hxxps://linkvertise[.]com/1035027/exm-cracked?o=sharing

Analysis

max time kernel
480s
max time network
487s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 22:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/1035027/exm-cracked?o=sharing

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	api.ipify.org
50	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
2656	msedge.exe
2656	msedge.exe
4276	msedge.exe
4276	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2832	2656	msedge.exe	80
PID 2656 wrote to memory of 2832	2656	msedge.exe	80
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 4264	2656	msedge.exe	81
PID 2656 wrote to memory of 1352	2656	msedge.exe	82
PID 2656 wrote to memory of 1352	2656	msedge.exe	82
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83
PID 2656 wrote to memory of 4668	2656	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/1035027/exm-cracked?o=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb12c13cb8,0x7ffb12c13cc8,0x7ffb12c13cd8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9171679710576120756,10953180664760296995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5276 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

Network

DNS

linkvertise.com

msedge.exe

Remote address:

8.8.8.8:53

Request

linkvertise.com

IN A

Response

linkvertise.com

IN A

104.22.23.72

linkvertise.com

IN A

104.22.22.72

linkvertise.com

IN A

172.67.31.186
DNS

linkvertise.com

msedge.exe

Remote address:

8.8.8.8:53

Request

linkvertise.com

IN A

Response

linkvertise.com

IN A

172.67.31.186

linkvertise.com

IN A

104.22.22.72

linkvertise.com

IN A

104.22.23.72
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

2.18.190.80

a1952.dscq.akamai.net

IN A

2.18.190.81
DNS

cdn.exmarketplace.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.exmarketplace.com

IN A

Response

cdn.exmarketplace.com

IN A

95.110.206.108

cdn.exmarketplace.com

IN A

95.110.204.9
DNS

use.typekit.net

msedge.exe

Remote address:

8.8.8.8:53

Request

use.typekit.net

IN A

Response

use.typekit.net

IN CNAME

use-stls.adobe.com.edgesuite.net

use-stls.adobe.com.edgesuite.net

IN CNAME

a1988.dscg1.akamai.net

a1988.dscg1.akamai.net

IN A

23.59.171.25

a1988.dscg1.akamai.net

IN A

23.59.171.11
DNS

136.32.126.40.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

pagead2.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

pagead2.googlesyndication.com

IN A

Response

pagead2.googlesyndication.com

IN A

142.250.74.226
DNS

api.ipify.org

msedge.exe

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN A

104.26.13.205

api.ipify.org

IN A

172.67.74.152

api.ipify.org

IN A

104.26.12.205
DNS

64.246.107.13.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.196
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

92.123.143.240

a767.dspw65.akamai.net

IN A

92.123.140.25
GET

https://linkvertise.com/1035027/exm-cracked?o=sharing

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /1035027/exm-cracked?o=sharing HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 103

link: <//cdn.exmarketplace.com>; rel=preconnect, <//securepubads.g.doubleclick.net>; rel=preconnect
GET

https://linkvertise.com/assets/external/ads.js

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:48 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
link: <//cdn.exmarketplace.com>; rel="preconnect", <//securepubads.g.doubleclick.net>; rel="preconnect"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NCEiISUiTSzQZ06dlpTfOTSWFPIqTOOnaC2ZMSjTLnWUCTo0jChLoH6ExsXBjz2f5hhdDuyYBIL4ENsVuW9m1ssRgxSkJQH24BElCE1LFUx42Sa%2BLTdg3qQ9t5P2MhTY4y8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg; path=/; expires=Sun, 18-Aug-24 22:33:48 GMT; domain=.linkvertise.com; HttpOnly; Secure; SameSite=None
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b55322e7e746521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

Request

GET /assets/external/ads.js HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg
GET

https://linkvertise.com/runtime.7f8599418f7f7a55.js

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /runtime.7f8599418f7f7a55.js HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://linkvertise.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"87a18df10c601bf2ed3321eab0aec42a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x8ci6jJ8IOe5icIFc2X8YyTUVsBcTilF1uQIx8sLyG6ldATa%2Fhbiqxh1Ml%2F5tiChUpB7IjHPINXVaTNA9Kh3FMWSzaUPCrGQu9huSGyoKDfBwhspxGf1Ku74xV5qaol04Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b55322f3f656521-LHR
alt-svc: h3=":443"; ma=86400
GET

https://linkvertise.com/polyfills.bd3b6746195e9466.js

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /polyfills.bd3b6746195e9466.js HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://linkvertise.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"8f0a013985b40e6c833be2558b02f585"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAhD%2FfyBMFH2pBDqdepMM0iT6NgRPpaagNAVdpGg1pQqslnlhQWhtuAQCtffqFQmURk%2FPTdfDfP%2FmYyAdBx1cqBoXMV24Kyhg3QobQdAdf8vZy29z6%2Bwe7MeBPRJhFpLG1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b55322f4f736521-LHR
alt-svc: h3=":443"; ma=86400
GET

https://linkvertise.com/main.bbfc8eb1e56bf7ad.js

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /main.bbfc8eb1e56bf7ad.js HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://linkvertise.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5d23b46a866e5f24cab68ca070719832"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2Bgq7jXVvP7XZBppuMgSnI8S0V4ndw0g4k0F4yKZ9KYPIds%2BX2Xm%2F9eMIz4M6JwSg0hJ4eozAvYUSxE9VSrUmMNB3oXurkN9gev9z8beFoWi5QijLA7%2BgCEoJEzIXdNDPY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b55322f4f726521-LHR
alt-svc: h3=":443"; ma=86400
GET

https://linkvertise.com/scripts.2c67031671ec753c.js

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"fb1b6164ba627ef7a1f926801fcbc781"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8cLyJmjfqEbeQZfvjDIIR2REkaha4hYetERr%2FKH9I1ir8pZiNJ0s2kOGF9EMPmm7%2Fr3nioZAnSztGXty5zct%2BcI6T4wpM4BHHMg17e9tFc1CaofByH3w0MdCpufqo6%2B821g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b55322f4f6e6521-LHR
alt-svc: h3=":443"; ma=86400

Request

GET /scripts.2c67031671ec753c.js HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg
GET

https://linkvertise.com/styles.35c9775e6f46e67d.css

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /styles.35c9775e6f46e67d.css HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"8f11fd2517fd51edd99dad73c61de349"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r04LbBbAqf9XVb%2BoP8OxfTSENAEhnROAVEdYL0V4XWuJqoamKT4A%2BpmheguflFoKWiJaCw5iLo7Gc6jZNH3g6GK1D7cAdpJde22Y0%2FMF0KsmJB1VfnNnzWvxa3vUk%2BoqpBg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b553232fb6c6521-LHR
alt-svc: h3=":443"; ma=86400
GET

https://linkvertise.com/assets/i18n/en.json?v=1

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b805a01fddd706e4e00f361965780ef5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZ4zmiCHzDism23lLcFwm6JgNQmUmeDux0j1Rs4SL7528z%2Fyq48VTa2VoxpZWbx37lUyJjN5tjQ3P23YD6hlTucj4UNk%2BAC2XJuj6W%2B6PjAiidm%2BCTZi%2FVCYKlT0vAwAbxk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b5532331b806521-LHR
alt-svc: h3=":443"; ma=86400

