hxxps://mediafire[.]com/file/3nfa6p4pxkve92c/Ui-Dropped[.]jar/file

Resubmissions

04/10/2024, 20:19 UTC

241004-y3zmmstgrr 8

04/10/2024, 20:16 UTC

241004-y145catgkl 6

04/10/2024, 19:53 UTC

241004-yl145sshpq 8

Analysis

max time kernel
806s
max time network
809s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 20:19 UTC

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

Score

8^/10

defense_evasion discovery execution

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
354	5764	powershell.exe
356	5764	powershell.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	VSCodeUserSetup-x64-1.94.0.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	Code.exe

Executes dropped EXE 6 IoCs

pid	Process
5000	VSCodeUserSetup-x64-1.94.0.exe
2148	VSCodeUserSetup-x64-1.94.0.tmp
4736	Code.exe
2420	Code.exe
5416	Code.exe
4848	Code.exe

Loads dropped DLL 12 IoCs

pid	Process
4736	Code.exe
2420	Code.exe
5416	Code.exe
4736	Code.exe
4736	Code.exe
4736	Code.exe
4736	Code.exe
4736	Code.exe
4736	Code.exe
4736	Code.exe
4736	Code.exe
4848	Code.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2968	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 17 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5660	powershell.exe
2636	powershell.exe
1956	powershell.exe
3908	powershell.exe
452	powershell.exe
2100	powershell.exe
5236	powershell.exe
5616	powershell.exe
4888	powershell.exe
3032	powershell.exe
3568	powershell.exe
4960	powershell.exe
3584	powershell.exe
6012	powershell.exe
2992	powershell.exe
3632	powershell.exe
5268	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
356	raw.githubusercontent.com
4	mediafire.com
19	mediafire.com
20	mediafire.com
21	mediafire.com
355	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Launches sc.exe 36 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1932	sc.exe
2872	sc.exe
5916	sc.exe
3820	sc.exe
5204	sc.exe
3908	sc.exe
3936	sc.exe
4996	sc.exe
2156	sc.exe
1308	sc.exe
4356	sc.exe
2396	sc.exe
4396	sc.exe
6032	sc.exe
2004	sc.exe
4144	sc.exe
4636	sc.exe
1716	sc.exe
5096	sc.exe
452	sc.exe
4244	sc.exe
5384	sc.exe
3896	sc.exe
3092	sc.exe
2536	sc.exe
5080	sc.exe
1888	sc.exe
5468	sc.exe
3976	sc.exe
1680	sc.exe
4420	sc.exe
4128	sc.exe
3136	sc.exe
2356	sc.exe
6060	sc.exe
4016	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeUserSetup-x64-1.94.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeUserSetup-x64-1.94.0.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2104	SnippingTool.exe
1496	SnippingTool.exe
832	SnippingTool.exe
5984	cmd.exe
6012	PING.EXE
868	cmd.exe
1428	PING.EXE

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	Clipup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 24 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token	reg.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725468672292101"	chrome.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive	reg.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}	reg.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "126"	LogonUI.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production	reg.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.cpp\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.mkdn\shell\open	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.bash\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.mk\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.tex\DefaultIcon	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.csproj\ = "C# Project Source File"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.hbs\ = "Handlebars Source File"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.h++\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\cpp.ico"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.json\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.mk\shell	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.plist\shell	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.rt\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.wxl\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.cs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.erb\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.ipynb\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.mkdn\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.plist\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.ts	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.hbs\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.ini\shell\open\command	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.yaml\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\MF_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SnippingTool.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.gitattributes\shell\open	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.rhistory\ = "R History Source File"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.shtml\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.cshtml\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.gitattributes\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.pp\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.cc\DefaultIcon	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.ps1	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.ts\ = "TypeScript Source File"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.tsx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.bash\DefaultIcon	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.mkd\DefaultIcon	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.bowerrc\DefaultIcon	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.csv\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.pm6	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.properties\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.coffee\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.css\ = "CSS Source File"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.dart\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.html\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\html.ico"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.mjs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.psm1\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\powershell.ico"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.tsx\ = "TypeScript Source File"	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.editorconfig	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.html\OpenWithProgids\VSCode.html	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.ini	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.bowerrc\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.cljx	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.csx\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.html\shell	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.mdown	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.pl6\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.zsh\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.cljs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.h++	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.pm\OpenWithProgids	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.cpp\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.hpp	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.mdwn\OpenWithProgids\VSCode.mdwn	VSCodeUserSetup-x64-1.94.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\VSCode.npmignore\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.94.0.tmp

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
2992	reg.exe
5896	reg.exe
4988	reg.exe
2860	reg.exe
4724	reg.exe
5208	reg.exe
5996	reg.exe
5480	reg.exe
1964	reg.exe
4488	reg.exe
1756	reg.exe
6008	reg.exe
972	reg.exe
3380	reg.exe
5388	reg.exe
1372	reg.exe
4040	reg.exe
5744	reg.exe
4924	reg.exe
5160	reg.exe
512	reg.exe
5700	reg.exe
588	reg.exe
5224	reg.exe
1604	reg.exe
528	reg.exe
2616	reg.exe
4664	reg.exe
4908	reg.exe
6024	reg.exe
3612	reg.exe
1980	reg.exe
5552	reg.exe
3760	reg.exe
4828	reg.exe
3616	reg.exe
1392	reg.exe
4284	reg.exe
3972	reg.exe
4732	reg.exe
3052	reg.exe
5868	reg.exe
5648	reg.exe
2124	reg.exe
5688	reg.exe
408	reg.exe
3788	reg.exe
6028	reg.exe
5984	reg.exe
2964	reg.exe
5452	reg.exe
5772	reg.exe
3920	reg.exe
2256	reg.exe
3900	reg.exe
6112	reg.exe
1880	reg.exe
1496	reg.exe
3596	reg.exe
692	reg.exe
4728	reg.exe
2952	reg.exe
1000	reg.exe
2072	reg.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
6012	PING.EXE
1428	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3384	msedge.exe
3384	msedge.exe
3652	identity_helper.exe
3652	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
5516	chrome.exe
5516	chrome.exe
5764	powershell.exe
5764	powershell.exe
452	powershell.exe
452	powershell.exe
3032	powershell.exe
3032	powershell.exe
2100	powershell.exe
2100	powershell.exe
5660	powershell.exe
5660	powershell.exe
5660	powershell.exe
5236	powershell.exe
5236	powershell.exe
5236	powershell.exe
3596	powershell.exe
3596	powershell.exe
3596	powershell.exe
2636	powershell.exe
2636	powershell.exe
2636	powershell.exe
5616	powershell.exe
5616	powershell.exe
5616	powershell.exe
5436	powershell.exe
5436	powershell.exe
4960	powershell.exe
4960	powershell.exe
4960	powershell.exe
1956	powershell.exe
1956	powershell.exe
1080	powershell.exe
1080	powershell.exe
4908	powershell.exe
4908	powershell.exe
6028	powershell.exe
6028	powershell.exe
3616	powershell.exe
3616	powershell.exe
3908	powershell.exe
3908	powershell.exe
4016	powershell.exe
4016	powershell.exe
384	powershell.exe
384	powershell.exe
4848	powershell.exe
4848	powershell.exe
3584	powershell.exe
3584	powershell.exe
3584	powershell.exe
4888	powershell.exe
4888	powershell.exe
4888	powershell.exe
3900	powershell.exe
3900	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
832	SnippingTool.exe
2104	SnippingTool.exe
6032	OpenWith.exe
2952	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe
Token: SeShutdownPrivilege	5516	chrome.exe
Token: SeCreatePagefilePrivilege	5516	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5516	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe
5152	chrome.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
832	SnippingTool.exe
832	SnippingTool.exe
2104	SnippingTool.exe
2104	SnippingTool.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
6032	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
1496	SnippingTool.exe
1496	SnippingTool.exe
4728	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 2292	3384	msedge.exe	82
PID 3384 wrote to memory of 2292	3384	msedge.exe	82
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4816	3384	msedge.exe	83
PID 3384 wrote to memory of 4488	3384	msedge.exe	84
PID 3384 wrote to memory of 4488	3384	msedge.exe	84
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85
PID 3384 wrote to memory of 2148	3384	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f70346f8,0x7ff9f7034708,0x7ff9f7034718
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,453691013709550146,6074353519090713947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9e7eacc40,0x7ff9e7eacc4c,0x7ff9e7eacc58
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1756 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5476,i,6979252799471156793,10759628313425678561,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5636

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4624

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5116

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:5764
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c ""C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd" "
  2⤵
  PID:4700
- - C:\Windows\System32\sc.exe
    sc query Null
    3⤵
    - Launches sc.exe
    PID:5468
- - C:\Windows\System32\find.exe
    find /i "RUNNING"
    3⤵
    PID:5480
- - C:\Windows\System32\findstr.exe
    findstr /v "$" "MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd"
    3⤵
    PID:2872
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /c ver
    3⤵
    PID:5804
- - C:\Windows\System32\reg.exe
    reg query "HKCU\Console" /v ForceV2
    3⤵
    PID:2704
- - C:\Windows\System32\find.exe
    find /i "0x0"
    3⤵
    PID:5164
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
    3⤵
    PID:1040
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
      4⤵
      PID:1208
  - - C:\Windows\System32\cmd.exe
      cmd
      4⤵
      PID:5604
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd" "
    3⤵
    PID:5600
- - C:\Windows\System32\find.exe
    find /i "C:\Users\Admin\AppData\Local\Temp"
    3⤵
    PID:2960
- - C:\Windows\System32\cmd.exe
    cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""
    3⤵
    PID:4568
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:452
- - C:\Windows\System32\find.exe
    find /i "FullLanguage"
    3⤵
    PID:5212
- - C:\Windows\System32\fltMC.exe
    fltmc
    3⤵
    PID:4972
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3032
- - C:\Windows\System32\find.exe
    find /i "True"
    3⤵
    PID:4436
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '"""C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd""" -el -qedit'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2100
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd" -el -qedit"
      4⤵
      PID:1900
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:4244
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:5568
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd"
        5⤵
        
