hxxp://1u2s3r4[.]3utilities[.]com/

Resubmissions

20/08/2024, 19:24 UTC

240820-x4wfyashnr 5

20/08/2024, 19:20 UTC

240820-x2ds4ssgnl 3

Analysis

max time kernel
117s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 19:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://1u2s3r4.3utilities.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686552528001406"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 1336	1896	chrome.exe	84
PID 1896 wrote to memory of 1336	1896	chrome.exe	84
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 4732	1896	chrome.exe	85
PID 1896 wrote to memory of 2948	1896	chrome.exe	86
PID 1896 wrote to memory of 2948	1896	chrome.exe	86
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87
PID 1896 wrote to memory of 2360	1896	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://1u2s3r4.3utilities.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffca88dcc40,0x7ffca88dcc4c,0x7ffca88dcc58
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3020,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3444,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4416,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,10961637672929082255,392735261904694849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:1624

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4544

Network

DNS

1u2s3r4.3utilities.com

chrome.exe

Remote address:

8.8.8.8:53

Request

1u2s3r4.3utilities.com

IN A

Response

1u2s3r4.3utilities.com

IN A

34.199.8.144
GET

http://1u2s3r4.3utilities.com/

chrome.exe

Remote address:

34.199.8.144:80

Request

GET / HTTP/1.1
Host: 1u2s3r4.3utilities.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Date: Tue, 20 Aug 2024 19:20:49 GMT
Server: Apache
Location: https://pixelpulser.ru/xXSRw/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

74.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.213.58.216.in-addr.arpa

IN PTR

Response

74.213.58.216.in-addr.arpa

IN PTR

par21s18-in-f101e100net

74.213.58.216.in-addr.arpa

IN PTR

lhr25s01-in-f74�H

74.213.58.216.in-addr.arpa

IN PTR

lhr25s01-in-f10�H
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

144.8.199.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.8.199.34.in-addr.arpa

IN PTR

Response

144.8.199.34.in-addr.arpa

IN PTR

ec2-34-199-8-144 compute-1 amazonawscom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=16E2ECA99E716ADB0DC9F8489F916B25; domain=.bing.com; expires=Sun, 14-Sep-2025 19:20:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EA6F8AE8B8ED4D6D99E4F00424A3D5E7 Ref B: LON04EDGE1213 Ref C: 2024-08-20T19:20:49Z
date: Tue, 20 Aug 2024 19:20:49 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=16E2ECA99E716ADB0DC9F8489F916B25

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=m3Su3lUnmVd5QIAGgH-En7kY1AQ3K9fFCysUYLrLv28; domain=.bing.com; expires=Sun, 14-Sep-2025 19:20:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 26A71BB93C2743BB862C9E5BD05ABE11 Ref B: LON04EDGE1213 Ref C: 2024-08-20T19:20:49Z
date: Tue, 20 Aug 2024 19:20:49 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=16E2ECA99E716ADB0DC9F8489F916B25; MSPTC=m3Su3lUnmVd5QIAGgH-En7kY1AQ3K9fFCysUYLrLv28

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19DC9329DCDD46D68C83241A90085B5C Ref B: LON04EDGE1213 Ref C: 2024-08-20T19:20:49Z
date: Tue, 20 Aug 2024 19:20:49 GMT
DNS

1.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.181.190.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

45.19.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.19.74.20.in-addr.arpa

IN PTR

Response
DNS

pixelpulser.ru

chrome.exe

Remote address:

8.8.8.8:53

Request

pixelpulser.ru

IN A

Response

pixelpulser.ru

IN A

104.21.59.31

pixelpulser.ru

IN A

172.67.211.238
GET

https://pixelpulser.ru/xXSRw/

chrome.exe

Remote address:

104.21.59.31:443

Request

GET /xXSRw/ HTTP/2.0
host: pixelpulser.ru
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:20:49 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.33
access-control-allow-origin: *
set-cookie: PHPSESSID=t44hpi8nh7oac5bf0jj9g0c8ik; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6WKFmPN%2B7l03BcHBM4LPa5kiiLEpa1aWwZrDOyt2MCByZopfoJVfWIIsxby6GX%2F%2BFJvpWQoinPBknyELZXdiNZC3O%2BM%2BceIiv1Dkk44RzEaCX%2FVZJlnMc2DTi%2B6VEvHkrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b64be302c4463ef-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
GET

https://pixelpulser.ru/favicon.ico

chrome.exe

Remote address:

