45edd71e909288d2b82502e5c5585804308a3f3a2ab83a2c625facbbfe5ea26c

Analysis

max time kernel
139s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 20:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f08293c9004608179848e633d15dc21f_JaffaCakes118.html
Size

31KB
MD5

f08293c9004608179848e633d15dc21f
SHA1

f124170d495feb79cad425458826d49b9b78e5f5
SHA256

45edd71e909288d2b82502e5c5585804308a3f3a2ab83a2c625facbbfe5ea26c
SHA512

1f575aaa6840e9b324740a4b318a9177ffd84198d065e9e55fa776fc01e98a2072e0aae78a12d9939bf6120e500e2760b368eb1cd120c117e866bca03bd461cf
SSDEEP

384:ANYyBIOeu/jZ0xLW6kUsQuIfM68jNK0YYK8X:4YyBIOeCmL5kUsQffMXRK+X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{9CF2A35A-FB76-46EC-A55A-44DD0CD21132}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
5004	msedge.exe
5004	msedge.exe
3192	msedge.exe
4344	msedge.exe
4344	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 2756	5004	msedge.exe	82
PID 5004 wrote to memory of 2756	5004	msedge.exe	82
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 1304	5004	msedge.exe	83
PID 5004 wrote to memory of 3440	5004	msedge.exe	84
PID 5004 wrote to memory of 3440	5004	msedge.exe	84
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85
PID 5004 wrote to memory of 2948	5004	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f08293c9004608179848e633d15dc21f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe26cb46f8,0x7ffe26cb4708,0x7ffe26cb4718
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10670409656277138799,16785332284202719097,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

Network

DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

static.follando-putas.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.follando-putas.com

IN A

Response
DNS

adspaces.ero-advertising.com

msedge.exe

Remote address:

8.8.8.8:53

Request

adspaces.ero-advertising.com

IN A

Response

adspaces.ero-advertising.com

IN CNAME

go.ero-advertising.com

go.ero-advertising.com

IN A

217.22.19.194

go.ero-advertising.com

IN A

217.22.19.199
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.187.234
GET

http://adspaces.ero-advertising.com/adspace/2036145.js

msedge.exe

Remote address:

217.22.19.194:80

Request

GET /adspace/2036145.js HTTP/1.1
Host: adspaces.ero-advertising.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 21 Sep 2024 20:02:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Mon, 03 Jul 2001 06:00:00 GMT
Last-Modified: Janon, 21 09 2024 20:02:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
Pragma: no-cache
X-Backend-Server: nl2-web-202
GET

http://ajax.googleapis.com/ajax/libs/mootools/1.4.2/mootools-yui-compressed.js

msedge.exe

Remote address:

142.250.187.234:80

Request

GET /ajax/libs/mootools/1.4.2/mootools-yui-compressed.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30618
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 21 Sep 2024 15:28:50 GMT
Expires: Sun, 21 Sep 2025 15:28:50 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 16416
DNS

c1.popads.net

msedge.exe

Remote address:

8.8.8.8:53

Request

c1.popads.net

IN A

Response

c1.popads.net

IN CNAME

1355769017.rsc.cdn77.org

1355769017.rsc.cdn77.org

IN A

89.187.167.38

1355769017.rsc.cdn77.org

IN A

84.17.50.9
DNS

adserver.juicyads.com

msedge.exe

Remote address:

8.8.8.8:53

Request

adserver.juicyads.com

IN A

Response

adserver.juicyads.com

IN A

185.94.236.247
GET

http://c1.popads.net/pop.js

msedge.exe

Remote address:

89.187.167.38:80

Request

GET /pop.js HTTP/1.1
Host: c1.popads.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sat, 21 Sep 2024 20:02:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 12 Apr 2024 23:55:00 GMT
x-rgw-object-type: Normal
ETag: W/"7b2783017e67ffed08b6a75890d08fa5"
x-amz-meta-s3b-last-modified: 20240412T235421Z
x-amz-meta-sha256: 12c8d1b6fc8ec20692e38e7a15644fce9c093479264d78f835d01c23723ba990
x-amz-request-id: tx0000041e62e64d64820bd-0066869b54-642d530-prg
X-77-NZT: BFm7pyU3Nzf/c6wHALlMCgk3Nzf/1EEAAIrHJcQ3Nzf/80cFAG09Wg1iNe8A
X-77-NZT-Ray: 84cb522fbb99753e5326ef66a5fd8e07
Content-Encoding: gzip
X-Accel-Expires: @1727482556
X-Accel-Date: 1726446048
X-77-Cache: HIT
X-77-Age: 502899
Server: CDN77-Turbo
X-Accel-Date-Max: 1720460571
X-Cache: HIT
X-Age: 502899
X-77-POP: londonGB
GET

http://adserver.juicyads.com/adshow.php?adzone=437410

msedge.exe

Remote address:

185.94.236.247:80

Request

GET /adshow.php?adzone=437410 HTTP/1.1
Host: adserver.juicyads.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 21 Sep 2024 20:02:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=8cf4bbf0cbc53ba2714d5243969dfb8e; expires=Sun, 21-Sep-2025 20:02:27 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.juicyads.com
Set-Cookie: imps63225=1; expires=Sun, 22-Sep-2024 20:02:29 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.juicyads.com
Set-Cookie: juicy_data_1=YToxOntpOjE3Nzk3OTU7aToxNzI3MjA4MTQ3O30%3D; expires=Tue, 24-Sep-2024 20:02:27 GMT; Max-Age=259198; path=/; SameSite=None; Secure; domain=juicyads.com
Set-Cookie: juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Tue, 24-Sep-2024 20:02:27 GMT; Max-Age=259198; path=/; SameSite=None; Secure; domain=juicyads.com
Content-Encoding: gzip
GET

http://adserver.juicyads.com/adshow.php?adzone=437430

msedge.exe

Remote address:

185.94.236.247:80

Request

GET /adshow.php?adzone=437430 HTTP/1.1
Host: adserver.juicyads.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 21 Sep 2024 20:02:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
Content-Encoding: gzip
DNS

platform.twitter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

cs472.wac.edgecastcdn.net

cs472.wac.edgecastcdn.net

IN CNAME

cs1-apr-8315.wac.edgecastcdn.net

cs1-apr-8315.wac.edgecastcdn.net

IN CNAME

wac.apr-8315.edgecastdns.net

wac.apr-8315.edgecastdns.net

IN CNAME

cs1-lb-eu.8315.ecdns.net

cs1-lb-eu.8315.ecdns.net

IN CNAME

cs41.wac.edgecastcdn.net

cs41.wac.edgecastcdn.net

IN A

93.184.220.66
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.169.46
DNS

connect.facebook.net

msedge.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.231.1
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.200.46:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Sat, 21 Sep 2024 19:36:54 GMT
Expires: Sat, 21 Sep 2024 21:36:54 GMT
Cache-Control: public, max-age=7200
Age: 1533
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

http://connect.facebook.net/es_ES/all.js

msedge.exe

Remote address:

157.240.231.1:80

Request

GET /es_ES/all.js HTTP/1.1
Host: connect.facebook.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://connect.facebook.net/es_ES/all.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Sat, 21 Sep 2024 20:02:27 GMT
Connection: keep-alive
Content-Length: 0
DNS

c.adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

c.adsco.re

IN A

Response

c.adsco.re

IN A

104.17.167.186

c.adsco.re

IN A

104.17.166.186
GET

http://platform.twitter.com/widgets.js

msedge.exe

Remote address:

93.184.220.66:80

Request

GET /widgets.js HTTP/1.1
Host: platform.twitter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 466
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sat, 21 Sep 2024 20:02:27 GMT
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (lhd/358F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 27597
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

172.217.169.46:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.2ttuSS2XBQ8.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg/cb=gapi.loaded_0?le=scs

msedge.exe

Remote address:

172.217.169.46:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.2ttuSS2XBQ8.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.2ttuSS2XBQ8.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg/cb=gapi.loaded_1?le=scs

msedge.exe

Remote address:

172.217.169.46:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.2ttuSS2XBQ8.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

msedge.exe

Remote address:

172.217.169.46:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__ HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

msedge.exe

Remote address:

172.217.169.46:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__ HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=none&height=19&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

msedge.exe

Remote address:

172.217.169.46:443

Request

GET /u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=none&height=19&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__ HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://c.adsco.re/

msedge.exe

Remote address:

104.17.167.186:443

Request

GET / HTTP/2.0
host: c.adsco.re
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 103

link: <//6.adsco.re/>; as=fetch; crossorigin; rel=prefetch, <//4.adsco.re/>; as=fetch; crossorigin; rel=prefetch, <//adsco.re/>; rel=preconnect
POST

https://c.adsco.re/favicon.ico?type=log&code=1000&endpoint=adsco.re&path=p&timeout=1500

msedge.exe

Remote address:

104.17.167.186:443

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:02:27 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Tue, 22 Oct 2024 20:02:27 GMT
etag: W/"cOaB0SIHOpvD9wT7D5aoLQ=="
content-encoding: gzip
cf-cache-status: HIT
age: 6052271
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c6ca72a9a3845a1-LHR

Request

POST /favicon.ico?type=log&code=1000&endpoint=adsco.re&path=p&timeout=1500 HTTP/2.0
host: c.adsco.re
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://c.adsco.re/favicon.ico?type=log&code=1000&endpoint=162.252.214.4&path=p&timeout=1500

msedge.exe

Remote address:

104.17.167.186:443

Request

POST /favicon.ico?type=log&code=1000&endpoint=162.252.214.4&path=p&timeout=1500 HTTP/2.0
host: c.adsco.re
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 405

date: Sat, 21 Sep 2024 20:03:34 GMT
content-type: text/html
content-length: 0
etag: "6418694b-0"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8c6ca8cf6c6445a1-LHR
DNS

msedge.exe

Remote address:

104.17.167.186:443

Response

HTTP/2.0 405

date: Sat, 21 Sep 2024 20:03:34 GMT
content-type: text/html
content-length: 0
etag: "6418694b-0"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8c6ca8cfacb445a1-LHR
GET

https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js

msedge.exe

Remote address:

93.184.220.66:443

Request

GET /js/button.856debeac157d9669cf51e73a08fbc93.js HTTP/1.1
Host: platform.twitter.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 15612835
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sat, 21 Sep 2024 20:02:27 GMT
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (lhd/358C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2620
GET

https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.es.html

msedge.exe

Remote address:

93.184.220.66:443

Request

GET /widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.es.html HTTP/1.1
Host: platform.twitter.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 15612202
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 21 Sep 2024 20:02:27 GMT
Etag: "0ae78ad7962b8a86f4b6505d5460c5fd+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (lhd/358C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12686
DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