        PID:2036
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
        5⤵
        
        PID:2552
    - - C:\Windows\System32\find.exe
        
        find /i "/"
        5⤵
        
        PID:396
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ver
        5⤵
        
        PID:5228
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:5932
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:5880
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
        5⤵
        
        PID:1532
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:4360
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:5032
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd" "
        5⤵
        
        PID:2500
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:5876
    - - C:\Windows\System32\cmd.exe
        
        cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""
        5⤵
        
        PID:4908
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5660
    - - C:\Windows\System32\find.exe
        
        find /i "FullLanguage"
        5⤵
        
        PID:2124
    - - C:\Windows\System32\fltMC.exe
        
        fltmc
        5⤵
        
        PID:2232
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5236
    - - C:\Windows\System32\find.exe
        
        find /i "True"
        5⤵
        
        PID:5444
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ping -4 -n 1 updatecheck.massgrave.dev
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5984
      - C:\Windows\System32\PING.EXE
        
        ping -4 -n 1 updatecheck.massgrave.dev
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:6012
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.7" "
        5⤵
        
        PID:6056
    - - C:\Windows\System32\find.exe
        
        find "127.69"
        5⤵
        
        PID:4500
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.7" "
        5⤵
        
        PID:3868
    - - C:\Windows\System32\find.exe
        
        find "127.69.2.7"
        5⤵
        
        PID:5696
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
        5⤵
        
        PID:5476
    - - C:\Windows\System32\find.exe
        
        find /i "/S"
        5⤵
        
        PID:1384
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
        5⤵
        
        PID:4488
    - - C:\Windows\System32\find.exe
        
        find /i "/"
        5⤵
        
        PID:5128
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
        5⤵
        
        PID:3348
      - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
        6⤵
        
        PID:5380
    - - C:\Windows\System32\mode.com
        
        mode 76, 33
        5⤵
        
        PID:5116
    - - C:\Windows\System32\choice.exe
        
        choice /C:123456789H0 /N
        5⤵
        
        PID:2272
    - - C:\Windows\System32\mode.com
        
        mode 110, 34
        5⤵
        
        PID:1540
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
        5⤵
        
        PID:912
    - - C:\Windows\System32\find.exe
        
        find /i "AutoPico"
        5⤵
        
        PID:4868
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
        5⤵
        
        PID:5908
    - - C:\Windows\System32\find.exe
        
        find /i "R@1n"
        5⤵
        
        PID:4304
    - - C:\Windows\System32\find.exe
        
        find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:5112
    - - C:\Windows\System32\find.exe
        
        find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:3784
    - - C:\Windows\System32\find.exe
        
        find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:3568
    - - C:\Windows\System32\find.exe
        
        find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:2496
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v DependOnService
        5⤵
        Modifies registry key
        
        PID:692
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Description
        5⤵
        Modifies registry key
        
        PID:5868
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v DisplayName
        5⤵
        Modifies registry key
        
        PID:3920
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:2616
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ImagePath
        5⤵
        Modifies registry key
        
        PID:5648
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ObjectName
        5⤵
        Modifies registry key
        
        PID:2992
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start
        5⤵
        Modifies registry key
        
        PID:4728
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Type
        5⤵
        Modifies registry key
        
        PID:4724
    - - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        5⤵
        Launches sc.exe
        
        PID:5080
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
        5⤵
        
        PID:2180
    - - C:\Windows\System32\findstr.exe
        
        findstr "577 225"
        5⤵
        
        PID:4348
    - - C:\Windows\System32\cmd.exe
        
        cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
        5⤵
        
        PID:2344
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_ComputerSystem get CreationClassName /value
        6⤵
        
        PID:932
    - - C:\Windows\System32\find.exe
        
        find /i "computersystem"
        5⤵
        
        PID:4788
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku"
        5⤵
        
        PID:2464
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3596
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn 2>nul
        5⤵
        
        PID:2732
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn
        6⤵
        
        PID:4636
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST" 2>nul
        5⤵
        
        PID:5528
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST
        6⤵
        
        PID:4624
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':winsubstatus\:.*';iex ($f[1])"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:2636
    - - C:\Windows\System32\find.exe
        
        find /i "Subscription_is_activated"
        5⤵
        
        PID:4996
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
        5⤵
        
        PID:2704
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5616
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 10 Pro" "
        5⤵
        
        PID:1680
    - - C:\Windows\System32\find.exe
        
        find /i "Windows"
        5⤵
        
        PID:5576
    - - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        5⤵
        Launches sc.exe
        
        PID:1888
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 20)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5436
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4960
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
        5⤵
        
        PID:2412
    - - C:\Windows\System32\findstr.exe
        
        findstr /i "Windows"
        5⤵
        
        PID:6068
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
        5⤵
        
        PID:5884
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
        6⤵
        
        PID:5844
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ver
        5⤵
        
        PID:4188
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ping -n 1 l.root-servers.net
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:868
      - C:\Windows\System32\PING.EXE
        
        ping -n 1 l.root-servers.net
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1428
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
        5⤵
        
        PID:2556
    - - C:\Windows\System32\find.exe
        
        find /i "AutoPico"
        5⤵
        
        PID:5060
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
        5⤵
        
        PID:6040
    - - C:\Windows\System32\find.exe
        
        find /i "R@1n"
        5⤵
        
        PID:1896
    - - C:\Windows\System32\find.exe
        
        find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:2340
    - - C:\Windows\System32\find.exe
        
        find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:5536
    - - C:\Windows\System32\find.exe
        
        find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:3332
    - - C:\Windows\System32\find.exe
        
        find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:4564
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v DependOnService
        5⤵
        Modifies registry key
        
        PID:5896
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Description
        5⤵
        Modifies registry key
        
        PID:4664
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v DisplayName
        5⤵
        Modifies registry key
        
        PID:3900
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:4908
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ImagePath
        5⤵
        Modifies registry key
        
        PID:2124
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v ObjectName
        5⤵
        Modifies registry key
        
        PID:1372
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start
        5⤵
        Modifies registry key
        
        PID:4828
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Type
        5⤵
        Modifies registry key
        
        PID:5700
    - - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        5⤵
        Launches sc.exe
        
        PID:6060
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
        5⤵
        
        PID:4560
    - - C:\Windows\System32\findstr.exe
        
        findstr "577 225"
        5⤵
        
        PID:5808
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:5204
    - - C:\Windows\System32\sc.exe
        
        sc start ClipSVC
        5⤵
        Launches sc.exe
        
        PID:4356
    - - C:\Windows\System32\sc.exe
        
        sc query ClipSVC
        5⤵
        Launches sc.exe
        
        PID:6032
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DependOnService
        5⤵
        Modifies registry key
        
        PID:5208
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Description
        5⤵
        Modifies registry key
        
        PID:6112
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DisplayName
        5⤵
        Modifies registry key
        
        PID:6028
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:5984
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ImagePath
        5⤵
        Modifies registry key
        
        PID:6024
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ObjectName
        5⤵
        Modifies registry key
        
        PID:4040
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Start
        5⤵
        Modifies registry key
        
        PID:5688
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Type
        5⤵
        Modifies registry key
        
        PID:5744
    - - C:\Windows\System32\sc.exe
        
        sc start wlidsvc
        5⤵
        Launches sc.exe
        
        PID:2004
    - - C:\Windows\System32\sc.exe
        
        sc query wlidsvc
        5⤵
        Launches sc.exe
        
        PID:5384
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DependOnService
        5⤵
        Modifies registry key
        
        PID:4488
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Description
        5⤵
        Modifies registry key
        
        PID:3616
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DisplayName
        5⤵
        Modifies registry key
        
        PID:588
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:4924
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ImagePath
        5⤵
        Modifies registry key
        
        PID:5224
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ObjectName
        5⤵
        Modifies registry key
        
        PID:3612
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Start
        5⤵
        Modifies registry key
        
        PID:408
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Type
        5⤵
        Modifies registry key
        
        PID:1392
    - - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        5⤵
        Launches sc.exe
        
        PID:3896
    - - C:\Windows\System32\sc.exe
        
        sc query sppsvc
        5⤵
        Launches sc.exe
        
        PID:3908
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService
        5⤵
        Modifies registry key
        
        PID:4284
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description
        5⤵
        Modifies registry key
        
        PID:5160
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName
        5⤵
        Modifies registry key
        
        PID:2952
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:3972
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath
        5⤵
        Modifies registry key
        
        PID:4732
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName
        5⤵
        Modifies registry key
        
        PID:2964
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start
        5⤵
        Modifies registry key
        
        PID:1756
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type
        5⤵
        Modifies registry key
        
        PID:972
    - - C:\Windows\System32\sc.exe
        
        sc start KeyIso
        5⤵
        Launches sc.exe
        
        PID:4420
    - - C:\Windows\System32\sc.exe
        
        sc query KeyIso
        5⤵
        Launches sc.exe
        
        PID:4016
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DependOnService
        5⤵
        Modifies registry key
        
        PID:5452
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Description
        5⤵
        Modifies registry key
        
        PID:2256
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DisplayName
        5⤵
        Modifies registry key
        
        PID:3380
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:1880
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ImagePath
        5⤵
        Modifies registry key
        
        PID:1496
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ObjectName
        5⤵
        Modifies registry key
        
        PID:6008
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Start
        5⤵
        Modifies registry key
        
        PID:5996
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Type
        5⤵
        Modifies registry key
        
        PID:3760
    - - C:\Windows\System32\sc.exe
        
        sc start LicenseManager
        5⤵
        Launches sc.exe
        
        PID:4144
    - - C:\Windows\System32\sc.exe
        
        sc query LicenseManager
        5⤵
        Launches sc.exe
        
        PID:4128
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DependOnService
        5⤵
        Modifies registry key
        