104.21.59.31:443

Request

GET /favicon.ico HTTP/2.0
host: pixelpulser.ru
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/xXSRw/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: PHPSESSID=t44hpi8nh7oac5bf0jj9g0c8ik

Response

HTTP/2.0 404

date: Tue, 20 Aug 2024 19:20:52 GMT
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b64be3e888763ef-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
DNS

challenges.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

challenges.cloudflare.com

IN A

Response

challenges.cloudflare.com

IN A

104.18.95.41

challenges.cloudflare.com

IN A

104.18.94.41
GET

https://challenges.cloudflare.com/turnstile/v0/api.js

chrome.exe

Remote address:

104.18.95.41:443

Request

GET /turnstile/v0/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Tue, 20 Aug 2024 19:20:50 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/6790c32b9fc9/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b64be33296371b6-LHR
alt-svc: h3=":443"; ma=86400
GET

https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js

chrome.exe

Remote address:

104.18.95.41:443

Request

GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:20:51 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 15 Aug 2024 16:28:23 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b64be36fe1871b6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR
DNS

31.59.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.59.21.104.in-addr.arpa

IN PTR

Response
DNS

41.95.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.95.18.104.in-addr.arpa

IN PTR

Response
GET

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5vk2x/0x4AAAAAAAfmo9WpY8wiowBA/auto/fbE/normal/auto/

chrome.exe

Remote address:

104.18.95.41:443

Request

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5vk2x/0x4AAAAAAAfmo9WpY8wiowBA/auto/fbE/normal/auto/ HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:20:52 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8b64be3dcf4c954b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b64be3dcf4c954b&lang=auto

chrome.exe

Remote address:

104.18.95.41:443

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b64be3dcf4c954b&lang=auto HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5vk2x/0x4AAAAAAAfmo9WpY8wiowBA/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:20:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8b64be3e2801954b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/nbsskix%2B8rvzsiTuOH9u%2FM8iwY0%2FCXzUM0bUXyT0s6k%3D

chrome.exe

Remote address:

104.18.95.41:443

Request

GET /cdn-cgi/challenge-platform/h/b/cmg/1/nbsskix%2B8rvzsiTuOH9u%2FM8iwY0%2FCXzUM0bUXyT0s6k%3D HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5vk2x/0x4AAAAAAAfmo9WpY8wiowBA/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:20:52 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8b64be3e2803954b-LHR
alt-svc: h3=":443"; ma=86400
DNS

a.nel.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
OPTIONS

https://a.nel.cloudflare.com/report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D

chrome.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://pixelpulser.ru
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://a.nel.cloudflare.com/report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D

chrome.exe

Remote address:

35.190.80.1:443

Request

POST /report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
content-length: 416
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

cdnjs.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

cdnjs.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A
GET

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

chrome.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:21:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 14107
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-bb78"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 507032
expires: Sun, 10 Aug 2025 19:21:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FQXPusItQdv7jGerVewdT0S1SVisSuv3gjGf%2FtcxLvy4adW3yHRUcmVddeDvo2uGMzVnmT2pZ%2FA3nP7t476OVxdgM049LFilACpkVKhRSX6b1MkPYqEwda5SbDpq%2BmLdzzU4akaw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8b64beb26f8fbeff-LHR
alt-svc: h3=":443"; ma=86400
DNS

fusionflux.ru

chrome.exe

Remote address:

8.8.8.8:53

Request

fusionflux.ru

IN A

Response

fusionflux.ru

IN A

172.67.206.49

fusionflux.ru

IN A

104.21.85.134
POST

https://fusionflux.ru//

chrome.exe

Remote address:

172.67.206.49:443

Request

POST // HTTP/2.0
host: fusionflux.ru
content-length: 22
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://pixelpulser.ru
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:21:11 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.33
access-control-allow-origin: *
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwhnctvUIVkoAQyWFEqUkiAI9bZ5L83Pp%2FVQHKjaI%2FWEmDUB2rQqCC337QE%2FlDxZVMxPoErPRin1culRGRpCxmq0Xpgak5a1piAatdbk1XCQP3vV2yoaMSKHn7ojkpza"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b64beb61c3963ca-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
POST

https://fusionflux.ru//

chrome.exe

Remote address:

172.67.206.49:443

Request

POST // HTTP/2.0
host: fusionflux.ru
content-length: 22
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://pixelpulser.ru
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:21:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.33
access-control-allow-origin: *
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGufZg2B5%2F9GQgPiv7q53WMVMlp9fB2S4BBvh5OR%2FxWn3%2F8Xcg0ZwymYAuK6DJvITH55TxdpzEbHjE%2F%2BtpZ6abdKXfErn9ANU6Xh28VlvlNleTg%2BcHceTpSS84%2BjA4PD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b64bed82f1663ca-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
DNS

cdn.jsdelivr.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.193.229

jsdelivr.map.fastly.net

IN A

151.101.129.229
DNS

code.jquery.com

chrome.exe

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.66.137
DNS

stackpath.bootstrapcdn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

stackpath.bootstrapcdn.com

IN A

Response

stackpath.bootstrapcdn.com

IN A

104.18.11.207

stackpath.bootstrapcdn.com

IN A

104.18.10.207
DNS

th.bing.com

chrome.exe

Remote address:

8.8.8.8:53

Request

th.bing.com

IN A

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

92.123.142.91

e86303.dscx.akamaiedge.net

IN A

92.123.142.82

e86303.dscx.akamaiedge.net

IN A

92.123.142.75

e86303.dscx.akamaiedge.net

IN A

92.123.142.98

e86303.dscx.akamaiedge.net

IN A

92.123.142.88

e86303.dscx.akamaiedge.net

IN A

92.123.142.104

e86303.dscx.akamaiedge.net

IN A

92.123.142.74

e86303.dscx.akamaiedge.net

IN A

92.123.142.187

e86303.dscx.akamaiedge.net

IN A

92.123.142.105
GET

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

chrome.exe

Remote address:

151.101.65.229:443

Request

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://pixelpulser.ru
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Tue, 20 Aug 2024 19:21:11 GMT
age: 1868308
x-served-by: cache-fra-eddf8230097-FRA, cache-lcy-eglc8600078-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
GET

https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.2/dist/umd/popper.min.js

chrome.exe

Remote address:

151.101.65.229:443

Request

GET /npm/@popperjs/core@2.5.2/dist/umd/popper.min.js HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.2
x-jsd-version-type: version
etag: W/"4785-1nNOLfRgVlbAQdjbsczfWaJjx/0"
content-encoding: br
accept-ranges: bytes
date: Tue, 20 Aug 2024 19:21:11 GMT
age: 2057685
x-served-by: cache-fra-eddf8230131-FRA, cache-lcy-eglc8600080-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6661
GET

https://code.jquery.com/jquery-3.5.1.slim.min.js

chrome.exe

Remote address:

151.101.194.137:443

Request

GET /jquery-3.5.1.slim.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-11abc"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 20 Aug 2024 19:21:11 GMT
age: 1247409
x-served-by: cache-lga21954-LGA, cache-lcy-eglc8600051-LCY
x-cache: HIT, HIT
x-cache-hits: 29, 9361
x-timer: S1724181672.894810,VS0,VE0
vary: Accept-Encoding
content-length: 24606
GET

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

chrome.exe

Remote address:

104.18.11.207:443

Request

GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/2.0
host: stackpath.bootstrapcdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 20 Aug 2024 19:21:11 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"02d223393e00c273efdcb1ade8f4f8b1"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 10/31/2023 19:31:53
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 947
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 8b127cc899012611a2abadfd14a30bb1
cdn-cache: HIT
cf-cache-status: HIT
age: 23041771
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8b64beb95d3693e3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://th.bing.com/th/id/OIP.BRaFOCd9aLJi8RjLI1z4_wHaFj

chrome.exe

Remote address:

92.123.142.91:443

Request

GET /th/id/OIP.BRaFOCd9aLJi8RjLI1z4_wHaFj HTTP/2.0
host: th.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 22325
x-check-cacheable: YES
cache-control: public, max-age=1106955
date: Tue, 20 Aug 2024 19:21:12 GMT
x-cache: TCP_MISS from a92-123-142-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.4c8e7b5c.1724181672.5fbf1eb
GET

https://th.bing.com/th/id/OIP.J4WQfobHfzFLHK5qrudwywHaEK

chrome.exe

Remote address:

92.123.142.91:443

Request

GET /th/id/OIP.J4WQfobHfzFLHK5qrudwywHaEK HTTP/2.0
host: th.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 25502
x-check-cacheable: YES
cache-control: public, max-age=514208
date: Tue, 20 Aug 2024 19:21:12 GMT
x-cache: TCP_MISS from a92-123-142-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.4c8e7b5c.1724181672.5fbf1ec
GET

https://th.bing.com/th/id/OIP.suXt2q1gngqTGO7Iu2f1ZAHaEK

chrome.exe

Remote address:

92.123.142.91:443

Request

GET /th/id/OIP.suXt2q1gngqTGO7Iu2f1ZAHaEK HTTP/2.0
host: th.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 23778
cache-control: public, max-age=1209592
date: Tue, 20 Aug 2024 19:21:12 GMT
x-cache: TCP_MISS from a92-123-142-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.4c8e7b5c.1724181672.5fbf1ea
x-check-cacheable: YES
GET

https://th.bing.com/th/id/OIP.9DEubHlVq0cgZKIAvRFcGgHaEK

chrome.exe

Remote address:

92.123.142.91:443

Request

GET /th/id/OIP.9DEubHlVq0cgZKIAvRFcGgHaEK HTTP/2.0
host: th.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 22430
x-check-cacheable: YES
cache-control: public, max-age=1106945
date: Tue, 20 Aug 2024 19:21:12 GMT
x-cache: TCP_MISS from a92-123-142-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.4c8e7b5c.1724181672.5fbf1e9
GET

https://th.bing.com/th/id/OIP.SHq-YEGCZlHktxcugvD4qwHaFj

chrome.exe

Remote address:

92.123.142.91:443

Request

GET /th/id/OIP.SHq-YEGCZlHktxcugvD4qwHaFj HTTP/2.0
host: th.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 17447
x-check-cacheable: YES
cache-control: public, max-age=943622
date: Tue, 20 Aug 2024 19:21:17 GMT
x-cache: TCP_MISS from a92-123-142-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.4c8e7b5c.1724181677.5fc035d
GET

https://th.bing.com/th/id/OIP.HJ-f88KGK2u68wezhwNBSQHaE7

chrome.exe

Remote address:

92.123.142.91:443

Request

GET /th/id/OIP.HJ-f88KGK2u68wezhwNBSQHaE7 HTTP/2.0
host: th.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pixelpulser.ru/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 26527
x-check-cacheable: YES
cache-control: public, max-age=514217
date: Tue, 20 Aug 2024 19:21:17 GMT
x-cache: TCP_MISS from a92-123-142-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.4c8e7b5c.1724181677.5fc035c
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

49.206.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.206.67.172.in-addr.arpa

IN PTR

Response
DNS

229.65.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.65.101.151.in-addr.arpa

IN PTR

Response
DNS

137.194.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.194.101.151.in-addr.arpa

