-front-vip2ismailrunet
DNS

www.website.ws

msedge.exe

Remote address:

8.8.8.8:53

Request

www.website.ws

IN A

Response

www.website.ws

IN CNAME

website.ws

website.ws

IN A

64.70.19.170
GET

https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /wc_landing.dhtml?domain=boublebarelled.ws HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: frame
Referer: http://double.boublebarelled.ws/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
GET

https://www.website.ws/newnav/css/layout.css

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/css/layout.css HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/css
Content-Length: 8265
Last-Modified: Sat, 06 Apr 2024 00:22:05 GMT
Connection: keep-alive
ETag: "661095ad-2049"
Content-Encoding: gzip
Access-Control-Allow-Origin:: https://*.ws
GET

https://www.website.ws/css/emoji.css

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /css/emoji.css HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/css
Content-Length: 347
Last-Modified: Thu, 03 Aug 2017 17:42:09 GMT
Connection: keep-alive
ETag: "59836071-15b"
Content-Encoding: gzip
Access-Control-Allow-Origin:: https://*.ws
GET

https://www.website.ws/newnav/js/iepngfix_tilebg.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/js/iepngfix_tilebg.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: application/javascript
Content-Length: 1817
Last-Modified: Wed, 09 Mar 2011 22:46:23 GMT
Connection: keep-alive
ETag: "4d78033f-719"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/js/emoji.min.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/emoji.min.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 27525
Last-Modified: Tue, 07 Mar 2017 10:42:53 GMT
Connection: keep-alive
ETag: "58be8ead-6b85"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/idn-orderflow/css/jquery.emojipicker.css

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /idn-orderflow/css/jquery.emojipicker.css HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: text/css
Content-Length: 6116
Last-Modified: Mon, 24 Jun 2019 17:17:31 GMT
Connection: keep-alive
ETag: "5d1105ab-17e4"
Content-Encoding: gzip
Access-Control-Allow-Origin:: https://*.ws
GET

https://www.website.ws/newdesign/newnav/images/h-motto.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/h-motto.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 9240
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-2418"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/content-t.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/content-t.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 6353
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-18d1"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/h-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/h-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 235
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-eb"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/btn-login.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/btn-login.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 2469
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-9a5"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/content-inn-xl-b.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/content-inn-xl-b.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 5386
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-150a"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
DNS

icq.com

msedge.exe

Remote address:

8.8.8.8:53

Request

icq.com

IN A

Response

icq.com

IN A

5.61.236.229
GET

https://icq.com/

msedge.exe

Remote address:

5.61.236.229:443

Request

GET / HTTP/1.1
Host: icq.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Server: kittenx
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://icq.com/en
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
GET

https://icq.com/en

msedge.exe

Remote address:

5.61.236.229:443

Request

GET /en HTTP/1.1
Host: icq.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Server: kittenx
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://icq.com/desktop/#windows
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
GET

https://icq.com/desktop/

msedge.exe

Remote address:

5.61.236.229:443

Request

GET /desktop/ HTTP/1.1
Host: icq.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Server: kittenx
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://icq.com/desktop/en?#windows
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
GET

https://icq.com/desktop/en?

msedge.exe

Remote address:

5.61.236.229:443

Request

GET /desktop/en? HTTP/1.1
Host: icq.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: kittenx
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
GET