        PID:1000
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Description
        5⤵
        Modifies registry key
        
        PID:4988
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DisplayName
        5⤵
        Modifies registry key
        
        PID:5772
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:3052
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ImagePath
        5⤵
        Modifies registry key
        
        PID:2860
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ObjectName
        5⤵
        Modifies registry key
        
        PID:1604
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Start
        5⤵
        Modifies registry key
        
        PID:1980
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Type
        5⤵
        Modifies registry key
        
        PID:3596
    - - C:\Windows\System32\sc.exe
        
        sc start Winmgmt
        5⤵
        Launches sc.exe
        
        PID:4396
    - - C:\Windows\System32\sc.exe
        
        sc query Winmgmt
        5⤵
        Launches sc.exe
        
        PID:4636
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService
        5⤵
        Modifies registry key
        
        PID:5552
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description
        5⤵
        Modifies registry key
        
        PID:5388
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName
        5⤵
        Modifies registry key
        
        PID:2072
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl
        5⤵
        Modifies registry key
        
        PID:3788
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath
        5⤵
        Modifies registry key
        
        PID:5480
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName
        5⤵
        Modifies registry key
        
        PID:512
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start
        5⤵
        Modifies registry key
        
        PID:528
    - - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type
        5⤵
        Modifies registry key
        
        PID:1964
    - - C:\Windows\System32\sc.exe
        
        sc start ClipSVC
        5⤵
        Launches sc.exe
        
        PID:2396
    - - C:\Windows\System32\sc.exe
        
        sc start wlidsvc
        5⤵
        Launches sc.exe
        
        PID:3936
    - - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        5⤵
        Launches sc.exe
        
        PID:1932
    - - C:\Windows\System32\sc.exe
        
        sc start KeyIso
        5⤵
        Launches sc.exe
        
        PID:2872
    - - C:\Windows\System32\sc.exe
        
        sc start LicenseManager
        5⤵
        Launches sc.exe
        
        PID:3136
    - - C:\Windows\System32\sc.exe
        
        sc start Winmgmt
        5⤵
        Launches sc.exe
        
        PID:4996
    - - C:\Windows\System32\sc.exe
        
        sc query ClipSVC
        5⤵
        Launches sc.exe
        
        PID:2156
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:5440
    - - C:\Windows\System32\sc.exe
        
        sc start ClipSVC
        5⤵
        Launches sc.exe
        
        PID:1716
    - - C:\Windows\System32\sc.exe
        
        sc query wlidsvc
        5⤵
        Launches sc.exe
        
        PID:3092
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:3080
    - - C:\Windows\System32\sc.exe
        
        sc start wlidsvc
        5⤵
        Launches sc.exe
        
        PID:5096
    - - C:\Windows\System32\sc.exe
        
        sc query sppsvc
        5⤵
        Launches sc.exe
        
        PID:2356
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:1284
    - - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        5⤵
        Launches sc.exe
        
        PID:5916
    - - C:\Windows\System32\sc.exe
        
        sc query KeyIso
        5⤵
        Launches sc.exe
        
        PID:2536
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:704
    - - C:\Windows\System32\sc.exe
        
        sc start KeyIso
        5⤵
        Launches sc.exe
        
        PID:3976
    - - C:\Windows\System32\sc.exe
        
        sc query LicenseManager
        5⤵
        Launches sc.exe
        
        PID:1308
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:5004
    - - C:\Windows\System32\sc.exe
        
        sc start LicenseManager
        5⤵
        Launches sc.exe
        
        PID:1680
    - - C:\Windows\System32\sc.exe
        
        sc query Winmgmt
        5⤵
        Launches sc.exe
        
        PID:3820
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:5592
    - - C:\Windows\System32\sc.exe
        
        sc start Winmgmt
        5⤵
        Launches sc.exe
        
        PID:452
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
        5⤵
        
        PID:744
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
        6⤵
        
        PID:5960
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot
        5⤵
        
        PID:3096
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul
        5⤵
        
        PID:5288
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd') -split ':wpatest\:.*';iex ($f[1])"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:1956
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "7" "
        5⤵
        
        PID:1408
    - - C:\Windows\System32\find.exe
        
        find /i "Error Found"
        5⤵
        
        PID:2816
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID 2>nul
        5⤵
        
        PID:4376
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID
        6⤵
        
        PID:5864
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1080
    - - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b 0
        5⤵
        
        PID:1616
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_ComputerSystem get CreationClassName /value
        5⤵
        
        PID:2552
    - - C:\Windows\System32\find.exe
        
        find /i "computersystem"
        5⤵
        
        PID:2036
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "0" "
        5⤵
        
        PID:5892
    - - C:\Windows\System32\findstr.exe
        
        findstr /i "0x800410 0x800440"
        5⤵
        
        PID:5928
    - - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"
        5⤵
        
        PID:1752
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
        5⤵
        
        PID:5032
    - - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
        5⤵
        
        PID:3028
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"
        5⤵
        
        PID:5184
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
        5⤵
        
        PID:2500
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"
        5⤵
        
        PID:5060
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul
        5⤵
        
        PID:6040
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"
        6⤵
        
        PID:1896
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d
        5⤵
        
        PID:2340
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul
        5⤵
        
        PID:5536
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore
        6⤵
        
        PID:3332
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul
        5⤵
        
        PID:5448
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE
        6⤵
        
        PID:4564
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul
        5⤵
        
        PID:3900
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4908
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "
        5⤵
        
        PID:5684
    - - C:\Windows\System32\find.exe
        
        find /i "Ready"
        5⤵
        
        PID:5176
    - - C:\Windows\System32\reg.exe
        
        reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f
        5⤵
        
        PID:5208
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"
        5⤵
        
        PID:6112
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6028
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3616
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3908
    - - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
        5⤵
        
        PID:972
    - - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
        5⤵
        
        PID:4420
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4016
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE" 2>nul
        5⤵
        
        PID:932
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE
        6⤵
        
        PID:928
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "040fa323-92b1-4baf-97a2-5b67feaefddb 0724cb7d-3437-4cb7-93cb-830375d0079d 0ad2ac98-7bb9-4201-8d92-312299201369 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5 221a02da-e2a1-4b75-864c-0a4410a33fdf 291ece0e-9c38-40ca-a9e1-32cc7ec19507 2936d1d2-913a-4542-b54e-ce5a602a2a38 2c293c26-a45a-4a2a-a350-c69a67097529 2de67392-b7a7-462a-b1ca-108dd189f588 2ffd8952-423e-4903-b993-72a1aa44cf82 30a42c86-b7a0-4a34-8c90-ff177cb2acb7 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf 3502365a-f88a-4ba4-822a-5769d3073b65 377333b1-8b5d-48d6-9679-1225c872d37c 3df374ef-d444-4494-a5a1-4b0d9fd0e203 3f1afc82-f8ac-4f6c-8005-1d233e606eee 49cd895b-53b2-4dc4-a5f7-b18aa019ad37 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c 4f3da0d2-271d-4508-ae81-626b60809a38 60b3ec1b-9545-4921-821f-311b129dd6f6 613d217f-7f13-4268-9907-1662339531cd 62f0c100-9c53-4e02-b886-a3528ddfe7f6 6365275e-368d-46ca-a0ef-fc0404119333 721f9237-9341-4453-a661-09e8baa6cca5 73111121-5638-40f6-bc11-f1d7b0d64300 7a802526-4c94-4bd1-ba14-835a1aca2120 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69 82bbc092-bc50-4e16-8e18-b74fc486aec3 8ab9bdd1-1f67-4997-82d9-8878520837d9 8b351c9c-f398-4515-9900-09df49427262 90da7373-1c51-430b-bf26-c97e9c5cdc31 95dca82f-385d-4d39-b85b-5c73fa285d6f a48938aa-62fa-4966-9d44-9f04da3f72f2 b0773a15-df3a-4312-9ad2-83d69648e356 b4bfe195-541e-4e64-ad23-6177f19e395e b68e61d2-68ca-4757-be45-0cc2f3e68eee bd3762d7-270d-4760-8fb3-d829ca45278a c86d5194-4840-4dae-9c1c-0301003a5ab0 d552befb-48cc-4327-8f39-47d2d94f987c d6eadb3b-5ca8-4a6b-986e-35b550756111 df96023b-dcd9-4be2-afa0-c6c871159ebe e0c42288-980c-4788-a014-c080d2e1926e e4db50ea-bda1-4566-b047-0ca50abc6f07 e558417a-5123-4f6f-91e7-385c1c7ca9d4 e7a950a2-e548-4f10-bf16-02ec848e0643 eb6d346f-1c60-4643-b960-40ec31596c45 ec868e65-fadf-4759-b23e-93fe37f2cc29 ef51e000-2659-4f25-8345-3de70a9cf4c4 f7af7d09-40e4-419c-a49b-eae366689ebd fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab fe74f55b-0338-41d6-b267-4a201abe7285 " "
        5⤵
        
        PID:3276
    - - C:\Windows\System32\find.exe
        
        find /i "4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
        5⤵
        
        PID:4988
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="VK7JG-NPHTM-C97JM-9MPGT-3V66T"
        5⤵
        
        PID:4116
    - - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b 0
        5⤵
        
        PID:1604
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus
        5⤵
        
        PID:1980
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Name 2>nul
        5⤵
        
        PID:4396
      - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Control Panel\International\Geo" /v Name
        6⤵
        
        PID:4636
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Nation 2>nul
        5⤵
        
        PID:5552
      - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Control Panel\International\Geo" /v Nation
        6⤵
        