IN PTR

Response
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR

Response
DNS

91.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.142.123.92.in-addr.arpa

IN PTR

Response

91.142.123.92.in-addr.arpa

IN PTR

a92-123-142-91deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR

Response

147.142.123.92.in-addr.arpa

IN PTR

a92-123-142-147deploystaticakamaitechnologiescom
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 675736
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CDE3BC5DC9AB44D4B879F71E44EDF7CA Ref B: LON04EDGE0809 Ref C: 2024-08-20T19:22:27Z
date: Tue, 20 Aug 2024 19:22:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388057_1GGG85785BK7BP6Y7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388057_1GGG85785BK7BP6Y7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 575578
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D0C360F742E424981B3ED17EB7BCC67 Ref B: LON04EDGE0809 Ref C: 2024-08-20T19:22:27Z
date: Tue, 20 Aug 2024 19:22:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 589683
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0520A885F9CA42DBAE792A4340D76833 Ref B: LON04EDGE0809 Ref C: 2024-08-20T19:22:27Z
date: Tue, 20 Aug 2024 19:22:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388056_1O9WMGQV7BVEGHO4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388056_1O9WMGQV7BVEGHO4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 845518
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F0C6F71AE2E4981A5AF60F4637AC12B Ref B: LON04EDGE0809 Ref C: 2024-08-20T19:22:27Z
date: Tue, 20 Aug 2024 19:22:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 468734
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7FF21899FF6449C9AFCDC161798E32FC Ref B: LON04EDGE0809 Ref C: 2024-08-20T19:22:27Z
date: Tue, 20 Aug 2024 19:22:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 468841
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 020F1D655E16457596324CCEF510F51F Ref B: LON04EDGE0809 Ref C: 2024-08-20T19:22:28Z
date: Tue, 20 Aug 2024 19:22:27 GMT

34.199.8.144:80

1u2s3r4.3utilities.com

chrome.exe

242 B
184 B
5
4
34.199.8.144:80

http://1u2s3r4.3utilities.com/

http

chrome.exe

713 B
428 B
6
5

HTTP Request

GET http://1u2s3r4.3utilities.com/

HTTP Response

302
34.199.8.144:443

1u2s3r4.3utilities.com

chrome.exe

260 B
200 B
5
5
34.199.8.144:443

1u2s3r4.3utilities.com

chrome.exe

260 B
160 B
5
4
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

tls, http2

2.1kB
9.2kB
22
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b77c2fd4ec7f47ad880120a47cf4b180&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

HTTP Response

204
104.21.59.31:443

https://pixelpulser.ru/favicon.ico

tls, http2

chrome.exe

2.1kB
6.5kB
16
16

HTTP Request

GET https://pixelpulser.ru/xXSRw/

HTTP Response

200

HTTP Request

GET https://pixelpulser.ru/favicon.ico

HTTP Response

404
104.18.95.41:443

https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js

tls, http2

chrome.exe

3.4kB
21.1kB
29
27

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/api.js

HTTP Response

302

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js

HTTP Response

200
104.18.95.41:443

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/nbsskix%2B8rvzsiTuOH9u%2FM8iwY0%2FCXzUM0bUXyT0s6k%3D

tls, http2

chrome.exe

4.1kB
72.7kB
52
78

HTTP Request

GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5vk2x/0x4AAAAAAAfmo9WpY8wiowBA/auto/fbE/normal/auto/

HTTP Response

200

HTTP Request

GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b64be3dcf4c954b&lang=auto

HTTP Request

GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/nbsskix%2B8rvzsiTuOH9u%2FM8iwY0%2FCXzUM0bUXyT0s6k%3D

HTTP Response

200

HTTP Response

200
35.190.80.1:443

https://a.nel.cloudflare.com/report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D

tls, http2

chrome.exe

3.8kB
4.8kB
19
18

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D

HTTP Request

POST https://a.nel.cloudflare.com/report/v4?s=zyJeAiq13hubjiSoxQnkyE6yjPJGrH4DN6XxaPWxlSIndvdphODe9zwA1XFZqbeURZdXe43xN%2FMFlummtRJ8Q5RadA7aX73ENnY5Wia%2BJO532I5%2BSBSr6zH%2BcveWxwO9TQ%3D%3D
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

tls, http2

chrome.exe

2.3kB
19.1kB
25
26

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

HTTP Response

200
172.67.206.49:443

https://fusionflux.ru//

tls, http2

chrome.exe

2.5kB
19.0kB
26
33

HTTP Request

POST https://fusionflux.ru//

HTTP Response

200

HTTP Request

POST https://fusionflux.ru//

HTTP Response

200
151.101.65.229:443

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

tls, http2

chrome.exe

2.7kB
32.8kB
33
34

HTTP Request

GET https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

HTTP Response

200
151.101.65.229:443

https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.2/dist/umd/popper.min.js

tls, http2

chrome.exe

2.1kB
13.8kB
19
21

HTTP Request

GET https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.2/dist/umd/popper.min.js