Request

GET /assets/i18n/en.json?v=1 HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg
GET

https://linkvertise.com/assets/external/thinksuggest.html

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /assets/external/thinksuggest.html HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 308

date: Sun, 18 Aug 2024 22:03:49 GMT
content-length: 0
location: /assets/external/thinksuggest
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zg7lfHsVmjYXXtRYf%2FF%2F5OJmNXMueU6f9uhpF6jl2Ar2Qc%2Fogwj3YUhTawiA7tfGR4WO46wnnC9szRsaX4U%2FQySPXCxAhJWnVe6AM5wUUKTy7ss02Cz%2FPmhTMTs%2BxSXaW3w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b553234dd706521-LHR
alt-svc: h3=":443"; ma=86400
GET

https://linkvertise.com/assets/img/loading.gif

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /assets/img/loading.gif HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f6d0c77ca4fad4791269c7dbdcb02107"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSFm59usZCK1isT7B6Y%2FCSJf7%2BbW9k3irjaYb%2FPWyxu1FXq2NQPa7LI79HD4wLpxI5r9jJULhExH5c7%2BHFRzzhM0XBKzUOC91niBwU5tRRlbh3GrxG9VJZhECu%2BKy2LBMSw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b553234cd4d6521-LHR
alt-svc: h3=":443"; ma=86400
GET

https://linkvertise.com/assets/external/thinksuggest

msedge.exe

Remote address:

172.67.31.186:443

Request

GET /assets/external/thinksuggest HTTP/2.0
host: linkvertise.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg

Response

HTTP/2.0 103

link: <https://www.google.com/>; rel=preconnect, <https://api.bing.com/>; rel=preconnect, <https://lnk.thinksuggest.org/>; rel=preconnect, <https://api.thinksuggest.org/>; rel=preconnect, <https://api.thinksuggest.org/>; rel=preconnect
GET

https://linkvertise.com/assets/external/thinksuggest

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
link: <//cdn.exmarketplace.com>; rel="preconnect", <//securepubads.g.doubleclick.net>; rel="preconnect"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QwPVU2Y1oBTfYyp4ysbuE%2F0uq7%2F4XUKhiWc6htJlSj2F%2FRaEQD344qqcUnqiXH3W1Vhhpv%2FWyejHpcMwjPQlcN07gBxe3HA%2BO56MG7OZELFHH7b9FEfMvtkJ9QgRCg43Eg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b5532352dd26521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

Request

GET /assets/external/thinksuggest HTTP/2.0
host: linkvertise.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://linkvertise.com/1035027/exm-cracked?o=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg
GET

https://linkvertise.com/favicon.ico

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
link: <https://www.google.com/>; rel="preconnect", <https://api.bing.com/>; rel="preconnect", <https://lnk.thinksuggest.org/>; rel="preconnect", <https://api.thinksuggest.org/>; rel="preconnect", <https://api.thinksuggest.org/>; rel="preconnect"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2BCIbXaoc5hzRvIdfLIUXMuEpOg5bZhIiDe8O%2FES49p2BXhQ682ez3HxD0u8SphY5i11hMf4nLM3smokQyx%2FULy2xQ1h6UgLVqxztd28q2%2Fv9SUzaRcL%2BIzKq2gsnFncV7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b5532353ddd6521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

Request

GET /favicon.ico HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg
cookie: _ga=GA1.1.817128474.1724018630
cookie: _ga_7DRMH8RP03=GS1.1.1724018629.1.0.1724018629.0.0.0
cookie: _clck=1dtaqk3%7C2%7Cfof%7C0%7C1691
GET

https://linkvertise.com/assets/img/loading.gif

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 103

link: <https://www.google.com/>; rel=preconnect, <https://api.bing.com/>; rel=preconnect, <https://lnk.thinksuggest.org/>; rel=preconnect, <https://api.thinksuggest.org/>; rel=preconnect, <https://api.thinksuggest.org/>; rel=preconnect

Request

GET /assets/img/loading.gif HTTP/2.0
host: linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=TGlPe3p1njfKudm9LxOZhsW8CAIGRtplOJJcBI_iQsg-1724018628-1.0.1.1-S.SXHFYiBfD2A6JS16C.ADByPQjhd5yilpcql_BUpbwUqm.ZSqSpfu0d9IwKPoTmBeaJYHbROQ8_wsbf28qaFg
cookie: _ga=GA1.1.817128474.1724018630
cookie: _ga_7DRMH8RP03=GS1.1.1724018629.1.0.1724018629.0.0.0
cookie: _clck=1dtaqk3%7C2%7Cfof%7C0%7C1691
cookie: _clsk=v5y3ck%7C1724018631690%7C1%7C0%7Ch.clarity.ms%2Fcollect
DNS

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:50 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
link: <https://www.google.com/>; rel="preconnect", <https://api.bing.com/>; rel="preconnect", <https://lnk.thinksuggest.org/>; rel="preconnect", <https://api.thinksuggest.org/>; rel="preconnect", <https://api.thinksuggest.org/>; rel="preconnect"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyDYYhsaoVWM5aZyd0F3Cu7rYZqzkEti2y4eOK0V7fqCXIp0VZyyOM8k%2FriUYk2L52sgypsK87Qj2HLY6IDZLIV25iExkFQj%2BZFVhw38y90IRPYtK3R%2F3cPkvLqL9wCc6yo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b553235ae406521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:50 GMT
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"28befd514525cf03d58901538c24b11d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wx2gtu%2BmJx6TGUBudoQu%2FKXf673PUcz1sx5Or2%2F3vN91eUrPiTsgOr4r5dgbvj3kdveIkTVGx5gbR1bkiWiBGtxT9edjNOdvVqAFSRZGj%2BDWQ0NRGmfqcuv6b4zuXIOkZms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b55323b1cf36521-LHR
alt-svc: h3=":443"; ma=86400
DNS

msedge.exe

Remote address:

172.67.31.186:443

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:52 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
link: <//cdn.exmarketplace.com>; rel="preconnect", <//securepubads.g.doubleclick.net>; rel="preconnect"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dA5jvlDM0VIu3vJxFhQxIhTvNySKXWnLwfDDKQIzgRZI34WAznNOv%2BMsPm6UqIZAk9KVqGY1JLPPpfrN2QEgdmLSqFE9W1nMTwyIOvZilmywLxg4n9nnrfh48lvXU%2B8izGk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b5532478c286521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