https://www.website.ws/js/jquery-3.5.0.min.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/jquery-3.5.0.min.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: application/javascript
Content-Length: 30878
Last-Modified: Wed, 08 Jul 2020 18:04:55 GMT
Connection: keep-alive
ETag: "5f060ac7-789e"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/js/js-loader.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/js-loader.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 374
Last-Modified: Fri, 12 Jul 2019 14:55:16 GMT
Connection: keep-alive
ETag: "5d289f54-176"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newnav/images/main-logo.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/images/main-logo.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: image/png
Content-Length: 18132
Last-Modified: Wed, 09 Mar 2011 22:46:22 GMT
Connection: keep-alive
ETag: "4d78033e-46d4"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/metal-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/metal-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 9665
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-25c1"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/form-q-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/form-q-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 1082
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-43a"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/content-inn-xl-t.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/content-inn-xl-t.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 200
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-c8"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/form-field-s.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/form-field-s.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 426
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-1aa"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/content-b-emp.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/content-b-emp.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 20346
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-4f7a"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/js/jquery-migrate-3.0.0.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/jquery-migrate-3.0.0.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: application/javascript
Content-Length: 5087
Last-Modified: Mon, 03 Apr 2017 17:41:23 GMT
Connection: keep-alive
ETag: "58e28943-13df"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newnav/js/thickbox.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/js/thickbox.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 3730
Last-Modified: Mon, 31 Jul 2017 18:44:57 GMT
Connection: keep-alive
ETag: "597f7aa9-e92"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/js/cookie-alert.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/cookie-alert.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 402
Last-Modified: Fri, 25 May 2018 21:02:12 GMT
Connection: keep-alive
ETag: "5b0879d4-192"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newdesign/newnav/images/nav-login.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/nav-login.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 1813
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-715"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/nav-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/nav-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 1073
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-431"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/h-register-own.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/h-register-own.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 3615
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-e1f"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/inline-win-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/inline-win-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 1282
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-502"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/btn-sec-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/btn-sec-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 3449
Last-Modified: Fri, 21 Feb 2014 18:06:36 GMT
Connection: keep-alive
ETag: "530795ac-d79"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/bottom-logo.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/bottom-logo.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 16978
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-4252"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newnav/js/cufon-yui.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/js/cufon-yui.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: application/javascript
Content-Length: 7508
Last-Modified: Wed, 09 Mar 2011 22:46:23 GMT
Connection: keep-alive
ETag: "4d78033f-1d54"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newnav/js/jquery.md5.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/js/jquery.md5.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 3028
Last-Modified: Wed, 09 Mar 2011 22:46:23 GMT
Connection: keep-alive
ETag: "4d78033f-bd4"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/idn-orderflow/css/jquery.emojipicker.a.css

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /idn-orderflow/css/jquery.emojipicker.a.css HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: text/css
Content-Length: 16254
Last-Modified: Thu, 28 Apr 2022 19:22:24 GMT
Connection: keep-alive
ETag: "626ae970-3f7e"
Content-Encoding: gzip
Access-Control-Allow-Origin:: https://*.ws
GET

https://www.website.ws/newdesign/newnav/images/header-bg.jpg

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/header-bg.jpg HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/jpeg
Content-Length: 28085
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-6db5"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newnav/js/Rockwell_400.font.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/js/Rockwell_400.font.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: application/javascript
Content-Length: 7105
Last-Modified: Wed, 09 Mar 2011 22:46:23 GMT
Connection: keep-alive
ETag: "4d78033f-1bc1"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/js/emoji.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/emoji.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 1313
Last-Modified: Tue, 07 Mar 2017 10:42:53 GMT
Connection: keep-alive
ETag: "58be8ead-521"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/js/jquery.emojis.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/jquery.emojis.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 39525
Last-Modified: Thu, 28 Apr 2022 19:22:24 GMT
Connection: keep-alive
ETag: "626ae970-9a65"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newdesign/newnav/images/body-bg.jpg

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/body-bg.jpg HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/jpeg
Content-Length: 44444
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-ad9c"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newnav/js/roboto.cufonfonts.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/js/roboto.cufonfonts.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:25 GMT
Content-Type: application/javascript
Content-Length: 9141
Last-Modified: Mon, 31 Aug 2015 18:51:24 GMT
Connection: keep-alive
ETag: "55e4a22c-23b5"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newdesign/menu.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/menu.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 815
Last-Modified: Mon, 18 Jul 2016 16:38:36 GMT
Connection: keep-alive
ETag: "578d060c-32f"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/js/jquery.emojipicker.js

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /js/jquery.emojipicker.js HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:26 GMT
Content-Type: application/javascript
Content-Length: 5804
Last-Modified: Thu, 23 May 2019 14:28:23 GMT
Connection: keep-alive
ETag: "5ce6ae07-16ac"
Content-Encoding: gzip
Access-Control-Allow-Origin: *
GET

https://www.website.ws/newdesign/newnav/images/nav-whois.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/nav-whois.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 2166
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-876"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/content-bg.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/content-bg.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 434
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-1b2"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/btn-q-search.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/btn-q-search.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 2906
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-b5a"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/form-field-l.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/form-field-l.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 447
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-1bf"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newdesign/newnav/images/btn-create-acc-sm.png