HTTP Response

200
151.101.194.137:443

https://code.jquery.com/jquery-3.5.1.slim.min.js

tls, http2

chrome.exe

2.8kB
30.7kB
30
32

HTTP Request

GET https://code.jquery.com/jquery-3.5.1.slim.min.js

HTTP Response

200
104.18.11.207:443

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

tls, http2

chrome.exe

2.3kB
22.6kB
24
26

HTTP Request

GET https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

HTTP Response

200
92.123.142.91:443

https://th.bing.com/th/id/OIP.HJ-f88KGK2u68wezhwNBSQHaE7

tls, http2

chrome.exe

7.8kB
151.5kB
109
121

HTTP Request

GET https://th.bing.com/th/id/OIP.BRaFOCd9aLJi8RjLI1z4_wHaFj

HTTP Request

GET https://th.bing.com/th/id/OIP.J4WQfobHfzFLHK5qrudwywHaEK

HTTP Request

GET https://th.bing.com/th/id/OIP.suXt2q1gngqTGO7Iu2f1ZAHaEK

HTTP Request

GET https://th.bing.com/th/id/OIP.9DEubHlVq0cgZKIAvRFcGgHaEK

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://th.bing.com/th/id/OIP.SHq-YEGCZlHktxcugvD4qwHaFj

HTTP Request

GET https://th.bing.com/th/id/OIP.HJ-f88KGK2u68wezhwNBSQHaE7

HTTP Response

200

HTTP Response

200
92.123.142.91:443

th.bing.com

tls

chrome.exe

1.5kB
1.6kB
8
4
92.123.142.91:443

th.bing.com

tls

chrome.exe

1.4kB
1.6kB
8
4
92.123.142.91:443

th.bing.com

tls

chrome.exe

931 B
4.3kB
8
7
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

131.2kB
3.8MB
2733
2728

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388057_1GGG85785BK7BP6Y7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388056_1O9WMGQV7BVEGHO4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

1u2s3r4.3utilities.com

dns

chrome.exe

68 B
84 B
1
1

DNS Request

1u2s3r4.3utilities.com

DNS Response

34.199.8.144
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

74.213.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.213.58.216.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