2.18.190.80:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sun, 18 Aug 2024 23:03:48 GMT
Date: Sun, 18 Aug 2024 22:03:48 GMT
Connection: keep-alive
DNS

cdnjs.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

186.31.67.172.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

186.31.67.172.in-addr.arpa

IN PTR

Response
DNS

api.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.bing.com

IN A

Response

api.bing.com

IN CNAME

api-bing-com.e-0001.e-msedge.net

api-bing-com.e-0001.e-msedge.net

IN CNAME

e-0001.e-msedge.net

e-0001.e-msedge.net

IN A

13.107.5.80
DNS

168.214.58.216.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

168.214.58.216.in-addr.arpa

IN PTR

Response

168.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f81e100net

168.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f8�H

168.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f168�H
DNS

c.clarity.ms

msedge.exe

Remote address:

8.8.8.8:53

Request

c.clarity.ms

IN A

Response

c.clarity.ms

IN CNAME

c.msn.com

c.msn.com

IN CNAME

c-msn-com-nsatc.trafficmanager.net

c-msn-com-nsatc.trafficmanager.net

IN A

13.74.129.1
DNS

33.215.58.216.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

33.215.58.216.in-addr.arpa

IN PTR

Response

33.215.58.216.in-addr.arpa

IN PTR

par21s17-in-f11e100net
DNS

self.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdwus10.westus.cloudapp.azure.com

onedscolprdwus10.westus.cloudapp.azure.com

IN A

20.189.173.11
DNS

self.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdwus10.westus.cloudapp.azure.com

onedscolprdwus10.westus.cloudapp.azure.com

IN A

20.189.173.11
DNS

maxst.icons8.com

msedge.exe

Remote address:

8.8.8.8:53

Request

maxst.icons8.com

IN A

Response

maxst.icons8.com

IN CNAME

1454623486.rsc.cdn77.org

1454623486.rsc.cdn77.org

IN A

84.17.50.9

1454623486.rsc.cdn77.org

IN A

89.187.167.39
DNS

162.20.217.172.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

162.20.217.172.in-addr.arpa

IN PTR

Response

162.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f1621e100net

162.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f2�J

162.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f2�J
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.196
DNS

20.244.100.95.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

20.244.100.95.in-addr.arpa

IN PTR

Response

20.244.100.95.in-addr.arpa

IN PTR

a95-100-244-20deploystaticakamaitechnologiescom
DNS

237.197.79.204.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

nexusrules.officeapps.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.227.11
DNS

p.typekit.net

msedge.exe

Remote address:

8.8.8.8:53

Request

p.typekit.net

IN A

Response

p.typekit.net

IN CNAME

p.typekit.net-stls-v3.edgesuite.net

p.typekit.net-stls-v3.edgesuite.net

IN CNAME

a1874.dscg1.akamai.net

a1874.dscg1.akamai.net

IN A

23.59.171.26

a1874.dscg1.akamai.net

IN A

23.59.171.9
DNS

172.210.232.199.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

lnk.thinksuggest.org

msedge.exe

Remote address:

8.8.8.8:53

Request

lnk.thinksuggest.org

IN A

Response

lnk.thinksuggest.org

IN A

176.9.175.232
DNS

72.22.22.104.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

72.22.22.104.in-addr.arpa

IN PTR

Response
DNS

ep2.adtrafficquality.google

msedge.exe

Remote address:

8.8.8.8:53

Request

ep2.adtrafficquality.google

IN A

Response

ep2.adtrafficquality.google

IN A

216.58.215.33
DNS

151.64.8.51.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

151.64.8.51.in-addr.arpa

IN PTR

Response
DNS

stackpath.bootstrapcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

stackpath.bootstrapcdn.com

IN A

Response

stackpath.bootstrapcdn.com

IN A

104.18.10.207

stackpath.bootstrapcdn.com

IN A

104.18.11.207
DNS

80.190.18.2.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

80.190.18.2.in-addr.arpa

IN PTR

Response

80.190.18.2.in-addr.arpa

IN PTR

a2-18-190-80deploystaticakamaitechnologiescom
DNS

publisher.linkvertise.com

msedge.exe

Remote address:

8.8.8.8:53

Request

publisher.linkvertise.com

IN A

Response

publisher.linkvertise.com

IN A

104.22.22.72

publisher.linkvertise.com

IN A

172.67.31.186

publisher.linkvertise.com

IN A

104.22.23.72
DNS

www.google-analytics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google-analytics.com

IN A

Response

www.google-analytics.com

IN A

142.250.75.238
DNS

ep1.adtrafficquality.google

msedge.exe

Remote address:

8.8.8.8:53

Request

ep1.adtrafficquality.google

IN A

Response

ep1.adtrafficquality.google

IN A

172.217.20.194
DNS

1.129.74.13.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

1.129.74.13.in-addr.arpa

IN PTR

Response
DNS

h.clarity.ms

msedge.exe

Remote address:

8.8.8.8:53

Request

h.clarity.ms

IN A

Response

h.clarity.ms

IN CNAME

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

IN A

51.8.64.151
DNS

js.chargebee.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.chargebee.com

IN A

Response

js.chargebee.com

IN A

18.244.179.17

js.chargebee.com

IN A

18.244.179.83

js.chargebee.com

IN A

18.244.179.5

js.chargebee.com

IN A

18.244.179.57
DNS

95.221.229.192.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

contextual.media.net

msedge.exe

Remote address:

8.8.8.8:53

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

95.100.244.20
DNS

api.thinksuggest.org

msedge.exe

Remote address:

8.8.8.8:53

Request

api.thinksuggest.org

IN A

Response

api.thinksuggest.org

IN A

176.9.175.232
DNS

205.13.26.104.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

205.13.26.104.in-addr.arpa

IN PTR

Response
DNS

238.75.250.142.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

238.75.250.142.in-addr.arpa

IN PTR

Response

238.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f141e100net
DNS

h.clarity.ms

msedge.exe

Remote address:

8.8.8.8:53

Request

h.clarity.ms

IN A

Response

h.clarity.ms

IN CNAME

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

IN A

51.8.64.151
DNS

h.clarity.ms

msedge.exe

Remote address:

8.8.8.8:53

Request

h.clarity.ms

IN A

Response

h.clarity.ms

IN CNAME

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

IN A

51.8.64.151
GET

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.2/css/all.css

msedge.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/font-awesome/5.10.2/css/all.css HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 460859
expires: Fri, 08 Aug 2025 22:03:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WHrWb9C9REdHTw3xJTigPmF5ndM%2FVA9OjreUCux7%2BBhA%2BEqNOA%2FTWa2pSbcb2TJeTaI60ZVuupEUPzDbE%2BVRNsoR%2BB5t28Z%2BB6juHO0A4AZv7dwObSZSESrM4CPN6WVikkZjcCQ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8b553231dbc6bee7-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

msedge.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: text/css; charset=utf-8
content-length: 10228
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-111e5"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 264421
expires: Fri, 08 Aug 2025 22:03:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULHbb5UjJmZzksdS30T1CT550DyX8n071FcolPI6uCaq2rj5dvoQ4kc2PTL77pzVlDLFIiGTklG%2BOrgTvSoHdsJybkrCuTCPpcWi28lg6G%2FZIuK4QkWSfUV1T%2FoNH6cn4W8l1vNE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8b553231dbc3bee7-LHR
alt-svc: h3=":443"; ma=86400
GET

https://p.typekit.net/p.css?s=1&k=lgs0rip&ht=tk&f=43349.43352.43354.43357&a=84442296&app=typekit&e=css

msedge.exe

Remote address:

23.59.171.26:443

Request

GET /p.css?s=1&k=lgs0rip&ht=tk&f=43349.43352.43354.43357&a=84442296&app=typekit&e=css HTTP/2.0
host: p.typekit.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: text/css
content-length: 5
last-modified: Fri, 14 Jul 2023 12:46:57 GMT
etag: "64b143c1-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Sun, 18 Aug 2024 22:03:49 GMT
GET

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

msedge.exe

Remote address:

104.18.10.207:443

Request

GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/2.0
host: stackpath.bootstrapcdn.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://linkvertise.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"67176c242e1bdc20603c878dee836df3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 10/31/2023 18:58:40
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: cfa938290e0da38f66e73e3dc2cf6384
cdn-cache: HIT
cf-cache-status: HIT
age: 13225154
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8b5532302c5f63cf-LHR
alt-svc: h3=":443"; ma=86400
GET

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

msedge.exe

Remote address:

104.18.10.207:443

Request

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/2.0
host: stackpath.bootstrapcdn.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://linkvertise.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 10/31/2023 19:20:17
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 951
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 5d7b8e86e9b70c023d9ad0594119d218
cdn-cache: HIT
cf-cache-status: HIT
age: 3983112
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8b5532302c5d63cf-LHR
alt-svc: h3=":443"; ma=86400
GET

https://js.chargebee.com/v2/chargebee.js

msedge.exe

Remote address:

18.244.179.17:443

Request

GET /v2/chargebee.js HTTP/2.0
host: js.chargebee.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/x-javascript
last-modified: Fri, 09 Aug 2024 10:27:44 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: NsAseg5rAWeiX.QEsADRjz5wSUsnPY4B
server: AmazonS3
strict-transport-security: max-age=300; includeSubdomains; preload
content-encoding: gzip
date: Sun, 18 Aug 2024 21:59:52 GMT
cache-control: max-age=300,public
etag: W/"362e6ab41bbbe8005384b42ce7a006b2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 145b68c3ecd24e322402424a1db81138.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P7
x-amz-cf-id: N8qaP26CgIO2X-OiypPZ8D6NSCxajRVWGOS-ej2LGDS02222tVYqBQ==
age: 238
vary: Origin
GET

https://js.chargebee.com/assets/cbjs-2024.08.09-10.16/v2/208-157dc4606381f7f9308b.js

msedge.exe

Remote address:

18.244.179.17:443

Request

GET /assets/cbjs-2024.08.09-10.16/v2/208-157dc4606381f7f9308b.js HTTP/2.0
host: js.chargebee.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/x-javascript
last-modified: Fri, 09 Aug 2024 10:27:44 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: FTK.VWEv3QBEGwewr_H2nuwCjeBsTY4n
server: AmazonS3
strict-transport-security: max-age=300; includeSubdomains; preload
content-encoding: gzip
date: Sun, 18 Aug 2024 22:01:00 GMT
cache-control: max-age=300,public
etag: W/"49ce37fd223f3af1b907a58591e300dd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 145b68c3ecd24e322402424a1db81138.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P7
x-amz-cf-id: 4D9RcP176a9OqrusETUfI5U5PncHXkrbsoWU2F2DSCW73hVpWqOX-Q==
age: 169
GET

https://maxst.icons8.com/vue-static/landings/line-awesome/line-awesome/1.3.0/css/line-awesome.min.css

msedge.exe

Remote address:

84.17.50.9:443

Request

GET /vue-static/landings/line-awesome/line-awesome/1.3.0/css/line-awesome.min.css HTTP/2.0
host: maxst.icons8.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:49 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
etag: W/"1a57e-m/ufJj2eAiPapDT36d69nG4R6Hc"
last-modified: Mon, 10 Jun 2024 07:39:04 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cache-control: public
x-77-nzt: EwwBVBEyBwH3xn42AAwBuUwKAQH3SwAAAAwBJRPCMQH3RPMjAA
x-77-nzt-ray: 66f31c26ec6a9ecfc56fc266bd21e709
x-accel-expires: @2033451120
x-accel-date: 1720447231
x-77-cache: HIT
x-77-age: 3571398
content-encoding: gzip
server: CDN77-Turbo
x-accel-date-max: 1720447231
x-cache: HIT
x-age: 3571398
x-77-pop: londonGB
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.20.162
DNS

226.74.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.74.250.142.in-addr.arpa

IN PTR

Response

226.74.250.142.in-addr.arpa

IN PTR

par10s40-in-f21e100net
DNS

194.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.20.217.172.in-addr.arpa

IN PTR

Response

194.20.217.172.in-addr.arpa

IN PTR

par10s50-in-f21e100net

194.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f194�H

194.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f2�H
DNS

h.clarity.ms

Remote address:

8.8.8.8:53

Request

h.clarity.ms

IN A

Response

h.clarity.ms

IN CNAME

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com

IN A

51.8.64.151
DNS

108.206.110.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.206.110.95.in-addr.arpa

IN PTR

Response

108.206.110.95.in-addr.arpa

IN PTR

host108-206-110-95serverdedicatiarubait
DNS

25.171.59.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.171.59.23.in-addr.arpa

IN PTR

Response

25.171.59.23.in-addr.arpa

IN PTR

a23-59-171-25deploystaticakamaitechnologiescom
DNS

www.clarity.ms

Remote address:

8.8.8.8:53

Request

www.clarity.ms

IN A

Response

www.clarity.ms

IN CNAME

clarity.azurefd.net

clarity.azurefd.net

IN CNAME

azurefd-t-prod.trafficmanager.net

azurefd-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

80.5.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.5.107.13.in-addr.arpa

IN PTR

Response
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.179.97
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR
DNS