        PID:5388
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
        5⤵
        
        PID:5468
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:384
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "TwBTAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuAD0ANQA7AE8AUwBNAGkAbgBvAHIAVgBlAHIAcwBpAG8AbgA9ADEAOwBPAFMAUABsAGEAdABmAG8AcgBtAEkAZAA9ADIAOwBQAFAAPQAwADsAUABmAG4APQBNAGkAYwByAG8AcwBvAGYAdAAuAFcAaQBuAGQAbwB3AHMALgA0ADgALgBYADEAOQAtADkAOAA4ADQAMQBfADgAdwBlAGsAeQBiADMAZAA4AGIAYgB3AGUAOwBQAEsAZQB5AEkASQBEAD0ANAA2ADUAMQA0ADUAMgAxADcAMQAzADEAMwAxADQAMwAwADQAMgA2ADQAMwAzADkANAA4ADEAMQAxADcAOAA2ADIAMgA2ADYAMgA0ADIAMAAzADMANAA1ADcAMgA2ADAAMwAxADEAOAAxADkANgA2ADQANwAzADUAMgA4ADAAOwAAAA==" "
        5⤵
        
        PID:2872
    - - C:\Windows\System32\find.exe
        
        find "AAAA"
        5⤵
        
        PID:4656
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Restart-Service ClipSVC } | Wait-Job -Timeout 10 | Out-Null"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4848
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3584
    - - C:\Windows\System32\ClipUp.exe
        
        clipup -v -o
        5⤵
        
        PID:5872
      - C:\Windows\System32\clipup.exe
        
        clipup -v -o -ppl C:\Users\Admin\AppData\Local\Temp\temCA37.tmp
        6⤵
        Checks SCSI registry key(s)
        
        PID:5412
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
        5⤵
        
        PID:992
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4888
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 10 Pro" "
        5⤵
        
        PID:5484
    - - C:\Windows\System32\find.exe
        
        find /i "Windows"
        5⤵
        
        PID:5888
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND PartialProductKey IS NOT NULL AND LicenseDependsOn is NULL" call Activate
        5⤵
        
        PID:3100
    - - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b -2143326207
        5⤵
        
        PID:5256
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
        5⤵
        
        PID:5968
    - - C:\Windows\System32\findstr.exe
        
        findstr /i "Windows"
        5⤵
        
        PID:4560
    - - C:\Windows\System32\reg.exe
        
        reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL" /f
        5⤵
        Modifies data under HKEY_USERS
        
        PID:2364
    - - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL"
        5⤵
        
        PID:3032
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Restart-Service wlidsvc } | Wait-Job -Timeout 10 | Out-Null"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3900
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6012
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Restart-Service LicenseManager } | Wait-Job -Timeout 10 | Out-Null"
        5⤵
        
        PID:2964
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2992
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Restart-Service sppsvc } | Wait-Job -Timeout 10 | Out-Null"
        5⤵
        
        PID:5564
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3632
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus
        5⤵
        
        PID:4656
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND PartialProductKey IS NOT NULL AND LicenseDependsOn is NULL" call Activate
        5⤵
        
        PID:2012
    - - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b 0
        5⤵
        
        PID:5164
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
        5⤵
        
        PID:5212
    - - C:\Windows\System32\findstr.exe
        
        findstr /i "Windows"
        5⤵
        
        PID:1936
    - - C:\Windows\System32\reg.exe
        
        reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "State" /f
        5⤵
        
        PID:2536
    - - C:\Windows\System32\reg.exe
        
        reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "SuppressRulesEngine" /f
        5⤵
        
        PID:5244
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 10 | Out-Null; $TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('SLpTriggerServiceWorker', 'sppc.dll', 22, 1, [Int32], @([UInt32], [IntPtr], [String], [UInt32]), 1, 3); [void]$TB.CreateType()::SLpTriggerServiceWorker(0, 0, 'reeval', 0)"
        5⤵
        
        PID:4376
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5268
    - - C:\Windows\System32\mode.com
        
        mode 76, 33
        5⤵
        
        PID:2672
    - - C:\Windows\System32\choice.exe
        
        choice /C:123456789H0 /N
        5⤵
        
        PID:1616

C:\Windows\system32\Clipup.exe
"C:\Windows\system32\Clipup.exe" -o
1⤵
PID:4344
- C:\Windows\system32\Clipup.exe
  "C:\Windows\system32\Clipup.exe" -o -ppl C:\Windows\TEMP\temC94C.tmp
  2⤵
  - Checks SCSI registry key(s)
  PID:1580

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:932

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3448
- C:\Windows\system32\dashost.exe
  dashost.exe {2a044206-07ae-4de7-a93dad8115c4da67}
  2⤵
  PID:6100

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ui-Dropped\" -ad -an -ai#7zMap17248:82:7zEvent18166
1⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e7eacc40,0x7ff9e7eacc4c,0x7ff9e7eacc58
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3872,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4872,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3144,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5028,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5560,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5432,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5232,i,14932340519592949379,13979788514186838717,262144 --variations-seed-version=20241004-050103.662000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3392
- C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.94.0.exe
  "C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.94.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5000
- - C:\Users\Admin\AppData\Local\Temp\is-4QLDM.tmp\VSCodeUserSetup-x64-1.94.0.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-4QLDM.tmp\VSCodeUserSetup-x64-1.94.0.tmp" /SL5="$80206,99399138,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.94.0.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2148
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      PID:3568
  - - C:\Windows\system32\icacls.exe
      "C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"
      4⤵
      Modifies file permissions
      PID:2968
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4736
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,3441875094902056130,18031487550242937146,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=1964,i,3441875094902056130,18031487550242937146,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3148,i,3441875094902056130,18031487550242937146,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3144 --vscode-window-config=vscode:daa9fcac-2ea6-49cf-9a9c-1770e73866d4 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4848

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6032
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ui-Dropped\META-INF\MANIFEST.MF
  2⤵
  PID:3108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2952
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ui-Dropped\com\ui_utils\MainClient.class
  2⤵
  PID:4960

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ui-Dropped\com\ui_utils\MainClient.class
1⤵
PID:2036

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Ui-Dropped.jar"
1⤵
PID:3560

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\mods\Ui-Dropped.jar"
1⤵
PID:5412

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38be855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4728

Network

DNS

mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

mediafire.com

IN A

Response

mediafire.com

IN A

104.17.151.117

mediafire.com

IN A

104.17.150.117
DNS

mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

mediafire.com

IN A
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
GET

https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /file/3nfa6p4pxkve92c/Ui-Dropped.jar/file HTTP/2.0
host: mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Fri, 04 Oct 2024 20:20:15 GMT
content-type: text/html
content-length: 143
location: https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
set-cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ; path=/; expires=Fri, 04-Oct-24 20:50:15 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df1f0bcd385c-LHR
GET

https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /file/3nfa6p4pxkve92c/Ui-Dropped.jar/file HTTP/2.0
host: www.mediafire.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8cd7df1fbc8e385c-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: 0
set-cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa; expires=Tue, 04-Oct-2044 20:20:16 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly
strict-transport-security: max-age=0
pragma: no-cache
access-control-allow-methods: OPTIONS, POST, GET
set-cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D; expires=Sun, 03-Nov-2024 20:20:16 GMT; Max-Age=2592000; path=/; domain=.mediafire.com
x-frame-options: SAMEORIGIN
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
GET

https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/icons/svg_light/icons_sprite.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/svg+xml
cf-ray: 8cd7df23895c385c-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 9706
etag: W/"62deda56-90ab"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/images/filetype/file-zip-v3.png

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/filetype/file-zip-v3.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/png
content-length: 1872
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-750"
expires: Sun, 03 Nov 2024 14:36:36 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
cf-cache-status: HIT
age: 11385
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df23d9b6385c-LHR
GET

https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/backgrounds/header/mf_logo_full_color.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/svg+xml
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
etag: W/"5813cfb2-d1d"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
cf-cache-status: HIT
age: 8783
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df23d9b8385c-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/backgrounds/download/apps_list_sprite-v6.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/png
content-length: 8145
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-1fd1"
expires: Sun, 03 Nov 2024 13:42:59 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
cf-cache-status: HIT
age: 12356
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df23e9d0385c-LHR
GET

https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/icons/svg_dark/arrow_dropdown.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-1bc"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
cf-cache-status: HIT
age: 13775
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df23f9de385c-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/icons/svg_dark/check_circle_green.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/svg+xml
cf-ray: 8cd7df23f9dd385c-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 8461
etag: W/"62deda56-13b"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/backgrounds/download/social/fb_16x16.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/png
content-length: 181
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-b5"
expires: Sun, 03 Nov 2024 14:30:24 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
cf-cache-status: HIT
age: 13154
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df24eb1c385c-LHR
GET

https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /images/backgrounds/footer/social/footerIcons.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: image/png
content-length: 583
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-247"
expires: Sun, 03 Nov 2024 16:07:34 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
cf-cache-status: HIT
age: 13756
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df255bba385c-LHR
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D

Response

HTTP/2.0 302

date: Fri, 04 Oct 2024 20:20:17 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df266cf6385c-LHR
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D
cookie: ezosuibasgeneris-1=de7d166a-9193-4a49-4143-1f32c6aa56ed
cookie: ezoab_484470=mod281-c
cookie: lp_484470=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
cookie: ezovuuidtime_484470=1728073217
cookie: ezovuuid_484470=3aea8790-fdfb-4162-4b5e-ffdcee29099c
cookie: ezoref_484470=
cookie: active_template::484470=pub_site.1728073217
cookie: ezopvc_484470=1
cookie: ezstandaloneuser=true

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df289838385c-LHR
content-encoding: gzip
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/jsd/r/8cd7df1fbc8e385c

msedge.exe

Remote address:

104.17.151.117:443

Request

POST /cdn-cgi/challenge-platform/h/g/jsd/r/8cd7df1fbc8e385c HTTP/2.0
host: www.mediafire.com
content-length: 14101
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D
cookie: ezosuibasgeneris-1=de7d166a-9193-4a49-4143-1f32c6aa56ed
cookie: ezoab_484470=mod281-c
cookie: lp_484470=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
cookie: ezovuuidtime_484470=1728073217
cookie: ezovuuid_484470=3aea8790-fdfb-4162-4b5e-ffdcee29099c
cookie: ezoref_484470=
cookie: active_template::484470=pub_site.1728073217
cookie: ezopvc_484470=1
cookie: ezstandaloneuser=true
cookie: _ga=GA1.2.864837303.1728073217
cookie: _gid=GA1.2.1286535164.1728073217
cookie: _gat_gtag_UA_829541_1=1
cookie: amp_28916b=ouFg2BvNXNvdC2S4QeGixq...1i9cj1cpk.1i9cj1cpm.0.1.1

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=ukuPpK.a1OuTkWHQ1kAzQc51Vz5usNoSyk72Ch.N95Y-1728073217-1.2.1.1-lpsEdfO1yBJqc_59pab_U5kc3YSiOubTdWPr4sZmPHEnYT3Nphjwkfqc1D7ABZtXtHtyrzyyfNhoO8EPsBaFXQ4XwAy0T66d6DvHswMbht2y6sSMmZ.Z90YGuzB461rI6qveCItKEJ.o_urZznFgMvseFCWY.IaOcmo3vTyj8C8KghvGbQUd2I0trV1uhkA.UjPnwxIQtOr_KF5QOW0WD2wYiPukUJrFh59Li60zxzOtc8rFYmLIfklocsfdIAveBOEtkDQ2O76AHmyC87CARJyfwVrDEzRJ6ByrdszmyOd6VWBilBN.LvDb_YrpLrq_lotRLjq1sXQDgFUqItW4cXU5ZcZmtFtqCrjqUrVR8w4FqF3TvB3Oqu5SUHBV3wvUp0Mj89M3rSqrRoNdCMCb2FlRK9B5QvNF.yJV.JuBXSU; Path=/; Expires=Sat, 04-Oct-25 20:20:17 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8cd7df2a7ab1385c-LHR
POST

https://www.mediafire.com/cdn-cgi/rum?

msedge.exe

Remote address:

104.17.151.117:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.mediafire.com
content-length: 1224
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D
cookie: ezoab_484470=mod281-c
cookie: ezosuibasgeneris-1=de7d166a-9193-4a49-4143-1f32c6aa56ed
cookie: lp_484470=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
cookie: ezovuuidtime_484470=1728073217
cookie: ezovuuid_484470=3aea8790-fdfb-4162-4b5e-ffdcee29099c
cookie: ezstandaloneuser=true
cookie: ezoref_484470=
cookie: active_template::484470=pub_site.1728073217
cookie: _ga=GA1.2.864837303.1728073217
cookie: _gid=GA1.2.1286535164.1728073217
cookie: _gat_gtag_UA_829541_1=1
cookie: amp_28916b=ouFg2BvNXNvdC2S4QeGixq...1i9cj1cpk.1i9cj1cpm.0.1.1
cookie: ezopvc_484470=2
cookie: cf_clearance=ukuPpK.a1OuTkWHQ1kAzQc51Vz5usNoSyk72Ch.N95Y-1728073217-1.2.1.1-lpsEdfO1yBJqc_59pab_U5kc3YSiOubTdWPr4sZmPHEnYT3Nphjwkfqc1D7ABZtXtHtyrzyyfNhoO8EPsBaFXQ4XwAy0T66d6DvHswMbht2y6sSMmZ.Z90YGuzB461rI6qveCItKEJ.o_urZznFgMvseFCWY.IaOcmo3vTyj8C8KghvGbQUd2I0trV1uhkA.UjPnwxIQtOr_KF5QOW0WD2wYiPukUJrFh59Li60zxzOtc8rFYmLIfklocsfdIAveBOEtkDQ2O76AHmyC87CARJyfwVrDEzRJ6ByrdszmyOd6VWBilBN.LvDb_YrpLrq_lotRLjq1sXQDgFUqItW4cXU5ZcZmtFtqCrjqUrVR8w4FqF3TvB3Oqu5SUHBV3wvUp0Mj89M3rSqrRoNdCMCb2FlRK9B5QvNF.yJV.JuBXSU
cookie: ezhbf=0

Response

HTTP/2.0 204

date: Fri, 04 Oct 2024 20:20:20 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8cd7df3a089c385c-LHR
x-frame-options: DENY
x-content-type-options: nosniff
GET

https://www.mediafire.com/favicon.ico

msedge.exe

Remote address:

104.17.151.117:443

Request

GET /favicon.ico HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D
cookie: ezoab_484470=mod281-c
cookie: ezosuibasgeneris-1=de7d166a-9193-4a49-4143-1f32c6aa56ed
cookie: lp_484470=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
cookie: ezovuuidtime_484470=1728073217
cookie: ezovuuid_484470=3aea8790-fdfb-4162-4b5e-ffdcee29099c
cookie: ezstandaloneuser=true
cookie: ezoref_484470=
cookie: active_template::484470=pub_site.1728073217
cookie: _ga=GA1.2.864837303.1728073217
cookie: _gid=GA1.2.1286535164.1728073217
cookie: _gat_gtag_UA_829541_1=1
cookie: amp_28916b=ouFg2BvNXNvdC2S4QeGixq...1i9cj1cpk.1i9cj1cpm.0.1.1
cookie: ezopvc_484470=2
cookie: cf_clearance=ukuPpK.a1OuTkWHQ1kAzQc51Vz5usNoSyk72Ch.N95Y-1728073217-1.2.1.1-lpsEdfO1yBJqc_59pab_U5kc3YSiOubTdWPr4sZmPHEnYT3Nphjwkfqc1D7ABZtXtHtyrzyyfNhoO8EPsBaFXQ4XwAy0T66d6DvHswMbht2y6sSMmZ.Z90YGuzB461rI6qveCItKEJ.o_urZznFgMvseFCWY.IaOcmo3vTyj8C8KghvGbQUd2I0trV1uhkA.UjPnwxIQtOr_KF5QOW0WD2wYiPukUJrFh59Li60zxzOtc8rFYmLIfklocsfdIAveBOEtkDQ2O76AHmyC87CARJyfwVrDEzRJ6ByrdszmyOd6VWBilBN.LvDb_YrpLrq_lotRLjq1sXQDgFUqItW4cXU5ZcZmtFtqCrjqUrVR8w4FqF3TvB3Oqu5SUHBV3wvUp0Mj89M3rSqrRoNdCMCb2FlRK9B5QvNF.yJV.JuBXSU
cookie: ezhbf=0

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:20 GMT
content-type: image/x-icon
cf-ray: 8cd7df3a58f3385c-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 190290
cache-control: max-age=2592000
etag: W/"62deda56-2a46"
expires: Wed, 30 Oct 2024 16:46:34 GMT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
POST

https://www.mediafire.com/cdn-cgi/rum?

msedge.exe

Remote address:

104.17.151.117:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.mediafire.com
content-length: 1171
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ
cookie: ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D
cookie: ezoab_484470=mod281-c
cookie: ezosuibasgeneris-1=de7d166a-9193-4a49-4143-1f32c6aa56ed
cookie: lp_484470=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
cookie: ezovuuidtime_484470=1728073217
cookie: ezovuuid_484470=3aea8790-fdfb-4162-4b5e-ffdcee29099c
cookie: ezstandaloneuser=true
cookie: ezoref_484470=
cookie: active_template::484470=pub_site.1728073217
cookie: _gid=GA1.2.1286535164.1728073217
cookie: _gat_gtag_UA_829541_1=1
cookie: amp_28916b=ouFg2BvNXNvdC2S4QeGixq...1i9cj1cpk.1i9cj1cpm.0.1.1
cookie: ezopvc_484470=2
cookie: cf_clearance=ukuPpK.a1OuTkWHQ1kAzQc51Vz5usNoSyk72Ch.N95Y-1728073217-1.2.1.1-lpsEdfO1yBJqc_59pab_U5kc3YSiOubTdWPr4sZmPHEnYT3Nphjwkfqc1D7ABZtXtHtyrzyyfNhoO8EPsBaFXQ4XwAy0T66d6DvHswMbht2y6sSMmZ.Z90YGuzB461rI6qveCItKEJ.o_urZznFgMvseFCWY.IaOcmo3vTyj8C8KghvGbQUd2I0trV1uhkA.UjPnwxIQtOr_KF5QOW0WD2wYiPukUJrFh59Li60zxzOtc8rFYmLIfklocsfdIAveBOEtkDQ2O76AHmyC87CARJyfwVrDEzRJ6ByrdszmyOd6VWBilBN.LvDb_YrpLrq_lotRLjq1sXQDgFUqItW4cXU5ZcZmtFtqCrjqUrVR8w4FqF3TvB3Oqu5SUHBV3wvUp0Mj89M3rSqrRoNdCMCb2FlRK9B5QvNF.yJV.JuBXSU
cookie: ezhbf=0
cookie: _ga=GA1.1.864837303.1728073217
cookie: ez-consent-tcf=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA
cookie: _lr_retry_request=true
cookie: _lr_env_src_ats=false
cookie: _cc_id=56d4d140dbdd0d4736a70aa67bfd813a
cookie: panoramaId_expiry=1728159630250
cookie: panoramaId_expiry=1728159630332
cookie: _cc_id=56d4d140dbdd0d4736a70aa67bfd813a
cookie: cto_bidid=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA
cookie: pbjs-unifiedid=%7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222024-10-04T20%3A20%3A30%22%7D
cookie: pbjs-unifiedid_cst=3ywQLP4sqQ%3D%3D
cookie: __gads=ID=0685dcfeef4fcc4a:T=1728073230:RT=1728073230:S=ALNI_MbgjlgKHlSBEQ2uN8a9AygdlTJrQw
cookie: __gpi=UID=00000f02c83e58fe:T=1728073230:RT=1728073230:S=ALNI_MZpdVF5CwzyhG3TvBZHI0hvb4q67g
cookie: __eoi=ID=ed5fd538a1a8ddb0:T=1728073230:RT=1728073230:S=AA-AfjZlI8-JFzj5hIiobCNMkoPK
cookie: cto_bundle=e6MUAl9iZ3pFU1ZoYXQ5b1JmUE84TTZvaFNGeXJPVEpHQjZ0JTJGNmVrWDR4NGVTeDF4JTJCNlRoWlpQSTZzcm1oZUtLdUVKTDYxTmwlMkZyV1VCOUtaZkM0SFpuJTJCeGtlYXglMkYlMkJmeTlUeUdCQWpnYmlFdzJTYlJtJTJCQk8za3NFNEpLWlM3YVhjc3o2NmtiWmRlUnl3djZoNDdDVDklMkJqVHJBJTNEJTNE
cookie: _lr_sampling_rate=100
cookie: accept-cookies=1
cookie: ad_count=1
cookie: click_download=3nfa6p4pxkve92c
cookie: _fbp=fb.1.1728073247280.646604141504975760
cookie: ezux_et_484470=3
cookie: ezux_tos_484470=30
cookie: _ga_K68XP6D85D=GS1.1.1728073216.1.1.1728073250.26.0.0