144.8.199.34.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

144.8.199.34.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

1.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

1.181.190.20.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

45.19.74.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

45.19.74.20.in-addr.arpa
8.8.8.8:53

pixelpulser.ru

dns

chrome.exe

60 B
92 B
1
1

DNS Request

pixelpulser.ru

DNS Response

104.21.59.31

172.67.211.238
8.8.8.8:53

challenges.cloudflare.com

dns

chrome.exe

71 B
103 B
1
1

DNS Request

challenges.cloudflare.com

DNS Response

104.18.95.41

104.18.94.41
104.18.95.41:443

challenges.cloudflare.com

https

chrome.exe

1.8kB
5.4kB
7
9
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

154.239.44.20.in-addr.arpa

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

31.59.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

31.59.21.104.in-addr.arpa
8.8.8.8:53

41.95.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

41.95.18.104.in-addr.arpa
104.18.95.41:443

challenges.cloudflare.com

https

chrome.exe

81.4kB
154.1kB
120
151
104.21.59.31:443

pixelpulser.ru

https

chrome.exe

5.8kB
16.0kB
18
24
8.8.8.8:53

a.nel.cloudflare.com

dns

chrome.exe

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
35.190.80.1:443

a.nel.cloudflare.com

https

chrome.exe

1.6kB
3.9kB
4
6
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

cdnjs.cloudflare.com

dns

chrome.exe

132 B
98 B
2
1

DNS Request

cdnjs.cloudflare.com

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

fusionflux.ru

dns

chrome.exe

59 B
91 B
1
1

DNS Request

fusionflux.ru

DNS Response

172.67.206.49

104.21.85.134
8.8.8.8:53

cdn.jsdelivr.net

dns

chrome.exe

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.65.229

151.101.1.229

151.101.193.229

151.101.129.229
8.8.8.8:53

code.jquery.com

dns

chrome.exe

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.194.137

151.101.2.137

151.101.130.137

151.101.66.137
8.8.8.8:53

stackpath.bootstrapcdn.com

dns

chrome.exe

72 B
104 B
1
1

DNS Request

stackpath.bootstrapcdn.com

DNS Response

104.18.11.207

104.18.10.207
8.8.8.8:53

th.bing.com

dns

chrome.exe

57 B
318 B
1
1

DNS Request

th.bing.com

DNS Response

92.123.142.91

92.123.142.82

92.123.142.75

92.123.142.98

92.123.142.88

92.123.142.104

92.123.142.74

92.123.142.187

92.123.142.105
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

49.206.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

49.206.67.172.in-addr.arpa
8.8.8.8:53

229.65.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

229.65.101.151.in-addr.arpa
8.8.8.8:53

137.194.101.151.in-addr.arpa

dns

74 B
134 B
1
1

DNS Request

137.194.101.151.in-addr.arpa
8.8.8.8:53

207.11.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

207.11.18.104.in-addr.arpa
8.8.8.8:53

91.142.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

91.142.123.92.in-addr.arpa
104.17.25.14:443

cdnjs.cloudflare.com

https

chrome.exe

1.8kB
4.3kB
7
8
172.67.206.49:443

fusionflux.ru

https

chrome.exe

3.9kB
13.3kB
14
18
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
92.123.142.91:443

th.bing.com

https

chrome.exe

4.6kB
43.5kB
27
45
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

147.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

147.142.123.92.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d258b2ece3bc0068e0e94da5c63d1ee3

SHA1
26000800836a35818f81a1f5e9eb525bac532048

SHA256
8bf036666df0c71da6eb3b87a3b834aed7a0552a9e59e5a4e0100035dc5c1b76

SHA512
581c9e59b9b8f8d95ae40a63e38338074903c769cc2c404a9d56fb317846d320541c93b074bbc9d658a2e0d9a6df468f99ad2130a1030a2756700515524f59ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
926f54b58dc63140b66659c4436d8b8b

SHA1
ce6496bf2118a26ea5b5e9ca6f5c8ba637606e6a

SHA256
79fa779d08e87806d885647f91b31d0fdd1dfcd9778675f8d3a10a0360a5dcd8

SHA512
62a0d7dd7c5d944509b00a03c67811c2693706201181365dfaa1e231ff3de5e6a96562468b5429a9afd5ff60b55ab8d4362d4c2b9bc1e4b2a2c6bd9f2c04bc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
41fe0f0c8fae07ac933702c54e08f333

SHA1
018bc4b558241bb25e2e55437f29d9c721e4eacb

SHA256
3b25a70de8e07902e2ee30e49e7de802d414af2c4506ea7012c26521b720f17c

SHA512
89b371aeed71e3a907eea767b29560ba3c40880061a1e89e4d78e792c13b92f58c039b393276ed6508482118a0b09b79f88f6da687387e80553a4e2843a3a6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
51912492c4345c61ace287e542d09771

SHA1
3cf3fb4772283f09437dc4a58dfadfe2984e4e19

SHA256
eee5956dc826789fb418a07c738aceb91c34cd80273daeb6f2252a5f9c29c212

SHA512
aaf04ae9c10d001249c22fc2169d33562d6845dfcfa3c100e0ccf8058a4da7a42cd6a3e8612094f406b01385bd3f1602b4da2f92417ce878a5be2884a6d6d83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7113b3973e3ac838afb33c2e5fe60f7

SHA1
f8d8f537f9c3bdc89ce701bcfbd9a31094c83993

SHA256
486ce5fc317481294033eea585f960afa319bcc482029f9f387a43445bdab1fa

SHA512
18c28ddeab3af107dfe132807a497bde517bd20d5731319e05faed4b8b7ef26bd5c950fb8f810a9fd57923c39ed3f35c9835d3a2c71296b745e6c920d9cadbed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebc4a9fdc35ed5f85150465c10899b36