26.171.59.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.171.59.23.in-addr.arpa

IN PTR

Response

26.171.59.23.in-addr.arpa

IN PTR

a23-59-171-26deploystaticakamaitechnologiescom
DNS

207.10.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.10.18.104.in-addr.arpa

IN PTR

Response
DNS

17.179.244.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.179.244.18.in-addr.arpa

IN PTR

Response

17.179.244.18.in-addr.arpa

IN PTR

server-18-244-179-17lhr61r cloudfrontnet
DNS

9.50.17.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.50.17.84.in-addr.arpa

IN PTR

Response

9.50.17.84.in-addr.arpa

IN PTR

639431526loncdn77com
DNS

79.140.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.140.162.3.in-addr.arpa

IN PTR

Response

79.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-79dub56r cloudfrontnet
GET

https://contextual.media.net/dmedianet.js?cid=8CUG57U1V

msedge.exe

Remote address:

95.100.244.20:443

Request

GET /dmedianet.js?cid=8CUG57U1V HTTP/2.0
host: contextual.media.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 22-s1v0
x-mnt-w: 22-s1v0
timing-allow-origin: *
etag: "5ef7224f812abe6f5e9e8aeea44e999a"
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=93600
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Sun, 18 Aug 2024 22:08:49 GMT
date: Sun, 18 Aug 2024 22:03:49 GMT
content-length: 37510
OPTIONS

https://publisher.linkvertise.com/api/v1/account

msedge.exe

Remote address:

104.22.22.72:443

Request

OPTIONS /api/v1/account HTTP/2.0
host: publisher.linkvertise.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://linkvertise.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sun, 18 Aug 2024 22:03:50 GMT
cache-control: no-cache, private
access-control-allow-origin: https://linkvertise.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 0
set-cookie: laravel_session=9VlicQMhaqYuHLsC4S788dMGKv1EiFpRVEOpHOTw; expires=Mon, 18 Aug 2025 22:03:50 GMT; Max-Age=31536000; path=/; domain=.linkvertise.com; httponly
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=qPuMQRB55jJk5QLR1auqeEL5q30cL5ZlGct7davJmgY-1724018630-1.0.1.1-ZOq5VckhIEcovxglrguy2jYlJIGqeL7PPJdRR9U6VJ_nygjyp38CtiKxhZ..t8Nm0ZywW0QZsq1qjrYZPX4zsw; path=/; expires=Sun, 18-Aug-24 22:33:50 GMT; domain=.linkvertise.com; HttpOnly; Secure; SameSite=None
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b5532358817957a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://publisher.linkvertise.com/api/v1/account

msedge.exe

Remote address:

104.22.22.72:443

Request

GET /api/v1/account HTTP/2.0
host: publisher.linkvertise.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
origin: https://linkvertise.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:50 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: https://linkvertise.com
vary: Origin
access-control-allow-credentials: true
set-cookie: laravel_session=kwo9vfu9F1ONV5QUjhhqdiATOGnNaAPmpxPZXhMs; expires=Mon, 18 Aug 2025 22:03:50 GMT; Max-Age=31536000; path=/; domain=.linkvertise.com; httponly
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=xMTcqTn7vDo.W_avlsc8nCb.3odpzo2GDxoxwjNVMNM-1724018630-1.0.1.1-PPmHT0TVUIKvNZ2r3hkBicxVg_XpErTZdVtMHsRBxJsLZX40KXHLgQAICg9.F0zkBlrofu_jsjw8gtaFzT.Gzg; path=/; expires=Sun, 18-Aug-24 22:33:50 GMT; domain=.linkvertise.com; HttpOnly; Secure; SameSite=None
x-frame-options: sameorigin
server: cloudflare
cf-ray: 8b553235e87c957a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://googleads.g.doubleclick.net/pagead/html/r20240814/r20110914/zrt_lookup_fy2021.html

msedge.exe

Remote address:

172.217.20.162:443

Request

GET /pagead/html/r20240814/r20110914/zrt_lookup_fy2021.html HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7762049002141603&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1724018629&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Flinkvertise.com%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aiael=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aifxl=27_4~30_19&aiixl=29_5~27_3~30_6&aslmct=0.7&asamct=0.7&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkwLjAuODE4LjY2IixudWxsLDAsbnVsbCwiIixudWxsLDBd&dt=1724018629371&bpp=4&bdt=1031&idt=157&shv=r20240814&mjsv=m202408130101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1994838393506&frm=20&pv=2&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1280&bih=601&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95331690%2C95334528%2C95334828%2C95337870%2C31086140%2C95339222&oid=2&pvsid=3215229280802366&tmod=1419608929&wsm=1&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C601&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=206

msedge.exe

Remote address:

172.217.20.162:443

Request

GET /pagead/ads?client=ca-pub-7762049002141603&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1724018629&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Flinkvertise.com%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aiael=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aifxl=27_4~30_19&aiixl=29_5~27_3~30_6&aslmct=0.7&asamct=0.7&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkwLjAuODE4LjY2IixudWxsLDAsbnVsbCwiIixudWxsLDBd&dt=1724018629371&bpp=4&bdt=1031&idt=157&shv=r20240814&mjsv=m202408130101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1994838393506&frm=20&pv=2&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1280&bih=601&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95331690%2C95334528%2C95334828%2C95337870%2C31086140%2C95339222&oid=2&pvsid=3215229280802366&tmod=1419608929&wsm=1&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C601&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=206 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/recaptcha/api2/aframe

msedge.exe

Remote address:

172.217.20.196:443

Request

GET /recaptcha/api2/aframe HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.clarity.ms/tag/h4p7g35xmb?ref=gtm2

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /tag/h4p7g35xmb?ref=gtm2 HTTP/2.0
host: www.clarity.ms
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:50 GMT
content-type: application/x-javascript
content-length: 667
cache-control: no-cache, no-store
expires: -1
set-cookie: CLID=1cd9c75e12d84a2a9b027faa735af32c.20240818.20250818; expires=Mon, 18 Aug 2025 22:03:50 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
x-azure-ref: 20240818T220350Z-154b59dbc6dqs78mfs1tm69a30000000055g00000001as8p
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
GET

https://www.clarity.ms/s/0.7.44/clarity.js

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /s/0.7.44/clarity.js HTTP/2.0
host: www.clarity.ms
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: CLID=1cd9c75e12d84a2a9b027faa735af32c.20240818.20250818

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:50 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Sun, 18 Aug 2024 06:43:59 GMT
etag: W/"0x8DCBF51240602D7"
x-ms-request-id: 6b0a6199-c01e-0004-473e-f1a3dc000000
x-ms-version: 2018-03-28
access-control-allow-origin: *
x-azure-ref: 20240818T220350Z-154b59dbc6dqs78mfs1tm69a30000000055g00000001as8t
cache-control: public, max-age=86400
x-fd-int-roxy-purgeid: 51562430
x-cache: TCP_HIT
content-encoding: br
GET

https://www.thinksuggest.org/simple/suggest-min-unpacked.js

msedge.exe

Remote address:

176.9.175.232:443

Request

GET /simple/suggest-min-unpacked.js HTTP/1.1
Host: www.thinksuggest.org
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://linkvertise.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 18 Aug 2024 22:03:50 GMT
Content-Type: application/javascript
Content-Length: 51487
Last-Modified: Fri, 05 Jun 2020 12:39:04 GMT
Connection: keep-alive
ETag: "5eda3ce8-c91f"
Accept-Ranges: bytes
GET

https://api.ipify.org/?format=jsonp&callback=getIP

msedge.exe

Remote address:

104.26.13.205:443

Request

GET /?format=jsonp&callback=getIP HTTP/2.0
host: api.ipify.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 18 Aug 2024 22:03:50 GMT
content-type: application/javascript
content-length: 30
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8b5532367acd413a-LHR
GET

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20240814&st=env

msedge.exe

Remote address:

172.217.20.194:443

Request

GET /getconfig/sodar?sv=200&tid=gda&tv=r20240814&st=env HTTP/2.0
host: ep1.adtrafficquality.google
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://linkvertise.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B4F8D75815D142B1813EEB2F3277585E&RedC=c.clarity.ms&MXFR=10C9AE5D84CA60F53C09BA8280CA6E8D

msedge.exe

Remote address:

204.79.197.237:443

Request

GET /c.gif?ctsa=mr&CtsSyncId=B4F8D75815D142B1813EEB2F3277585E&RedC=c.clarity.ms&MXFR=10C9AE5D84CA60F53C09BA8280CA6E8D HTTP/2.0
host: c.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B4F8D75815D142B1813EEB2F3277585E&MUID=2224A6AF0F84600B2231B2700E646188
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=2224A6AF0F84600B2231B2700E646188; domain=.bing.com; expires=Fri, 12-Sep-2025 22:03:51 GMT; path=/; SameSite=None; Secure; Priority=High;
set-cookie: MR=0; domain=c.bing.com; expires=Sun, 25-Aug-2024 22:03:51 GMT; path=/; SameSite=None; Secure;
set-cookie: SRM_B=2224A6AF0F84600B2231B2700E646188; domain=c.bing.com; expires=Fri, 12-Sep-2025 22:03:51 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 900C6897B08E4F5EA3D3EEC90D6C9347 Ref B: LON04EDGE1219 Ref C: 2024-08-18T22:03:51Z
date: Sun, 18 Aug 2024 22:03:51 GMT
content-length: 0
GET

https://ep2.adtrafficquality.google/sodar/sodar2.js

msedge.exe

Remote address:

216.58.215.33:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: ep2.adtrafficquality.google
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

msedge.exe

Remote address:

142.250.179.97:443

Request

GET /sodar/sodar2/225/runner.html HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://linkvertise.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

172.67.31.186:443

https://linkvertise.com/assets/img/loading.gif

tls, http2

msedge.exe

47.3kB
1.2MB
784
935

HTTP Request

GET https://linkvertise.com/1035027/exm-cracked?o=sharing

HTTP Response

103

HTTP Response

200

HTTP Request

GET https://linkvertise.com/assets/external/ads.js

HTTP Request

GET https://linkvertise.com/runtime.7f8599418f7f7a55.js

HTTP Request

GET https://linkvertise.com/polyfills.bd3b6746195e9466.js

HTTP Request

GET https://linkvertise.com/main.bbfc8eb1e56bf7ad.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://linkvertise.com/scripts.2c67031671ec753c.js

HTTP Request

GET https://linkvertise.com/styles.35c9775e6f46e67d.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://linkvertise.com/assets/i18n/en.json?v=1

HTTP Request

GET https://linkvertise.com/assets/external/thinksuggest.html

HTTP Response

308

HTTP Request

GET https://linkvertise.com/assets/img/loading.gif

HTTP Response

200

HTTP Request

GET https://linkvertise.com/assets/external/thinksuggest

HTTP Response

103

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://linkvertise.com/assets/external/thinksuggest

HTTP Response

103

HTTP Response

200

HTTP Request

GET https://linkvertise.com/favicon.ico

HTTP Response

200

HTTP Request

GET https://linkvertise.com/assets/img/loading.gif

HTTP Response

200
2.18.190.80:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
95.110.206.108:443

cdn.exmarketplace.com

tls

msedge.exe

1.7kB
7.7kB
12
15
172.217.20.162:443

securepubads.g.doubleclick.net

tls, http2

msedge.exe

1.0kB
5.3kB
10
9
104.17.25.14:443

cdnjs.cloudflare.com

tls, http2

msedge.exe

995 B
3.1kB
9
5
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

tls, http2

msedge.exe

4.1kB
45.0kB
59
56

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.2/css/all.css

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

HTTP Response

200

HTTP Response

200
23.59.171.25:443

use.typekit.net

tls, http2

msedge.exe

1.2kB
6.2kB
13
14
23.59.171.26:443

https://p.typekit.net/p.css?s=1&k=lgs0rip&ht=tk&f=43349.43352.43354.43357&a=84442296&app=typekit&e=css

tls, http2

msedge.exe

1.9kB
6.7kB
17
18

HTTP Request

GET https://p.typekit.net/p.css?s=1&k=lgs0rip&ht=tk&f=43349.43352.43354.43357&a=84442296&app=typekit&e=css

HTTP Response

200
104.18.10.207:443

stackpath.bootstrapcdn.com

tls

msedge.exe

793 B
1.5kB
6
4
104.18.10.207:443

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

tls, http2

msedge.exe

4.5kB
48.9kB
66
62

HTTP Request

GET https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

HTTP Request

GET https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

HTTP Response

200

HTTP Response

200
18.244.179.17:443

https://js.chargebee.com/assets/cbjs-2024.08.09-10.16/v2/208-157dc4606381f7f9308b.js

tls, http2

msedge.exe

4.4kB
105.1kB
72
90

HTTP Request

GET https://js.chargebee.com/v2/chargebee.js

HTTP Response

200

HTTP Request

GET https://js.chargebee.com/assets/cbjs-2024.08.09-10.16/v2/208-157dc4606381f7f9308b.js

HTTP Response

200
84.17.50.9:443

https://maxst.icons8.com/vue-static/landings/line-awesome/line-awesome/1.3.0/css/line-awesome.min.css

tls, http2

msedge.exe

2.3kB
22.3kB
26
30

HTTP Request

GET https://maxst.icons8.com/vue-static/landings/line-awesome/line-awesome/1.3.0/css/line-awesome.min.css