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newdesign/newnav/images/btn-create-acc-sm.png HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/newnav/css/layout.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/png
Content-Length: 4594
Last-Modified: Thu, 29 Apr 2010 12:41:38 GMT
Connection: keep-alive
ETag: "4bd97e82-11f2"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
GET

https://www.website.ws/newnav/images/blank.gif

msedge.exe

Remote address:

64.70.19.170:443

Request

GET /newnav/images/blank.gif HTTP/1.1
Host: www.website.ws
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 10 Aug 2024 02:36:27 GMT
Content-Type: image/gif
Content-Length: 49
Last-Modified: Wed, 09 Mar 2011 22:46:22 GMT
Connection: keep-alive
ETag: "4d78033e-31"
Access-Control-Allow-Origin:: https://*.ws
Accept-Ranges: bytes
DNS

170.19.70.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.19.70.64.in-addr.arpa

IN PTR

Response

170.19.70.64.in-addr.arpa

IN PTR

mailrelay170websitews
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=027FAD5810F0627209DEB98F114B63DC; domain=.bing.com; expires=Thu, 04-Sep-2025 02:36:26 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 567C2239AE044D4FACB9AD44CCA0A95A Ref B: LON04EDGE0910 Ref C: 2024-08-10T02:36:26Z
date: Sat, 10 Aug 2024 02:36:25 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=027FAD5810F0627209DEB98F114B63DC

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=cxdTstFoEp9bqMTXN9LQQmVXpGNLy2MqM4XsZEJm8Rg; domain=.bing.com; expires=Thu, 04-Sep-2025 02:36:26 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BD2A6A2B53534F04A63CD3E548F71ADA Ref B: LON04EDGE0910 Ref C: 2024-08-10T02:36:26Z
date: Sat, 10 Aug 2024 02:36:25 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=027FAD5810F0627209DEB98F114B63DC; MSPTC=cxdTstFoEp9bqMTXN9LQQmVXpGNLy2MqM4XsZEJm8Rg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6579BED1FE724BC8A692AE3CD85FB5C0 Ref B: LON04EDGE0910 Ref C: 2024-08-10T02:36:26Z
date: Sat, 10 Aug 2024 02:36:25 GMT
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.196
GET

https://www.google.com/recaptcha/api.js?render=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&onload=reCaptchaReady

msedge.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api.js?render=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&onload=reCaptchaReady HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.website.ws/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&co=aHR0cHM6Ly93d3cud2Vic2l0ZS53czo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=2cok1yr89syz

msedge.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api2/anchor?ar=1&k=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&co=aHR0cHM6Ly93d3cud2Vic2l0ZS53czo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=2cok1yr89syz HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.website.ws/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

196.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.179.250.142.in-addr.arpa

IN PTR

Response

196.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f41e100net
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

168.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.179.250.142.in-addr.arpa

IN PTR

Response

168.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f81e100net
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

3.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.36.251.142.in-addr.arpa

IN PTR

Response

3.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f31e100net
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 629755
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E9C5B3F0FC5E4380A4FD14275BF71E4B Ref B: LON04EDGE1007 Ref C: 2024-08-10T02:38:05Z
date: Sat, 10 Aug 2024 02:38:04 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 513505
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 187797193D2C4314A2650B3505D55623 Ref B: LON04EDGE1007 Ref C: 2024-08-10T02:38:05Z
date: Sat, 10 Aug 2024 02:38:04 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 563726
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C1873FDA8E7421983EF045E5772C4B6 Ref B: LON04EDGE1007 Ref C: 2024-08-10T02:38:05Z
date: Sat, 10 Aug 2024 02:38:04 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 524971
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 99FC426456A84C97B23C244EA5C54171 Ref B: LON04EDGE1007 Ref C: 2024-08-10T02:38:05Z
date: Sat, 10 Aug 2024 02:38:04 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 646893
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 10887C7F230B4D32A8A1586EBCE65364 Ref B: LON04EDGE1007 Ref C: 2024-08-10T02:38:05Z
date: Sat, 10 Aug 2024 02:38:04 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 475456
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1329DB0399EA49168E565D5284BCF4D6 Ref B: LON04EDGE1007 Ref C: 2024-08-10T02:38:05Z
date: Sat, 10 Aug 2024 02:38:05 GMT