Response

HTTP/2.0 204

date: Fri, 04 Oct 2024 20:20:51 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8cd7dffe1cdd385c-LHR
x-frame-options: DENY
x-content-type-options: nosniff
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

117.151.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.151.17.104.in-addr.arpa

IN PTR

Response
DNS

www.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.mediafire.com

IN A

Response

www.mediafire.com

IN A

104.17.151.117

www.mediafire.com

IN A

104.17.150.117
DNS

the.gatekeeperconsent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

the.gatekeeperconsent.com

IN A

Response

the.gatekeeperconsent.com

IN A

172.67.199.186

the.gatekeeperconsent.com

IN A

104.21.42.32
GET

https://the.gatekeeperconsent.com/cmp.min.js

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /cmp.min.js HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: application/javascript
cache-control: public, max-age=14400
content-encoding: gzip
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 04 Oct 2024 20:16:02 GMT
cf-cache-status: HIT
age: 13
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tiXxAp0aju8wPMr1v7wtp2NDsToqGc5lV0%2BIfq9rJYOdmd7fhigb18Y9%2BFBWSHZDcjjPbiu9sDMfIAPeb6i51iGPN%2Fo2cQepLMpVWnO%2B3kuSgBW22T3AtUrRVizKYI0ACMyFKWM2bURrBOHe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df230cfb63db-LHR
alt-svc: h3=":443"; ma=86400
GET

https://privacy.gatekeeperconsent.com/tcf2_stub.js

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /tcf2_stub.js HTTP/2.0
host: privacy.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
cf-bgj: minify
cf-polished: origSize=154364
last-modified: Mon, 30 Sep 2024 17:44:07 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 345042
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPddjdi7K6Rfb1cuS7t8C7h0Pz8J0wibKJxxQnMIrQDnP12j5J%2BmVOoG%2FKnRk4uBMoT7bTBM5Ly3%2FMR3aC955Sf01MhvC3k8%2FBbL3eY%2FfdQDkKY5jAsq0IcquarXF%2Fg2CQZpiM3pucTjyqAA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df25e86363db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/v2/cmp.js?v=260

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /v2/cmp.js?v=260 HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=15780000, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lOuo0FUBTqtEEwIc3ZzrC4rTg1bUs1Rp7xIOB%2FhL9bohD6KY%2BgG6QCN3G97ddeCBZLFDecKM%2Bz0bW5wDtO6RDA9hT8g6Gyf16P5%2B0WFdFGFJjcDKIhiUE7lpyrTvkvwqt7ifvHikKacaeI1NvYe2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df25e86263db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

static.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.mediafire.com

IN A

Response

static.mediafire.com

IN A

104.17.150.117

static.mediafire.com

IN A

104.17.151.117
DNS

btloader.com

msedge.exe

Remote address:

8.8.8.8:53

Request

btloader.com

IN A

Response

btloader.com

IN A

104.22.74.216

btloader.com

IN A

172.67.41.60

btloader.com

IN A

104.22.75.216
DNS

privacy.gatekeeperconsent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

privacy.gatekeeperconsent.com

IN A

Response

privacy.gatekeeperconsent.com

IN A

104.21.42.32

privacy.gatekeeperconsent.com

IN A

172.67.199.186
DNS

www.ezojs.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.ezojs.com

IN A

Response

www.ezojs.com

IN CNAME

www.ezojs.com.cdn.cloudflare.net

www.ezojs.com.cdn.cloudflare.net

IN A

172.67.170.144

www.ezojs.com.cdn.cloudflare.net

IN A

104.21.63.106
DNS

translate.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

translate.google.com

IN A

Response

translate.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.16.238
DNS

cdn.amplitude.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.amplitude.com

IN A

Response

cdn.amplitude.com

IN A

18.239.18.40

cdn.amplitude.com

IN A

18.239.18.117

cdn.amplitude.com

IN A

18.239.18.31

cdn.amplitude.com

IN A

18.239.18.99
DNS

static.cloudflareinsights.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
GET

https://privacy.gatekeeperconsent.com/consent_modules.json

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /consent_modules.json HTTP/2.0
host: privacy.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=15780000, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cv4sQXA%2Bml7WCI8OhncIBNWlfBAy%2F9H7R%2BSm8guZcKGXAuboGH%2B6IsbrZ%2FLPYf6W%2BVxpKkdgERk4YdUMTsARc%2BGsOuMJwsc7zPkEq3Vrth1PKBVCCpEDKufPsqrzauWJO93myL8gfOzBWt0FEjkusA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df24dad5657a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0 HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=3600, public
content-encoding: gzip
content-security-policy: default-src 'none'
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: deny
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agx6dHoiZE3%2BAHbRzaueCLfdbu1iHkzosYxv9cZBCvu3Qc95TmAO%2F7Oxz0Jp5xgoZ4xkJvQN70Y2PCL5FbtahmcFl%2FMVjOaULGFJ1peybkZbx%2Fx4UObK8hl1u2eqKE5f5MJYOTpwo4jJ1BY4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df28af5a657a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/cmp/gvl.json?v=9&lang=en

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /cmp/gvl.json?v=9&lang=en HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=345600
content-encoding: gzip
last-modified: Mon, 30 Sep 2024 20:29:34 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 345038
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sJAkPTgubd6LZn8TP5qRfNSFcnoZLgzWLDKuwcqdmjipSGniZsjRysDMTr351xrDnsJIoApV5SFONMN9jvyNRDKjjGN69KGY4GpDhUOU4OXu%2FEJj3ZLZK0REiuuKwri7nflUrPBuzca0zM0s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df292ff6657a-LHR
alt-svc: h3=":443"; ma=86400
OPTIONS

https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543

msedge.exe

Remote address:

104.21.42.32:443

Request

OPTIONS /cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543 HTTP/2.0
host: the.gatekeeperconsent.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://www.mediafire.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oiv3v%2BxAfzkYcYowGsaaW7YQyqWbKvmkXcowAsv49FW1qo6xuHT07Ik%2FTe6RQqxLtMSW6KfOv0LCgvC2CaKeAlfOXSXynPOyZgMI%2BO%2FofhrUroBD0e9F3k4WlB9vemk82mBw4vB6wugXfE1k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2b9afa657a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543 HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/html; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: public, max-age=2592000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
last-modified: Mon, 30 Sep 2024 20:29:41 GMT
cf-cache-status: HIT
age: 345036
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fzTPkIzQ%2Bvn0v3Uzj0KSIA5uQYTqgxa3eDBCTrvQPvCEI5EOXghUYSFreRSW8sipPGX04BilyjqAwgmfSRjMwQFtCxZOSR6mO%2FuCL%2FBQ8VRlIbnF6%2BDnHJzxiXteDtr7SrYDpnK9cq%2FOo7Pk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd7df2c1b97657a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

msedge.exe

Remote address:

104.16.80.73:443

Request

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.mediafire.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df2529686100-LHR
content-encoding: gzip
GET

https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

msedge.exe

Remote address:

172.217.16.238:443

Request

GET /translate_a/element.js?cb=googFooterTranslate HTTP/2.0
host: translate.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://fundingchoicesmessages.google.com/i/183096492?ers=3

msedge.exe

Remote address:

172.217.16.238:443

Request

GET /i/183096492?ers=3 HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

msedge.exe

Remote address:

18.239.18.40:443

Request

GET /libs/amplitude-8.5.0-min.gz.js HTTP/2.0
host: cdn.amplitude.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.mediafire.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 22154
date: Tue, 01 Oct 2024 12:09:20 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 8c1b0d772e0acbdf68d346f16fbb34ea.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: VQU83h-raNB4GxIx1bSncxHo2uy_QK-KOY06IrxLpqeR0MtF78vHMQ==
age: 288658
GET

https://btloader.com/tag?o=5678961798414336&upapi=true

msedge.exe

Remote address:

104.22.74.216:443

Request

GET /tag?o=5678961798414336&upapi=true HTTP/2.0
host: btloader.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: application/javascript
content-length: 19468
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "73ec439566651f0a8b2cdb8523be43fc"
last-modified: Fri, 04 Oct 2024 20:15:58 GMT
vary: Origin, Accept-Encoding
x-robots-tag: noindex, nofollow
via: 1.1 google
cf-cache-status: HIT
age: 112
accept-ranges: bytes
server: cloudflare
cf-ray: 8cd7df251ea752ee-LHR
GET

https://www.ezojs.com/ezoic/sa.min.js

msedge.exe

Remote address:

172.67.170.144:443

Request

GET /ezoic/sa.min.js HTTP/2.0
host: www.ezojs.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:16 GMT
content-type: application/javascript
cache-control: max-age=600, public
content-encoding: gzip
etag: W/"d0303bf64899b7dfaf97cd151425c2cf"
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 349
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ulVC2Q9FeE9kWXlBqnWUXLgLsn7DGH3gAzCi8HxEf70BUJ4qoydc687K4wClU4Fy6BtdveRnUqGbb9O1QBKQgoNsdWwSoSzO3toX4qorq4SgW9%2FwpDC1HRvqT2t02S1y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df251b9b3da6-LHR
DNS