HTTP Response

200
95.100.244.20:443

https://contextual.media.net/dmedianet.js?cid=8CUG57U1V

tls, http2

msedge.exe

2.7kB
44.5kB
36
45

HTTP Request

GET https://contextual.media.net/dmedianet.js?cid=8CUG57U1V

HTTP Response

200
104.22.22.72:443

https://publisher.linkvertise.com/api/v1/account

tls, http2

msedge.exe

2.2kB
5.5kB
22
21

HTTP Request

OPTIONS https://publisher.linkvertise.com/api/v1/account

HTTP Response

204

HTTP Request

GET https://publisher.linkvertise.com/api/v1/account

HTTP Response

200
172.217.20.162:443

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7762049002141603&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1724018629&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Flinkvertise.com%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aiael=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aifxl=27_4~30_19&aiixl=29_5~27_3~30_6&aslmct=0.7&asamct=0.7&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkwLjAuODE4LjY2IixudWxsLDAsbnVsbCwiIixudWxsLDBd&dt=1724018629371&bpp=4&bdt=1031&idt=157&shv=r20240814&mjsv=m202408130101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1994838393506&frm=20&pv=2&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1280&bih=601&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95331690%2C95334528%2C95334828%2C95337870%2C31086140%2C95339222&oid=2&pvsid=3215229280802366&tmod=1419608929&wsm=1&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C601&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=206

tls, http2

msedge.exe

6.2kB
11.2kB
25
27

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/html/r20240814/r20110914/zrt_lookup_fy2021.html

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7762049002141603&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1724018629&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Flinkvertise.com%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aiael=29~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30~34&aifxl=27_4~30_19&aiixl=29_5~27_3~30_6&aslmct=0.7&asamct=0.7&uach=WyJXaW5kb3dzIiwiMTAuMCIsIng4NiIsIiIsIjkwLjAuODE4LjY2IixudWxsLDAsbnVsbCwiIixudWxsLDBd&dt=1724018629371&bpp=4&bdt=1031&idt=157&shv=r20240814&mjsv=m202408130101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1994838393506&frm=20&pv=2&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1280&bih=601&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95331690%2C95334528%2C95334828%2C95337870%2C31086140%2C95339222&oid=2&pvsid=3215229280802366&tmod=1419608929&wsm=1&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C601&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=206
172.217.20.196:443

https://www.google.com/recaptcha/api2/aframe

tls, http2

msedge.exe

2.1kB
7.7kB
20
25

HTTP Request

GET https://www.google.com/recaptcha/api2/aframe
13.107.5.80:443

api.bing.com

tls, http2

msedge.exe

1.6kB
8.5kB
11
16
176.9.175.232:443

lnk.thinksuggest.org

tls

msedge.exe

1.0kB
4.4kB
9
12
13.107.246.64:443

https://www.clarity.ms/s/0.7.44/clarity.js

tls, http2

msedge.exe

3.3kB
35.4kB
33
39

HTTP Request

GET https://www.clarity.ms/tag/h4p7g35xmb?ref=gtm2

HTTP Response

200

HTTP Request

GET https://www.clarity.ms/s/0.7.44/clarity.js

HTTP Response

200
176.9.175.232:443

https://www.thinksuggest.org/simple/suggest-min-unpacked.js

tls, http

msedge.exe

2.7kB
57.8kB
33
53

HTTP Request

GET https://www.thinksuggest.org/simple/suggest-min-unpacked.js

HTTP Response

200
104.26.13.205:443

https://api.ipify.org/?format=jsonp&callback=getIP

tls, http2

msedge.exe

2.0kB
4.1kB
21
21

HTTP Request

GET https://api.ipify.org/?format=jsonp&callback=getIP

HTTP Response

200
176.9.175.232:443

api.thinksuggest.org

tls

msedge.exe

1.1kB
4.4kB
10
12
172.217.20.194:443

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20240814&st=env

tls, http2

msedge.exe

2.4kB
19.4kB
27
28

HTTP Request

GET https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20240814&st=env
13.74.129.1:443

c.clarity.ms

tls

msedge.exe

2.0kB
8.1kB
15
16
204.79.197.237:443

https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B4F8D75815D142B1813EEB2F3277585E&RedC=c.clarity.ms&MXFR=10C9AE5D84CA60F53C09BA8280CA6E8D

tls, http2

msedge.exe

2.4kB
9.5kB
15
20

HTTP Request

GET https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B4F8D75815D142B1813EEB2F3277585E&RedC=c.clarity.ms&MXFR=10C9AE5D84CA60F53C09BA8280CA6E8D