216.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.143.123.92.in-addr.arpa

IN PTR

Response

216.143.123.92.in-addr.arpa

IN PTR

a92-123-143-216deploystaticakamaitechnologiescom
DNS

194.19.22.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.19.22.217.in-addr.arpa

IN PTR

Response
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

38.167.187.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.167.187.89.in-addr.arpa

IN PTR

Response

38.167.187.89.in-addr.arpa

IN PTR

793955204loncdn77com
DNS

247.236.94.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

247.236.94.185.in-addr.arpa

IN PTR

Response
DNS

46.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

66.220.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.220.184.93.in-addr.arpa

IN PTR

Response
DNS

46.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.169.217.172.in-addr.arpa

IN PTR

Response

46.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f141e100net
DNS

1.231.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.231.240.157.in-addr.arpa

IN PTR

Response

1.231.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-fco2fbcdnnet
DNS

186.167.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.167.17.104.in-addr.arpa

IN PTR

Response
DNS

syndication.twitter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

syndication.twitter.com

IN A

Response

syndication.twitter.com

IN A

104.244.42.200
DNS

developers.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

216.58.212.206
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

108.177.127.84
DNS

adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

adsco.re

IN A

Response

adsco.re

IN A

162.252.214.5
DNS

csi.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

csi.gstatic.com

IN A

Response

csi.gstatic.com

IN A

142.251.42.67
GET

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22es%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1726948946778%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

msedge.exe

Remote address:

104.244.42.200:443

Request

GET /i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22es%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1726948946778%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D HTTP/2.0
host: syndication.twitter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:02:27 GMT
perf: 7402827104
vary: Origin
server: tsa_f
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Sat, 21 Sep 2024 20:02:28 GMT
content-length: 43
x-transaction-id: 59b0a8d2c2f231f0
strict-transport-security: max-age=631138519
x-response-time: 109
x-connection-hash: 36d54e55f9b71ae5c339c05c8cd9d1e95201ce81d255ed9d4bc5463ea9d415f5
DNS

6.adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

6.adsco.re

IN A

Response

6.adsco.re

IN A

104.17.166.186

6.adsco.re

IN A

104.17.167.186
DNS

4.adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

4.adsco.re

IN A

Response

4.adsco.re

IN A

162.252.214.5
GET

http://developers.google.com/

msedge.exe

Remote address:

216.58.212.206:80

Request

GET / HTTP/1.1
Host: developers.google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: 448013be379825ca2c02b238ff27bae6
Date: Sat, 21 Sep 2024 20:02:27 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

msedge.exe

Remote address:

108.177.127.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__ HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://csi.gstatic.com/csi?v=3&s=gapi_module&action=auth___plus__plusone&it=mli.92,mei.6&tran=15&e=abc_l0,abc_m0,abc_pauth___plus__plusone,abc_u0&rt=

msedge.exe

Remote address:

142.251.42.67:80

Request

GET /csi?v=3&s=gapi_module&action=auth___plus__plusone&it=mli.92,mei.6&tran=15&e=abc_l0,abc_m0,abc_pauth___plus__plusone,abc_u0&rt= HTTP/1.1
Host: csi.gstatic.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Access-Control-Allow-Origin: *
Date: Sat, 21 Sep 2024 20:02:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 0
GET

http://csi.gstatic.com/csi?v=3&s=gapi_module&action=plus__plusone&it=mli.140,mei.10&tran=15&e=abc_l0,abc_m0,abc_pplus__plusone,abc_u0&rt=

msedge.exe

Remote address:

142.251.42.67:80

Request

GET /csi?v=3&s=gapi_module&action=plus__plusone&it=mli.140,mei.10&tran=15&e=abc_l0,abc_m0,abc_pplus__plusone,abc_u0&rt= HTTP/1.1
Host: csi.gstatic.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Access-Control-Allow-Origin: *
Date: Sat, 21 Sep 2024 20:02:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 0
GET

http://csi.gstatic.com/csi?v=3&s=gapi_global&action=global&it=blt.0,psi.3&srt=47&tbsrt=1079&tran=15&e=abc_l0,abc_m0,abc_u0&rt=

msedge.exe

Remote address:

142.251.42.67:80

Request

GET /csi?v=3&s=gapi_global&action=global&it=blt.0,psi.3&srt=47&tbsrt=1079&tran=15&e=abc_l0,abc_m0,abc_u0&rt= HTTP/1.1
Host: csi.gstatic.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Access-Control-Allow-Origin: *
Date: Sat, 21 Sep 2024 20:02:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 0
GET

https://4.adsco.re/

msedge.exe

Remote address:

162.252.214.5:443

Request

GET / HTTP/1.1
Host: 4.adsco.re
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
Origin: null
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
Purpose: prefetch
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sat, 21 Sep 2024 20:02:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: null
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
DNS

twitter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.1
GET

https://6.adsco.re/

msedge.exe

Remote address:

104.17.166.186:443

Request

GET / HTTP/2.0
host: 6.adsco.re
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:02:27 GMT
content-type: text/plain;charset=UTF-8
content-length: 46
access-control-allow-origin: null
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c6ca72c588745a0-LHR
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
GET

https://developers.google.com/

msedge.exe

Remote address:

216.58.212.206:443

Request

GET / HTTP/2.0
host: developers.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/accounts/o/2254111616-postmessagerelay.js

msedge.exe

Remote address:

142.250.200.3:443

Request

GET /accounts/o/2254111616-postmessagerelay.js HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

206.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.212.58.216.in-addr.arpa

IN PTR

Response

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f2061e100net

206.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f14�J

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f14�J
DNS

84.127.177.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.127.177.108.in-addr.arpa

IN PTR

Response

84.127.177.108.in-addr.arpa

IN PTR

el-in-f841e100net
DNS

186.166.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.166.17.104.in-addr.arpa

IN PTR

Response
DNS

200.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.42.244.104.in-addr.arpa

IN PTR

Response
DNS

5.214.252.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.214.252.162.in-addr.arpa

IN PTR

Response
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
DNS

67.42.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.42.251.142.in-addr.arpa

IN PTR

Response

67.42.251.142.in-addr.arpa

IN PTR

bom12s21-in-f31e100net
DNS

ads.juicyads.me

msedge.exe

Remote address:

8.8.8.8:53

Request

ads.juicyads.me

IN A

Response

ads.juicyads.me

IN CNAME

c7495b9dc5.mjedge.net

c7495b9dc5.mjedge.net

IN CNAME

1230740933.rsc.cdn77.org

1230740933.rsc.cdn77.org

IN A

84.17.50.9

1230740933.rsc.cdn77.org

IN A

89.187.167.39
DNS

ck.juicyads.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ck.juicyads.com

IN A

Response

ck.juicyads.com

IN A

199.241.100.249
GET

http://ads.juicyads.me/network/user203125/63225-1726887419-0906219001726887419.jpg

msedge.exe

Remote address:

84.17.50.9:80

Request

GET /network/user203125/63225-1726887419-0906219001726887419.jpg HTTP/1.1
Host: ads.juicyads.me
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://adserver.juicyads.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sat, 21 Sep 2024 20:02:30 GMT
Content-Type: image/jpeg
Content-Length: 89690
Connection: keep-alive
Last-Modified: Sat, 21 Sep 2024 02:56:59 GMT
ETag: "66ee35fb-15e5a"
X-77-NZT: EwwBVBEyBwH3QhoAAAwBuUwKAQH3DgQAAAwBJRPCNAG3OgAAAA
X-77-NZT-Ray: 66f31c261bbe81a05626ef66b08c9607
X-Accel-Expires: @1729533132
X-Accel-Date: 1726942228
X-Accel-Date-Max: 1726941132
X-77-Cache: HIT
X-77-Age: 6722
Server: CDN77-Turbo
X-Cache: HIT
X-Age: 6722
X-77-POP: londonGB
Accept-Ranges: bytes
DNS

9.50.17.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.50.17.84.in-addr.arpa

IN PTR

Response

9.50.17.84.in-addr.arpa

IN PTR

639431526loncdn77com
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
GET

https://4.adsco.re:2087/

msedge.exe

Remote address:

162.252.214.5:2087

Request

GET / HTTP/1.1
Host: 4.adsco.re:2087
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: null
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sat, 21 Sep 2024 20:03:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: null
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
GET

https://6.adsco.re:2087/

msedge.exe

Remote address:

104.17.166.186:2087

Request

GET / HTTP/2.0
host: 6.adsco.re:2087
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:03:34 GMT
content-type: text/plain;charset=UTF-8
content-length: 46
access-control-allow-origin: null
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c6ca8cdbb443859-LHR
DNS

znzlldwt7iq6.l4.adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

znzlldwt7iq6.l4.adsco.re

IN A

Response

znzlldwt7iq6.l4.adsco.re

IN A

185.200.118.62
DNS

znzlldwt7iq6.s4.adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

znzlldwt7iq6.s4.adsco.re

IN A

Response

znzlldwt7iq6.s4.adsco.re

IN A

185.200.116.60
DNS

znzlldwt7iq6.n4.adsco.re

msedge.exe

Remote address:

8.8.8.8:53

Request

znzlldwt7iq6.n4.adsco.re

IN A

Response

znzlldwt7iq6.n4.adsco.re

IN A

38.132.109.126
POST

https://znzlldwt7iq6.l4.adsco.re/

msedge.exe

Remote address:

185.200.118.62:443

Request

POST / HTTP/2.0
host: znzlldwt7iq6.l4.adsco.re
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:03:35 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
POST

https://znzlldwt7iq6.n4.adsco.re/

msedge.exe

Remote address:

38.132.109.126:443

Request

POST / HTTP/2.0
host: znzlldwt7iq6.n4.adsco.re
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:03:35 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.231.35
POST

https://znzlldwt7iq6.s4.adsco.re/

msedge.exe

Remote address:

185.200.116.60:443

Request

POST / HTTP/2.0
host: znzlldwt7iq6.s4.adsco.re
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 21 Sep 2024 20:03:35 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
DNS

serve.popads.net

msedge.exe

Remote address:

8.8.8.8:53

Request

serve.popads.net

IN A

Response

serve.popads.net

IN A

216.21.13.10

serve.popads.net

IN A

216.21.13.16

serve.popads.net

IN A

216.21.13.17

serve.popads.net

IN A

216.21.13.11
GET

http://serve.popads.net/c?_=21000&v=4&siteId=657206&minBid=&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,720,1,1280,720,0

msedge.exe

Remote address:

216.21.13.10:80

Request

GET /c?_=21000&v=4&siteId=657206&minBid=&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,720,1,1280,720,0 HTTP/1.1
Host: serve.popads.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
access-control-allow-origin: *
content-type: application/javascript
asf: -3
popads-ec: ASE
cache-control: public, max-age=604800
expires: Sat, 28 Sep 2024 20:03:35 GMT
content-length: 0
date: Sat, 21 Sep 2024 20:03:35 GMT
DNS

62.118.200.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.118.200.185.in-addr.arpa

IN PTR

Response

62.118.200.185.in-addr.arpa

IN PTR

vlan804bb2lon7ukm247ro
DNS

186.109.132.38.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.109.132.38.in-addr.arpa

IN PTR

Response
DNS

90.116.200.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.116.200.185.in-addr.arpa

IN PTR

Response

90.116.200.185.in-addr.arpa

IN PTR

no-mans-landm247com
DNS

90.118.200.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.118.200.185.in-addr.arpa

IN PTR

Response

90.118.200.185.in-addr.arpa

IN PTR

adscorecom
DNS

126.109.132.38.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.109.132.38.in-addr.arpa

IN PTR

Response

126.109.132.38.in-addr.arpa

IN PTR

irb-0agg3nyc1usm247com
DNS

static.follando-putas.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.follando-putas.com

IN A

Response
DNS

35.231.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.231.240.157.in-addr.arpa

IN PTR

Response

35.231.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-fco2facebookcom
DNS

10.13.21.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.13.21.216.in-addr.arpa

IN PTR

Response
DNS

60.116.200.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.116.200.185.in-addr.arpa

IN PTR

Response

60.116.200.185.in-addr.arpa

IN PTR

no-mans-landm247com
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

108.177.127.84

217.22.19.194:80

http://adspaces.ero-advertising.com/adspace/2036145.js

http

msedge.exe

603 B
551 B
6
5

HTTP Request

GET http://adspaces.ero-advertising.com/adspace/2036145.js

HTTP Response

200
142.250.187.234:80

http://ajax.googleapis.com/ajax/libs/mootools/1.4.2/mootools-yui-compressed.js

http

msedge.exe

1.2kB
32.7kB
18
29

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/mootools/1.4.2/mootools-yui-compressed.js

HTTP Response

200
89.187.167.38:80

http://c1.popads.net/pop.js

http

msedge.exe

806 B
13.6kB
11
15

HTTP Request

GET http://c1.popads.net/pop.js

HTTP Response

200
185.94.236.247:80

http://adserver.juicyads.com/adshow.php?adzone=437410

http

msedge.exe

753 B
2.7kB
6
6

HTTP Request

GET http://adserver.juicyads.com/adshow.php?adzone=437410

HTTP Response

200
185.94.236.247:80

http://adserver.juicyads.com/adshow.php?adzone=437430

http

msedge.exe

707 B
701 B
5
5

HTTP Request

GET http://adserver.juicyads.com/adshow.php?adzone=437430

HTTP Response

200
142.250.200.46:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.4kB
13
18

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
157.240.231.1:80

http://connect.facebook.net/es_ES/all.js

http

msedge.exe

635 B
504 B
7
6

HTTP Request

GET http://connect.facebook.net/es_ES/all.js

HTTP Response

301
93.184.220.66:80

http://platform.twitter.com/widgets.js

http

msedge.exe

1.1kB
29.3kB
17
26

HTTP Request

GET http://platform.twitter.com/widgets.js

HTTP Response

200
172.217.169.46:443

https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=none&height=19&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

tls, http2

msedge.exe

7.4kB
139.0kB
109
112

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.2ttuSS2XBQ8.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg/cb=gapi.loaded_0?le=scs

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.2ttuSS2XBQ8.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg/cb=gapi.loaded_1?le=scs

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=none&height=19&hl=es&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.follando-putas.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__
104.17.167.186:443

https://c.adsco.re/favicon.ico?type=log&code=1000&endpoint=162.252.214.4&path=p&timeout=1500

tls, http2

msedge.exe

4.2kB
38.0kB
43
45

HTTP Request

GET https://c.adsco.re/

HTTP Response

103

HTTP Response

200

HTTP Request

POST https://c.adsco.re/favicon.ico?type=log&code=1000&endpoint=adsco.re&path=p&timeout=1500

HTTP Request

POST https://c.adsco.re/favicon.ico?type=log&code=1000&endpoint=162.252.214.4&path=p&timeout=1500

HTTP Response

405

HTTP Response

405
93.184.220.66:443

https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.es.html

tls, http

msedge.exe

3.3kB
24.3kB
20
27

HTTP Request

GET https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js

HTTP Response

200

HTTP Request

GET https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.es.html

HTTP Response

200
157.240.231.1:443

connect.facebook.net

tls

msedge.exe

3.4kB
92.7kB
49
83
104.244.42.200:443

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22es%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1726948946778%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

tls, http2

msedge.exe

2.0kB
4.6kB
12
12

HTTP Request

GET https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fwww.follando-putas.com%2Fvideo%2Fsexo-con-una-mulata-de-gran-escote-sexy-2741%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22es%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1726948946778%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