64.70.19.203:80

http://double.boublebarelled.ws/FrMal

http

msedge.exe

737 B
982 B
6
5

HTTP Request

GET http://double.boublebarelled.ws/FrMal

HTTP Response

200
5.61.236.229:80

http://web.icq.com/whitepages/online?icq=8765463453&img=5

http

msedge.exe

702 B
723 B
7
6

HTTP Request

GET http://web.icq.com/whitepages/online?icq=8765463453&img=5

HTTP Response

301
5.61.236.229:443

https://web.icq.com/whitepages/online?icq=8765463453&img=5

tls, http

msedge.exe

1.6kB
5.5kB
11
13

HTTP Request

GET https://web.icq.com/whitepages/online?icq=8765463453&img=5

HTTP Response

301
64.70.19.170:443

https://www.website.ws/newdesign/newnav/images/content-inn-xl-b.png

tls, http

msedge.exe

9.7kB
82.4kB
49
75

HTTP Request

GET https://www.website.ws/wc_landing.dhtml?domain=boublebarelled.ws

HTTP Response

200

HTTP Request

GET https://www.website.ws/newnav/css/layout.css

HTTP Response

200

HTTP Request

GET https://www.website.ws/css/emoji.css

HTTP Response

200

HTTP Request

GET https://www.website.ws/newnav/js/iepngfix_tilebg.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/js/emoji.min.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/idn-orderflow/css/jquery.emojipicker.css

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/h-motto.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/content-t.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/h-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/btn-login.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/content-inn-xl-b.png

HTTP Response

200
5.61.236.229:443

https://icq.com/desktop/en?

tls, http

msedge.exe

3.3kB
21.8kB
20
24

HTTP Request

GET https://icq.com/

HTTP Response

302

HTTP Request

GET https://icq.com/en

HTTP Response

302

HTTP Request

GET https://icq.com/desktop/

HTTP Response

302

HTTP Request

GET https://icq.com/desktop/en?

HTTP Response

200
64.70.19.170:443

https://www.website.ws/newdesign/newnav/images/content-b-emp.png

tls, http

msedge.exe

7.9kB
87.1kB
48
74

HTTP Request

GET https://www.website.ws/js/jquery-3.5.0.min.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/js/js-loader.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newnav/images/main-logo.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/metal-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/form-q-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/content-inn-xl-t.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/form-field-s.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/content-b-emp.png

HTTP Response

200
64.70.19.170:443

https://www.website.ws/newdesign/newnav/images/bottom-logo.png

tls, http

msedge.exe

7.8kB
42.4kB
33
41

HTTP Request

GET https://www.website.ws/js/jquery-migrate-3.0.0.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newnav/js/thickbox.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/js/cookie-alert.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/nav-login.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/nav-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/h-register-own.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/inline-win-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/btn-sec-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/bottom-logo.png

HTTP Response

200
64.70.19.170:443

https://www.website.ws/newdesign/newnav/images/header-bg.jpg

tls, http

msedge.exe

4.7kB
62.2kB
37
54

HTTP Request

GET https://www.website.ws/newnav/js/cufon-yui.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newnav/js/jquery.md5.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/idn-orderflow/css/jquery.emojipicker.a.css

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/header-bg.jpg

HTTP Response

200
64.70.19.170:443

https://www.website.ws/newdesign/newnav/images/body-bg.jpg

tls, http

msedge.exe

5.3kB
102.3kB
51
84

HTTP Request

GET https://www.website.ws/newnav/js/Rockwell_400.font.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/js/emoji.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/js/jquery.emojis.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/body-bg.jpg

HTTP Response

200
64.70.19.170:443

https://www.website.ws/newnav/images/blank.gif

tls, http

msedge.exe

7.6kB
34.4kB
30
36

HTTP Request

GET https://www.website.ws/newnav/js/roboto.cufonfonts.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/menu.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/js/jquery.emojipicker.js

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/nav-whois.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/content-bg.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/btn-q-search.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/form-field-l.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newdesign/newnav/images/btn-create-acc-sm.png

HTTP Response

200

HTTP Request

GET https://www.website.ws/newnav/images/blank.gif

HTTP Response

200
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

tls, http2

2.0kB
9.3kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8cc3e13b705b49b8a778a01877bb2d1a&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204
142.250.179.196:443

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&co=aHR0cHM6Ly93d3cud2Vic2l0ZS53czo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=2cok1yr89syz

tls, http2

msedge.exe

3.4kB
42.6kB
39
48

HTTP Request

GET https://www.google.com/recaptcha/api.js?render=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&onload=reCaptchaReady