HTTP Response

302
216.58.215.33:443

https://ep2.adtrafficquality.google/sodar/sodar2.js

tls, http2

msedge.exe

2.2kB
13.2kB
24
24

HTTP Request

GET https://ep2.adtrafficquality.google/sodar/sodar2.js
142.250.179.97:443

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

tls, http2

msedge.exe

2.2kB
11.4kB
22
22

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
51.8.64.151:443

h.clarity.ms

tls

msedge.exe

2.5kB
6.5kB
14
14
51.8.64.151:443

h.clarity.ms

tls

msedge.exe

2.1kB
6.5kB
13
14
51.8.64.151:443

h.clarity.ms

tls

msedge.exe

2.0kB
6.5kB
13
14
51.8.64.151:443

h.clarity.ms

tls

msedge.exe

2.0kB
6.5kB
13
14
51.8.64.151:443

h.clarity.ms

tls

msedge.exe

2.0kB
6.4kB
12
13
51.8.64.151:443

h.clarity.ms

tls

msedge.exe

2.1kB
6.5kB
13
14

8.8.8.8:53

linkvertise.com

dns

msedge.exe

721 B
1.5kB
11
11

DNS Request

linkvertise.com

DNS Response

104.22.23.72

104.22.22.72

172.67.31.186

DNS Request

linkvertise.com

DNS Response

172.67.31.186

104.22.22.72

104.22.23.72

DNS Request

apps.identrust.com

DNS Response

2.18.190.80

2.18.190.81

DNS Request

cdn.exmarketplace.com

DNS Response

95.110.206.108

95.110.204.9

DNS Request

use.typekit.net

DNS Response

23.59.171.25

23.59.171.11

DNS Request

136.32.126.40.in-addr.arpa

DNS Request

pagead2.googlesyndication.com

DNS Response

142.250.74.226

DNS Request

api.ipify.org

DNS Response

104.26.13.205

172.67.74.152

104.26.12.205

DNS Request

64.246.107.13.in-addr.arpa

DNS Request

www.google.com

DNS Response

172.217.20.196

DNS Request

ctldl.windowsupdate.com

DNS Response

92.123.143.240

92.123.140.25
8.8.8.8:53

cdnjs.cloudflare.com

dns

msedge.exe

551 B
1.2kB
8
8

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14

DNS Request

186.31.67.172.in-addr.arpa

DNS Request

api.bing.com

DNS Response

13.107.5.80

DNS Request

168.214.58.216.in-addr.arpa

DNS Request

c.clarity.ms

DNS Response

13.74.129.1

DNS Request

33.215.58.216.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Request

self.events.data.microsoft.com

DNS Response

20.189.173.11

DNS Response

20.189.173.11
8.8.8.8:53

maxst.icons8.com

dns

msedge.exe

416 B
800 B
6
6

DNS Request

maxst.icons8.com

DNS Response

84.17.50.9

89.187.167.39

DNS Request

162.20.217.172.in-addr.arpa

DNS Request

www.google.com

DNS Response

172.217.20.196

DNS Request

20.244.100.95.in-addr.arpa

DNS Request

237.197.79.204.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.227.11
8.8.8.8:53

p.typekit.net

dns

msedge.exe

413 B
758 B
6
6

DNS Request

p.typekit.net

DNS Response

23.59.171.26

23.59.171.9

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

lnk.thinksuggest.org

DNS Response

176.9.175.232

DNS Request

72.22.22.104.in-addr.arpa

DNS Request

ep2.adtrafficquality.google

DNS Response

216.58.215.33

DNS Request

151.64.8.51.in-addr.arpa
8.8.8.8:53

stackpath.bootstrapcdn.com

dns

msedge.exe

484 B
814 B
7
7

DNS Request

stackpath.bootstrapcdn.com

DNS Response

104.18.10.207

104.18.11.207

DNS Request

80.190.18.2.in-addr.arpa

DNS Request

publisher.linkvertise.com

DNS Response

104.22.22.72

172.67.31.186

104.22.23.72

DNS Request

www.google-analytics.com

DNS Response

142.250.75.238

DNS Request

ep1.adtrafficquality.google

DNS Response

172.217.20.194

DNS Request

1.129.74.13.in-addr.arpa

DNS Request

h.clarity.ms

DNS Response

51.8.64.151
8.8.8.8:53

js.chargebee.com

dns

msedge.exe

528 B
958 B
8
8

DNS Request

js.chargebee.com

DNS Response

18.244.179.17

18.244.179.83

18.244.179.5

18.244.179.57

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

contextual.media.net

DNS Response

95.100.244.20

DNS Request

api.thinksuggest.org

DNS Response

176.9.175.232

DNS Request

205.13.26.104.in-addr.arpa

DNS Request

238.75.250.142.in-addr.arpa

DNS Request

h.clarity.ms

DNS Request

h.clarity.ms

DNS Response

51.8.64.151

DNS Response

51.8.64.151
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

348 B
643 B
5
5

DNS Request

14.25.17.104.in-addr.arpa

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.20.162

DNS Request

226.74.250.142.in-addr.arpa

DNS Request

194.20.217.172.in-addr.arpa

DNS Request

h.clarity.ms

DNS Response

51.8.64.151
8.8.8.8:53

108.206.110.95.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

108.206.110.95.in-addr.arpa
8.8.8.8:53

25.171.59.23.in-addr.arpa

dns

418 B
740 B
6
5

DNS Request

25.171.59.23.in-addr.arpa

DNS Request

www.clarity.ms

DNS Response

13.107.246.64

DNS Request

80.5.107.13.in-addr.arpa

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.179.97

DNS Request

240.143.123.92.in-addr.arpa

DNS Request

240.143.123.92.in-addr.arpa
8.8.8.8:53

26.171.59.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

26.171.59.23.in-addr.arpa
8.8.8.8:53

207.10.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

207.10.18.104.in-addr.arpa
8.8.8.8:53

17.179.244.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

17.179.244.18.in-addr.arpa
8.8.8.8:53

9.50.17.84.in-addr.arpa

dns

69 B
106 B
1
1

DNS Request

9.50.17.84.in-addr.arpa
8.8.8.8:53

79.140.162.3.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

79.140.162.3.in-addr.arpa
142.250.179.97:443

tpc.googlesyndication.com

https

msedge.exe

3.7kB
6.2kB
9
8
224.0.0.251:5353

msedge.exe

452 B
7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e539d8d89c5ed5d4f444a8d81dcd1f0f

SHA1
5ce2fb217db262fca953e94ba74fc303915c71c9

SHA256
f9e5f0dd2a8183fa39c5dd11c4392091c2872310159cf7eb030d7778d50eb743

SHA512
6ecd63a46f044fe5955308ee2afc81f9413124ee7ddd1e04a7992d26a88e3772b6ccdcd3dec857d26c77dcbfbb4124b00c79d39b80dab9b6b8e30717fe3f1a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a3b1ca83e1d4fee31b3054ebfe5a0723

SHA1
cfec2c628cec4356f4662ac05aa91fa220b3aca7

SHA256
7fb9776f762af704517dddb12471d6300d81b928959b04a8c4c87c14ef269cc7

SHA512
bd1225dd51dd1ad038356538ebf3a4eb1c5816a50e6fc240d43f7db33e86e4a0c1bb03851c97411f8d02bde566070298e34b4279992765f06db7137cb78df8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a965852ceb2494e6334c920cb4d661bb

SHA1
7a40d4e7e333a71918353a7fb623cb15af8c4b68

SHA256
af3cc35210e3d84e83d04a492a1b218a427c7b71fd7cc2d74c12cc4c7be0d918

SHA512
080793db6a27c3d5497a26c16345d986d5f4af74dfa958a4eacf1cb93db4ed97e0a3a2aff690b4d8b20d97cbb600743122170fc8ebb92068ca79c9c321643a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6667993b49f2a4da4d94cee298335b0

SHA1
dfc3a8545b7795f0c52af860c0e34c3ea86855d5

SHA256
6d5fee945b5216a07e9237efc81c7828397e256b05d2975123eaa329fcc9dd2b

SHA512
ed03053d857a18d5e2d834a91f28c0dd32ffb7339495f45db6e394186f8e00780bc0f9270b3fa8c220d19d6c0890e066bd88841626e1c6e3967a1021258c6259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b41bba748ee70a27fcc7def66872590f

SHA1
865d18e5a3dff1caf21fe01a5ff1949d0ab67168

SHA256
96f18cdd7167b1098db4061ab7b6bd8fc0a4c5598ada121c301eef5b197513fa

SHA512
8a9808d3795e73a7091219f68d798edee87b282fc11eb590da6d8ec5be4c52ff627276abcfe894bb695d077eabcd498b374acfeb258f94cbb70e3af6a2cac664

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

DNS Request

DNS Response