HTTP Response

200
216.58.212.206:80

http://developers.google.com/

http

msedge.exe

775 B
527 B
7
6

HTTP Request

GET http://developers.google.com/

HTTP Response

301
108.177.127.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__

tls, http2

msedge.exe

2.0kB
7.3kB
15
18

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2ttuSS2XBQ8.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-TYe36ShA0ds8KrukIhF82BwaKlg%2Fm%3D__features__
162.252.214.5:443

adsco.re

tls

msedge.exe

2.2kB
3.9kB
9
9
142.251.42.67:80

http://csi.gstatic.com/csi?v=3&s=gapi_module&action=auth___plus__plusone&it=mli.92,mei.6&tran=15&e=abc_l0,abc_m0,abc_pauth___plus__plusone,abc_u0&rt=

http

msedge.exe

846 B
696 B
8
7

HTTP Request

GET http://csi.gstatic.com/csi?v=3&s=gapi_module&action=auth___plus__plusone&it=mli.92,mei.6&tran=15&e=abc_l0,abc_m0,abc_pauth___plus__plusone,abc_u0&rt=

HTTP Response

204
142.251.42.67:80

http://csi.gstatic.com/csi?v=3&s=gapi_module&action=plus__plusone&it=mli.140,mei.10&tran=15&e=abc_l0,abc_m0,abc_pplus__plusone,abc_u0&rt=

http

msedge.exe

834 B
696 B
8
7

HTTP Request

GET http://csi.gstatic.com/csi?v=3&s=gapi_module&action=plus__plusone&it=mli.140,mei.10&tran=15&e=abc_l0,abc_m0,abc_pplus__plusone,abc_u0&rt=

HTTP Response

204
142.251.42.67:80

http://csi.gstatic.com/csi?v=3&s=gapi_global&action=global&it=blt.0,psi.3&srt=47&tbsrt=1079&tran=15&e=abc_l0,abc_m0,abc_u0&rt=

http

msedge.exe

823 B
696 B
8
7

HTTP Request

GET http://csi.gstatic.com/csi?v=3&s=gapi_global&action=global&it=blt.0,psi.3&srt=47&tbsrt=1079&tran=15&e=abc_l0,abc_m0,abc_u0&rt=

HTTP Response

204
162.252.214.5:443

https://4.adsco.re/

tls, http

msedge.exe

2.9kB
4.5kB
10
11

HTTP Request

GET https://4.adsco.re/

HTTP Response

200
104.17.166.186:443

https://6.adsco.re/

tls, http2

msedge.exe

2.7kB
5.6kB
15
15

HTTP Request

GET https://6.adsco.re/

HTTP Response

200
142.251.42.67:80

csi.gstatic.com

msedge.exe

288 B
196 B
6
4
216.58.212.206:443

https://developers.google.com/

tls, http2

msedge.exe

2.7kB
42.4kB
33
42

HTTP Request

GET https://developers.google.com/
142.250.200.3:443

https://ssl.gstatic.com/accounts/o/2254111616-postmessagerelay.js

tls, http2

msedge.exe

1.9kB
11.5kB
18
19

HTTP Request

GET https://ssl.gstatic.com/accounts/o/2254111616-postmessagerelay.js
84.17.50.9:80

http://ads.juicyads.me/network/user203125/63225-1726887419-0906219001726887419.jpg

http

msedge.exe

2.3kB
93.1kB
40
72

HTTP Request

GET http://ads.juicyads.me/network/user203125/63225-1726887419-0906219001726887419.jpg

HTTP Response

200
162.252.214.5:2087

https://4.adsco.re:2087/

tls, http

msedge.exe

2.8kB
4.4kB
10
10

HTTP Request

GET https://4.adsco.re:2087/

HTTP Response

200
104.17.166.186:2087

https://6.adsco.re:2087/

tls, http2

msedge.exe

2.6kB
5.5kB
13
14

HTTP Request

GET https://6.adsco.re:2087/

HTTP Response

200
185.200.118.62:443

https://znzlldwt7iq6.l4.adsco.re/

tls, http2

msedge.exe

2.7kB
3.4kB
13
11

HTTP Request

POST https://znzlldwt7iq6.l4.adsco.re/

HTTP Response

200
38.132.109.126:443

https://znzlldwt7iq6.n4.adsco.re/

tls, http2

msedge.exe

2.7kB
3.4kB
13
12

HTTP Request

POST https://znzlldwt7iq6.n4.adsco.re/

HTTP Response

200
38.132.109.126:443

znzlldwt7iq6.n4.adsco.re

tls, http2

msedge.exe

2.0kB
3.1kB
9
10
185.200.116.60:443

https://znzlldwt7iq6.s4.adsco.re/

tls, http2

msedge.exe

2.7kB
3.4kB
13
12

HTTP Request

POST https://znzlldwt7iq6.s4.adsco.re/

HTTP Response

200
157.240.231.35:443

www.facebook.com

tls

msedge.exe

2.0kB
5.6kB
13
15
216.21.13.10:80

http://serve.popads.net/c?_=21000&v=4&siteId=657206&minBid=&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,720,1,1280,720,0

http

msedge.exe

636 B
517 B
5
5

HTTP Request

GET http://serve.popads.net/c?_=21000&v=4&siteId=657206&minBid=&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,720,1,1280,720,0