HTTP Request

GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfNKaUUAAAAAIZF-V7eiNWFduuDR-obhXbXPNQs&co=aHR0cHM6Ly93d3cud2Vic2l0ZS53czo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=2cok1yr89syz
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.8kB
15
12
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

130.2kB
3.5MB
2539
2534

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

double.boublebarelled.ws

dns

msedge.exe

70 B
86 B
1
1

DNS Request

double.boublebarelled.ws

DNS Response

64.70.19.203
8.8.8.8:53

spellmanshow.com

dns

msedge.exe

62 B
62 B
1
1

DNS Request

spellmanshow.com
8.8.8.8:53

web.icq.com

dns

msedge.exe

57 B
114 B
1
1

DNS Request

web.icq.com

DNS Response

5.61.236.229
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

203.19.70.64.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

203.19.70.64.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

229.236.61.5.in-addr.arpa

dns

71 B
121 B
1
1

DNS Request

229.236.61.5.in-addr.arpa
8.8.8.8:53

www.website.ws

dns

msedge.exe

60 B
90 B
1
1

DNS Request

www.website.ws

DNS Response

64.70.19.170
8.8.8.8:53

icq.com

dns

msedge.exe

53 B
69 B
1
1

DNS Request

icq.com

DNS Response

5.61.236.229
8.8.8.8:53

170.19.70.64.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

170.19.70.64.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.196
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

196.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.179.250.142.in-addr.arpa
142.250.179.196:443

www.google.com

https

msedge.exe

4.0kB
8.1kB
12
13
142.250.179.196:443

www.google.com

https

msedge.exe

3.9kB
15.7kB
10
16
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

168.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

168.179.250.142.in-addr.arpa
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
8.8.8.8:53

3.36.251.142.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

3.36.251.142.in-addr.arpa
224.0.0.251:5353

460 B
7
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

15.164.165.52.in-addr.arpa

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
52980741eb48bee64ec0cf5d82c68c26

SHA1
e2810a8a44d2892c805c237a3f610bcf191e7564

SHA256
3d91a2f849daae50a70c4e4b5ed4182025a648f7797ff23dba3305175fd3b15d

SHA512
5c7e87da72c04dfcec17536ae94a4a5b46f63beee559282e415a7256399390e0ee4a2d55b36af5abfbaed88be1300769a19cad21142f76c7f7357b66bcd2c9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
78a95b23de2e734f4e98ef9cbebed5a9

SHA1
26605cd1b8674ecad779b4e9932627c4def52503

SHA256
9edb74c13a385005a97d0d05695e566947d514b1294cb473c6ed15c54ccc5226

SHA512
9dd14b633979c227918410f4d30c33607ba2b58cecb9b751c1090d686d88069f6d3d518253e36bf6ac0ef2e8691364263d65262577b1a5cac126566c445aa21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3646208a55f6c40b640e0afc08584460

SHA1
07736d941b82139b74914654facb2d2e580b783c

SHA256
fcc8e09ed1ccd3f442c0b2f0dcd019a64665be7ddc2b38ca09c03277e6cda2c7

SHA512
6b9fa71f6c8b8c5cab9aa53da154f736e5688f8ea206c9bf004f4a2322c25ef51ce763f0ce26c91e79476510aea839481badc6183d89cc753da3af8a8200aad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a51ecaa4edadc1f9adc921d591da686

SHA1
0bf35f7e30a1b8e18bc910899f2cd374ecb24496

SHA256
a0ef8c1ab763b55c3e2e1bc92b3c9deabf58fe2161240460d390f54bd417aa28

SHA512
f5238e6d47d207fb8c22ad9e9cfd5a09370846c30f91b759d58a13f9b8f73acb3becaa68b7b05a4bce041e083829b72eee96638973142e53ccb5c18fbff11391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
54a978549b8685cd20affa07a554ec51

SHA1
8d04dca4f6a469e17e3f5a8bbac15157bebfd222

SHA256
878c714b19eec86ab05926e6295e0c2030c8f4ab308170cc674327f136e176c4

SHA512
ca0662a53ca582ec94633418a143d664d80feb230926ba819a6e53cafdbb5fd4701f15915ca8388de4e88496f922489781bce5e7fc9b1b78169cbf34349c91f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request