SHA1
2b45b634c43a5322dfb59d066a04ca4c9c23cc6c

SHA256
97ceab006e939ec5d59a9e949fa12e98e6da586f3621a3892736d91f5e9eabdb

SHA512
3792772cd30f60d2fc3b1304cca7413c3783ec23731f9b824ae498645f5e9b39b60b76a7c7d364470648746f1342df2878e1f269161df29b8a4f13ae424f7e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b1bb9db9dc2d187adeb022b577e1faf

SHA1
f1732fa3a5fe409ca5373617f6d737bbbec92c5f

SHA256
aacf0492d09c291965ff45c62b113c866ab840341add9385523ce35e921aba43

SHA512
0985ab548288f2c0d8a821247b527d31ab33edb5e4719aaf230229eb9cc03bf0a3f41d2d45ce662774392485c66c839532582ba9775809a7ed875d063b5b9197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f20d3d208813798fa25dfbb9d65f9f82

SHA1
2afeec6f0832c97a80869c2126346fa68975183d

SHA256
2d2a15523a56f62fe1e1d6e33a008b99a3cfb43d3a1389cf28dee391de2bdd58

SHA512
5d895d349c3b2bff853320a2c22bd75b846083dd659ede1cf3eeeb84199716c790447420b847df065c1afa5e46a75dfa1410b67f340614d93e3445653ecd758c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c71270aa071f87040546472be04a0c3a

SHA1
78c32b1b396bf1f2dea267e3f8ef63d7bf236f3d

SHA256
ce83ddb4cfc3bd8b6f0643fc1af230e7ddd94384d27367db89ceabdf484dbb74

SHA512
b46fa91204c7d87e4c588eb0e47ca0bb75187b5ecc9d6c93d2cc153296da43fbb806a07fcfa4e957772c768b96eae90255957eb339d7da21fd4a4a9a915c6fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b67a51438c368f65f8fe9a888295bc9

SHA1
250a00fccc6b102b9749515b6454d17151158f83

SHA256
473f9ae5a03be9ff0bdcfe9a7e404ae66bb7778896b42842e40d1e314aea93a2

SHA512
06d71b92f9f38f28db5ce43274126904a3b4a2af0ccbc1bcd84f06b064737e9e9e9d64d3d541eddbd719451d58ceaeeb87024d928ff9908f8d8a08a7391f96bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c631e72a0ce74837bd62cee043f74f0b

SHA1
47f79f17d746c5aa78ba01b3207670f516c19cb1

SHA256
c0c073e6ce8ad0fdb7026ab067c7e47064caa0ac2354e94c7ff00003c39115f9

SHA512
063ee721d3394183605cb3d36693606bba9e1c7ef4d976fd22fe2032c4d1172bbf2c7fa565395d83c805fb3539fd1e6e6b185c1e0c3dc6e96e53bbf869e9538d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a822e15e6c53a6dc5568effd8270b65

SHA1
005cb54b618376e0dd8823fbb3b93403152f96b8

SHA256
8d20f5e967fe1ec66c8f53f98f7e74e532eb92b406303d6808c3e950226046d6

SHA512
5f8cbba8048d5f855e4ba6caf6cbb9bcf9fe2317c27ec5e67bc506cd48e1742077f6a7dd33b95f61c9ddd4aa664ee03d37b70340a1dad376193b6a584b0b8fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ea5714efa244de4c6552479b2a402564

SHA1
0f7c78b89da4209a20bd4b24ee2f975c14371155

SHA256
80fed69fc39e37fab56596dee2b09553a481746d8d388f17153f6916c0189ad3

SHA512
b4ad66b64426051956f3f4f6fccd38ec651e94a52631508133a525f85981ba15a4db120243441dc7bcdb9c23dbf56f7df314d6d01366cc3944fe7a62b33d0178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3d7ed6f892b836bbfb5c0661c87266a5

SHA1
5e799f33292b7cce7b0e395cc745c54b7095a91c

SHA256
9fdb401f2114c8d2acd40e9411cf17aa939c9ec047f3279395572c8be75b77ad

SHA512
7d47a24215107ce6319a7e831de9b5bb00db29680a0f22f46f275b640306287d7d6780f822cee6d0153b4f8185830c9e33d79dd2d55d8c1d98a0cbdc085ea34a

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request