HTTP Response

200
185.200.116.60:443

znzlldwt7iq6.s4.adsco.re

tls, http2

msedge.exe

2.0kB
3.1kB
10
11

8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

static.follando-putas.com

dns

msedge.exe

71 B
144 B
1
1

DNS Request

static.follando-putas.com
8.8.8.8:53

adspaces.ero-advertising.com

dns

msedge.exe

74 B
123 B
1
1

DNS Request

adspaces.ero-advertising.com

DNS Response

217.22.19.194

217.22.19.199
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.187.234
8.8.8.8:53

c1.popads.net

dns

msedge.exe

59 B
129 B
1
1

DNS Request

c1.popads.net

DNS Response

89.187.167.38

84.17.50.9
8.8.8.8:53

adserver.juicyads.com

dns

msedge.exe

67 B
83 B
1
1

DNS Request

adserver.juicyads.com

DNS Response

185.94.236.247
8.8.8.8:53

platform.twitter.com

dns

msedge.exe

66 B
241 B
1
1

DNS Request

platform.twitter.com

DNS Response

93.184.220.66
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.169.46
8.8.8.8:53

connect.facebook.net

dns

msedge.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.231.1
8.8.8.8:53

c.adsco.re

dns

msedge.exe

56 B
88 B
1
1

DNS Request

c.adsco.re

DNS Response

104.17.167.186

104.17.166.186
172.217.169.46:443

apis.google.com

https

msedge.exe

4.7kB
39.6kB
24
35
8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

216.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

216.143.123.92.in-addr.arpa
8.8.8.8:53

194.19.22.217.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

194.19.22.217.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

38.167.187.89.in-addr.arpa

dns

72 B
109 B
1
1

DNS Request

38.167.187.89.in-addr.arpa
8.8.8.8:53

247.236.94.185.in-addr.arpa

dns

73 B
136 B
1
1

DNS Request

247.236.94.185.in-addr.arpa
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.200.250.142.in-addr.arpa
8.8.8.8:53

66.220.184.93.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

66.220.184.93.in-addr.arpa
8.8.8.8:53

46.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.169.217.172.in-addr.arpa
8.8.8.8:53

1.231.240.157.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

1.231.240.157.in-addr.arpa
8.8.8.8:53

186.167.17.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

186.167.17.104.in-addr.arpa
8.8.8.8:53

syndication.twitter.com

dns

msedge.exe

69 B
85 B
1
1

DNS Request

syndication.twitter.com

DNS Response

104.244.42.200
8.8.8.8:53

developers.google.com

dns

msedge.exe

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

216.58.212.206
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

108.177.127.84
8.8.8.8:53

adsco.re

dns

msedge.exe

54 B
70 B
1
1

DNS Request

adsco.re

DNS Response

162.252.214.5
8.8.8.8:53

csi.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

csi.gstatic.com

DNS Response

142.251.42.67
8.8.8.8:53

6.adsco.re

dns

msedge.exe

56 B
88 B
1
1

DNS Request

6.adsco.re

DNS Response

104.17.166.186

104.17.167.186
8.8.8.8:53

4.adsco.re

dns

msedge.exe

56 B
72 B
1
1

DNS Request

4.adsco.re

DNS Response

162.252.214.5
8.8.8.8:53

twitter.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.1
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3
216.58.212.206:443

developers.google.com

https

msedge.exe

6.5kB
100.0kB
53
85
8.8.8.8:53

206.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.212.58.216.in-addr.arpa
8.8.8.8:53

84.127.177.108.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

84.127.177.108.in-addr.arpa
8.8.8.8:53

186.166.17.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

186.166.17.104.in-addr.arpa
8.8.8.8:53

200.42.244.104.in-addr.arpa

dns

73 B
73 B
1
1

DNS Request

200.42.244.104.in-addr.arpa
8.8.8.8:53

5.214.252.162.in-addr.arpa

dns

72 B
145 B
1
1

DNS Request

5.214.252.162.in-addr.arpa
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

67.42.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

67.42.251.142.in-addr.arpa
8.8.8.8:53

ads.juicyads.me

dns

msedge.exe

61 B
166 B
1
1

DNS Request

ads.juicyads.me

DNS Response

84.17.50.9

89.187.167.39
8.8.8.8:53

ck.juicyads.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ck.juicyads.com

DNS Response

199.241.100.249
8.8.8.8:53

9.50.17.84.in-addr.arpa

dns

69 B
106 B
1
1

DNS Request

9.50.17.84.in-addr.arpa
224.0.0.251:5353

msedge.exe

1.6kB
15
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

znzlldwt7iq6.l4.adsco.re

dns

msedge.exe

70 B
86 B
1
1

DNS Request

znzlldwt7iq6.l4.adsco.re

DNS Response

185.200.118.62
108.177.127.84:443

accounts.google.com

https

msedge.exe

3.9kB
8.3kB
10
12
8.8.8.8:53

znzlldwt7iq6.s4.adsco.re

dns

msedge.exe

70 B
86 B
1
1

DNS Request

znzlldwt7iq6.s4.adsco.re

DNS Response

185.200.116.60
8.8.8.8:53

znzlldwt7iq6.n4.adsco.re

dns

msedge.exe

70 B
86 B
1
1

DNS Request

znzlldwt7iq6.n4.adsco.re

DNS Response

38.132.109.126
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.231.35
38.132.109.186:3478

msedge.exe

432 B
9
185.200.116.90:3478

msedge.exe

432 B
9
185.200.118.90:3478

msedge.exe

432 B
9
8.8.8.8:53

serve.popads.net

dns

msedge.exe

62 B
126 B
1
1

DNS Request

serve.popads.net

DNS Response

216.21.13.10

216.21.13.16

216.21.13.17

216.21.13.11
8.8.8.8:53

62.118.200.185.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

62.118.200.185.in-addr.arpa
8.8.8.8:53

186.109.132.38.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

186.109.132.38.in-addr.arpa
8.8.8.8:53

90.116.200.185.in-addr.arpa

dns

73 B
108 B
1
1

DNS Request

90.116.200.185.in-addr.arpa
8.8.8.8:53

90.118.200.185.in-addr.arpa

dns

73 B
98 B
1
1

DNS Request

90.118.200.185.in-addr.arpa
8.8.8.8:53

126.109.132.38.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

126.109.132.38.in-addr.arpa
8.8.8.8:53

static.follando-putas.com

dns

msedge.exe

71 B
144 B
1
1

DNS Request

static.follando-putas.com
8.8.8.8:53

35.231.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.231.240.157.in-addr.arpa
8.8.8.8:53

10.13.21.216.in-addr.arpa

dns

71 B
120 B
1
1

DNS Request

10.13.21.216.in-addr.arpa
8.8.8.8:53

60.116.200.185.in-addr.arpa

dns

73 B
108 B
1
1

DNS Request

60.116.200.185.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

108.177.127.84
108.177.127.84:443

accounts.google.com

https

msedge.exe

2.5kB
3.7kB
9
10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\26ab5382-e005-463a-977e-083f2752e4b5.tmp

Filesize
10KB

MD5
d587046d5a13ce3e7747c785bd7eb7e6

SHA1
f2eb6aa25eb33101bd10b6b71039b8c419498ec9

SHA256
32766173601b9a2bf8db6726ad9113454427bea359bbc2154ff18e5839e3f649

SHA512
5f4e7fb59d7f749be02fc47b7bd22612537c0175a2f17815da5e03305602004debb3137cff9cf719a29374cfbb3e9343552907f3de4e065c43274cc1bf5ac8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f57278ddef78b04f8bcaeeb233282220

SHA1
0f0452fa1a627bb67f47835aea06546fbdec40a8

SHA256
1960b35b82f10b98956b0460142cb89d05daa36c477dced55d1e523e70e70f72

SHA512
eec8de348ced29788baa396e83f4b4ddccd466acd913fd1e44b128f3843f39f02270f32344edd33c5bf09a2f7529f159c49d6d13f2e48214c08b68176f1c7723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
00fc4766602cb61e7ff1483f7a0fd506

SHA1
f5ef80e633ed28dd8f499bcd38abc4ef3d87fa42

SHA256
c700a77a1ff6ad78f4c990ee4d60b24c59bc72c6168c931b3abccf33e9cf1717

SHA512
25f3ca3149de298f98114dea2b42eed8be646331fbd2653c8d5a0a0fbfe857a74dbbe1a3748a3e4e778355fd701872285789d907d0d790333921600633f9a5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bfe614e221fd2438a959794d836eeee

SHA1
c0e74cabde651ba2f22f4caa9f2b977eef5faa26

SHA256
5afa4f692ff029504318e2acdfd9281a72557eb2fedb50de75f47cb9df910a81

SHA512
838e0dd2cc9c4d96101265fb634185db6f7c5515183d0f4fd9b95b7c43f96cb6e966f3d1f32e2723492b844f5210ea644e63d7df4ea58240e28024b2978a7a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3bd4098c800ee6d11ede9e3a29b2f712

SHA1
504f78458571bf37da792aa05488c533c7c5be79

SHA256
8e6bdedb6e57e5960357572923951ec770c7cf2851ccf3925687755131fda182

SHA512
de5852a771387364f81d68eb974468f76a369ba3f0efa50300b712f46ee6a4b6d7ac5d51b0afc508f802206fb23a25e56884a48758004de738dcc14066104e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24f76dd03521de205e0f10e4fadf7501

SHA1
d5158b3fafeeed12dac9b165619c2221d8674dfc

SHA256
d17243ed37274ee3106172b526734dafa585ac166f010c2e24f1ab8d3d48c244

SHA512
00a5dad875e84cd4da32d4d41483079c5ccfdbc59d6ec492620d849695ac00e73e266f328e0c850d5f9aae9346d192026d015339c7cb96a121e81715f3320b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5aa0786a1c2623da5aec673a980c0e9b

SHA1
e0b6e0b52d4c20c5114f0356306740f0c6f1ff19

SHA256
3559c17504e85feae1376e0caf3f0b32463dca553f8a0988be5c59c1070c3097

SHA512
eaca6503c653ceed2950e2196d2fc1354db48b84023e1d1dbfb255c5c61a8bc4d94897280c7704ed08b9c1d8cfe2ceb48a42a0ed8fc175158c36d5dd036f3e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
965a1e577f14bafeb043eaaded09f5f6

SHA1
ad997e9a7320f86075c47f5d10ff4238adf6af20

SHA256
2cdbaed900c4c8901b6b8d45d60fd59894b0beec1ca91e30890f5b3ba53d95a3

SHA512
b09b07434339060ce8c95b658d75b7747ccc776b9ca4efdad3760700b4e7f95a37ed60922320783c36d3df2f616c67bae23e358e2b5212d4305f61dfa36cbbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request