232.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.212.58.216.in-addr.arpa

IN PTR

Response

232.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2321e100net

232.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f8�J

232.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f8�J
DNS

186.199.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.199.67.172.in-addr.arpa

IN PTR

Response
DNS

cdn.otnolatrnup.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.otnolatrnup.com

IN A

Response

cdn.otnolatrnup.com

IN A

104.18.159.164

cdn.otnolatrnup.com

IN A

104.19.208.227
GET

https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0

msedge.exe

Remote address:

104.18.159.164:443

Request

GET /Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 HTTP/2.0
host: cdn.otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/x-javascript; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: public, no-transform, max-age=900
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
last-modified: Fri, 04 Oct 2024 20:13:48 GMT
cf-cache-status: HIT
age: 255
server: cloudflare
cf-ray: 8cd7df272c259463-LHR
GET

https://otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=29964&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=609&res=1280x720&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone

msedge.exe

Remote address:

104.18.159.164:443

Request

GET /Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=29964&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=609&res=1280x720&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone HTTP/2.0
host: otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: __INF_CC=; expires=Tue, 24-Sep-2024 20:20:17 GMT; path=/
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=7671E0; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: CHN=#[]; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 05-Oct-2024 00:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:17 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8cd7df29680d9463-LHR
GET

https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=49401&ver=async&time=0&referrerUrl=&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1

msedge.exe

Remote address:

104.18.159.164:443

Request

GET /fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=49401&ver=async&time=0&referrerUrl=&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1 HTTP/2.0
host: otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf
cookie: ISSH=7671E0
cookie: VMI=
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: MSRH=#{}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}
cookie: ILPLU=#10/4/2024 8:20:17 PM
cookie: ILEALC=#10/4/2024 8:20:17 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IKSR={}
cookie: IBL=#[]
cookie: IOPT=#[]
cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}
cookie: ISH_Q=#[101]

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:42 GMT
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=7671E0; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: IPLH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 05-Oct-2024 00:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{}; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:42 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8cd7dfc60e509463-LHR
GET

https://otnolatrnup.com/Redirect.eng?MediaSegmentId=88101&dcid=1_ctx_6585266d-3046-49fd-9ea8-abae3c58bbf9&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=0&dst=False&v=0kMt6XqlgVzmAVNd90YASe13RBRxDSkeuZPPVCDaE3Vw17a9dG2QqZy-16zjrWFxBFqmDEuBNAGiWKzmZHWmVFFFbwhrV70il8znOxD-1Q-15iAXtsIZoUMqadSH-B7XdVCOmvm4z0mqH-aEq5Xpz7svEcOBc4pOvLvKv9xALPhfptYtd_5NzX3d3nJ8_Z5c1tIMmaCfhN98DfQoRfEQyhi6gmuIt8Dn086hg9oilh3HXsRndtQ1DYpshLOypM5pks8Z4HJoDvk2aUiDzF05j1O0GQt5CfhxrGATa5nis3JQbMxshy_-aoH9JGIXKprFgyfQIzf66dr0d2GS2XQBonpvNrN8cvfbhkEqUGr5OuM8hAccq9tXnWSNBhOj89u7cIdhAF_a_h-N4DetuiHruqq4a0OiCMkRMFKTdHduY3HJ2FCL0vfmS9h3ejcriZ61Co1BTag-Rk_bnlVV-De4ED3LyIimGGRoHeP5mDgBYQxVdyHKGwSYX7W29N_8gQOAjzvR2IVQrnGXT-3csQ4itqE5EQox6CoYaBUhrSI5p2c36fhsg58pRwHnUzDRGCJi0nsoGkuq9Hx3iofwWYn9dlCs7ovTBEdqQVaeFlgvLh1vlgK5pXtT4vHrm1oGWKPjgIDRkch3PO4pV4MArv6rrqku8OuHlkHxe-vH6wATxv7-vO7gWzkLE2Eid96ymLXrOQZHwCuoTiyEKW2JVXljCz9OULZm8hqrgUVaJDNLDspQx2Hd_Pna9A7Jo4xlPTapW0wuMm4Vofe98f3LFnhvBKrHdCHdijrJeVgkYM2R1Uuuw7w7TRDg_RDsQi2FNyfvaNUXPv2r4xB2K_71bvlIYf-shPxoi3N05apzeSLq55nP0BGiotbDTAfFrKRzFZIu9gbHrU-zlUT8h6K3gm4Vwm0r1Ktqs-N5vJ-czduYVzkxZsgpUXhoeWrDUqd5Sd9yXwI-yFJO8Xepc_96viaLVRBEkE1uR-kRdtWY1GAJoDU7SXHWPGUbbzOK9MUmE40vKzj9kogAK4GtGd9MpCgtjGWopsZqaj-PjMTXuvw_fkJ6SZbuEpQqdJom3AeGCWNNqy9Z0DfN3eE9ElwAwswz67uFWavoBWo-h-8BzRCPCsk1&kw=online+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone&mw=1024&mh=768&at=&res=1280x720&spt=1&kw=online+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone

msedge.exe

Remote address:

104.18.159.164:443

Request

GET /Redirect.eng?MediaSegmentId=88101&dcid=1_ctx_6585266d-3046-49fd-9ea8-abae3c58bbf9&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=0&dst=False&v=0kMt6XqlgVzmAVNd90YASe13RBRxDSkeuZPPVCDaE3Vw17a9dG2QqZy-16zjrWFxBFqmDEuBNAGiWKzmZHWmVFFFbwhrV70il8znOxD-1Q-15iAXtsIZoUMqadSH-B7XdVCOmvm4z0mqH-aEq5Xpz7svEcOBc4pOvLvKv9xALPhfptYtd_5NzX3d3nJ8_Z5c1tIMmaCfhN98DfQoRfEQyhi6gmuIt8Dn086hg9oilh3HXsRndtQ1DYpshLOypM5pks8Z4HJoDvk2aUiDzF05j1O0GQt5CfhxrGATa5nis3JQbMxshy_-aoH9JGIXKprFgyfQIzf66dr0d2GS2XQBonpvNrN8cvfbhkEqUGr5OuM8hAccq9tXnWSNBhOj89u7cIdhAF_a_h-N4DetuiHruqq4a0OiCMkRMFKTdHduY3HJ2FCL0vfmS9h3ejcriZ61Co1BTag-Rk_bnlVV-De4ED3LyIimGGRoHeP5mDgBYQxVdyHKGwSYX7W29N_8gQOAjzvR2IVQrnGXT-3csQ4itqE5EQox6CoYaBUhrSI5p2c36fhsg58pRwHnUzDRGCJi0nsoGkuq9Hx3iofwWYn9dlCs7ovTBEdqQVaeFlgvLh1vlgK5pXtT4vHrm1oGWKPjgIDRkch3PO4pV4MArv6rrqku8OuHlkHxe-vH6wATxv7-vO7gWzkLE2Eid96ymLXrOQZHwCuoTiyEKW2JVXljCz9OULZm8hqrgUVaJDNLDspQx2Hd_Pna9A7Jo4xlPTapW0wuMm4Vofe98f3LFnhvBKrHdCHdijrJeVgkYM2R1Uuuw7w7TRDg_RDsQi2FNyfvaNUXPv2r4xB2K_71bvlIYf-shPxoi3N05apzeSLq55nP0BGiotbDTAfFrKRzFZIu9gbHrU-zlUT8h6K3gm4Vwm0r1Ktqs-N5vJ-czduYVzkxZsgpUXhoeWrDUqd5Sd9yXwI-yFJO8Xepc_96viaLVRBEkE1uR-kRdtWY1GAJoDU7SXHWPGUbbzOK9MUmE40vKzj9kogAK4GtGd9MpCgtjGWopsZqaj-PjMTXuvw_fkJ6SZbuEpQqdJom3AeGCWNNqy9Z0DfN3eE9ElwAwswz67uFWavoBWo-h-8BzRCPCsk1&kw=online+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone&mw=1024&mh=768&at=&res=1280x720&spt=1&kw=online+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone HTTP/2.0
host: otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=49401&ver=async&time=0&referrerUrl=&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf
cookie: ISSH=7671E0
cookie: VMI=
cookie: ISH_Q=#[101]
cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: MSRH=#{}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}
cookie: ILPLU=#10/4/2024 8:20:17 PM
cookie: ILEALC=#10/4/2024 8:20:17 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IKSR={}
cookie: IBL=#[]
cookie: IOPT=#[]
cookie: IPLSH=#{}
cookie: IPLSH_Q=#[]
cookie: IZH=#{}
cookie: IZH_Q=#[]
cookie: IMCH=#{}
cookie: IMCH_Q=#[]
cookie: IMH=#{}
cookie: IMH_Q=#[]
cookie: IPLH_Q=#[]
cookie: IPLH=#{}
cookie: ISPH=#{}
cookie: ISPH_Q=#[]
cookie: ICH=#{}
cookie: ICH_Q=#[]

Response

HTTP/2.0 302

date: Fri, 04 Oct 2024 20:20:43 GMT
content-type: text/html; charset=utf-8
location: https://otnolatrnup.com/hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d3.45%26totalcpv%3d0.00345%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00345%26s2sParam%3d0c648c0e-9e2c-403e-bd98-f7dbbb7491a9
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=7671E0; path=/; SameSite=None; secure
set-cookie: VMI=00000000-0000-0000-0000-000000000000; path=/; SameSite=None; secure
set-cookie: IPLH=#{"96234":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[96234]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 05-Oct-2024 00:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{"100":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[100]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{"139989":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[139989]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{"49116":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[49116]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8cd7dfc7c8839463-LHR
GET

https://otnolatrnup.com/hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d3.45%26totalcpv%3d0.00345%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00345%26s2sParam%3d0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

msedge.exe

Remote address:

104.18.159.164:443

Request

GET /hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d3.45%26totalcpv%3d0.00345%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00345%26s2sParam%3d0c648c0e-9e2c-403e-bd98-f7dbbb7491a9 HTTP/2.0
host: otnolatrnup.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
referer: https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=49401&ver=async&time=0&referrerUrl=&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf
cookie: ISSH=7671E0
cookie: ISH_Q=#[101]
cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}
cookie: IOPT=#[]
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: MSRH=#{}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}
cookie: ILPLU=#10/4/2024 8:20:17 PM
cookie: ILEALC=#10/4/2024 8:20:17 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IKSR={}
cookie: IBL=#[]
cookie: IPLSH=#{}
cookie: IPLSH_Q=#[]
cookie: IMCH=#{}
cookie: IMCH_Q=#[]
cookie: IPLH_Q=#[96234]
cookie: IZH=#{"100":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: IZH_Q=#[100]
cookie: IMH=#{"139989":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: IMH_Q=#[139989]
cookie: IPLH=#{"96234":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: VMI=00000000-0000-0000-0000-000000000000
cookie: ISPH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: ISPH_Q=#[101]
cookie: ICH=#{"49116":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: ICH_Q=#[49116]

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:43 GMT
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=7671E0; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: IPLH=#{"96234":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[96234]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 05-Oct-2024 00:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{"100":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[100]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{"139989":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[139989]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{"49116":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[49116]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8cd7dfc9fb7f9463-LHR
GET

https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

msedge.exe

Remote address:

104.18.159.164:443

Request

GET /hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9 HTTP/2.0
host: otnolatrnup.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf
cookie: ISSH=7671E0
cookie: ISH_Q=#[101]
cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}
cookie: IOPT=#[]
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: MSRH=#{}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}
cookie: ILPLU=#10/4/2024 8:20:17 PM
cookie: ILEALC=#10/4/2024 8:20:17 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IKSR={}
cookie: IBL=#[]
cookie: IPLSH=#{}
cookie: IPLSH_Q=#[]
cookie: IMCH=#{}
cookie: IMCH_Q=#[]
cookie: IPLH_Q=#[96234]
cookie: IZH=#{"100":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: IZH_Q=#[100]
cookie: IMH=#{"139989":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: IMH_Q=#[139989]
cookie: IPLH=#{"96234":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: ISPH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: ISPH_Q=#[101]
cookie: ICH=#{"49116":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}
cookie: ICH_Q=#[49116]
cookie: VMI=

Response

HTTP/2.0 302

date: Fri, 04 Oct 2024 20:20:43 GMT
content-type: text/html; charset=utf-8
location: https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=3.45&totalcpv=0.00345&channel=File Hosting & Sharing&subchannel=File Hosting & Sharing&medianame=OperaGX_WW_9636&keywords=online storage,free storage,cloud storage,collaboration,backup file sharing,share files,photo backup,photo sharing,ftp replacement,cross platform,remote access,mobile access,send large files,recover files,file versioning,undelete,windows,pc,mac,os x,linux,iphone,online storage,free storage,cloud storage,collaboration,backup file sharing,share files,photo backup,photo sharing,ftp replacement,cross platform,remote access,mobile access,send large files,recover files,file versioning,undelete,windows,pc,mac,os x,linux,iphone&sourceid=101&domainid=1&cpv=0.00345&s2sParam=0c648c0e-9e2c-403e-bd98-f7dbbb7491a9
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=f82c71c2-7cc8-41a2-b144-9f9a7e99a3cf; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=7671E0; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: IPLH=#{"96234":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[96234]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-10-04T20:20:17.6354629Z"}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#10/4/2024 8:20:17 PM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 05-Oct-2024 00:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{"100":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[100]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{"139989":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[139989]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:17"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{"101":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[101]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{"49116":[{"SId":"7671E0","D":"24/10/4T13:20:43"}]}; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[49116]; expires=Wed, 04-Oct-2034 20:20:43 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8cd7dfcccede9463-LHR
DNS

g.ezoic.net

msedge.exe

Remote address:

8.8.8.8:53

Request

g.ezoic.net

IN A

Response

g.ezoic.net

IN A

13.37.187.223
POST

https://g.ezoic.net/saa.go

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /saa.go HTTP/2.0
host: g.ezoic.net
content-length: 2554
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/javascript
date: Fri, 04 Oct 2024 20:20:17 GMT
expires: Thu, 03 Oct 2024 20:20:17 GMT
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-robots-tag: noindex
POST

https://g.ezoic.net/sa.go

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /sa.go HTTP/2.0
host: g.ezoic.net
content-length: 3193
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/javascript
date: Fri, 04 Oct 2024 20:20:17 GMT
expires: Thu, 03 Oct 2024 20:20:17 GMT
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-robots-tag: noindex
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6InN0YXRfc291cmNlX2lkIiwidmFsIjoiNDQifV0sImlzX29yaWciOjB9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6InN0YXRfc291cmNlX2lkIiwidmFsIjoiNDQifV0sImlzX29yaWciOjB9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:18 GMT
expires: Thu, 03 Oct 2024 20:20:18 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImFkc2Vuc2V0eXBlIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6MH1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImFkc2Vuc2V0eXBlIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6MH1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:18 GMT
expires: Thu, 03 Oct 2024 20:20:18 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/imp.gif

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/imp.gif HTTP/2.0
host: g.ezoic.net
content-length: 1292
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Fri, 04 Oct 2024 20:20:18 GMT
expires: Thu, 03 Oct 2024 20:20:18 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-middleton-display: imp_sol
content-length: 43
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImRldmljZV93aWR0aCIsInZhbCI6IjEyODAifSx7Im5hbWUiOiJkZXZpY2VfaGVpZ2h0IiwidmFsIjoiNzIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDI0LTEwLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMjAifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImRldmljZV93aWR0aCIsInZhbCI6IjEyODAifSx7Im5hbWUiOiJkZXZpY2VfaGVpZ2h0IiwidmFsIjoiNzIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDI0LTEwLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMjAifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:25 GMT
expires: Thu, 03 Oct 2024 20:20:25 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InBlcmZfaXNfdHJhY2tlZCIsInZhbCI6IjEifSx7Im5hbWUiOiJwZXJmX25hdl90b19jb25uZWN0IiwidmFsIjoiMTU3NSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTk0NiJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiNzgifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiNTkzIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiNjQ4In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjM3NTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMjM1NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIzNTYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InBlcmZfaXNfdHJhY2tlZCIsInZhbCI6IjEifSx7Im5hbWUiOiJwZXJmX25hdl90b19jb25uZWN0IiwidmFsIjoiMTU3NSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTk0NiJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiNzgifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiNTkzIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiNjQ4In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjM3NTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMjM1NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIzNTYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:25 GMT
expires: Thu, 03 Oct 2024 20:20:25 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMTAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjEifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoidmlld3BvcnRfc2l6ZSIsInZhbCI6IjEyODB4NjA5In0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiI3Nzk1MjAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIyNzcyMjg1In0seyJuYW1lIjoiZG9jX2hlaWdodCIsInZhbCI6IjIxOTUifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMTAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjEifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoidmlld3BvcnRfc2l6ZSIsInZhbCI6IjEyODB4NjA5In0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiI3Nzk1MjAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIyNzcyMjg1In0seyJuYW1lIjoiZG9jX2hlaWdodCIsInZhbCI6IjIxOTUifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:25 GMT
expires: Thu, 03 Oct 2024 20:20:25 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjEifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjEifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:28 GMT
expires: Thu, 03 Oct 2024 20:20:28 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImxjcF92YWx1ZSIsInZhbCI6IjQwMDAifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImxjcF92YWx1ZSIsInZhbCI6IjQwMDAifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:30 GMT
expires: Thu, 03 Oct 2024 20:20:30 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImZpZF92YWx1ZSIsInZhbCI6IjE2In1dfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImZpZF92YWx1ZSIsInZhbCI6IjE2In1dfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:30 GMT
expires: Thu, 03 Oct 2024 20:20:30 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:31 GMT
expires: Thu, 03 Oct 2024 20:20:31 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImFkX2xvYWRfdGltZSIsInZhbCI6IjEzNTY2In1dLCJpc19vcmlnIjowfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImFkX2xvYWRfdGltZSIsInZhbCI6IjEzNTY2In1dLCJpc19vcmlnIjowfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:30 GMT
expires: Thu, 03 Oct 2024 20:20:30 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:31 GMT
expires: Thu, 03 Oct 2024 20:20:31 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/bluemonkey.gif?e=W3siYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiIzOTg3M2I1NTA4MmE0OCIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEzMjUsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjAzNDc1NTg1OTMwNjUzNiwicG9zaXRpb25fdHlwZSI6MjEsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiI0MTQ0MDIzM2YxMDM3YiIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEzMjUsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMDB4MjUwLDMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2NzM1MTU5MTI2NjI3MCwicG9zaXRpb25fdHlwZSI6MjIsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tZWRnZS0xLTAiLCJyZXF1ZXN0X2lkIjoiNTI1MWY4MTUyNThhMjQiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzQsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMzI1LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjg1Mjc4MDkyMDMzMTUyMzAsInBvc2l0aW9uX3R5cGUiOjM4LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJpc2UiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMi0wIiwicmVxdWVzdF9pZCI6IjY0NTg0YjJlOWI2MTA0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTMyNSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjE2MHg2MDAiLCJpbXByZXNzaW9uX2lkIjo1NzUwNDI2MjM5MzIwNjExLCJwb3NpdGlvbl90eXBlIjozOSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJyaXNlIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwicmVxdWVzdF9pZCI6IjdkZGUxZjU3YWY1ZWQzIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTMyNSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjQ2NjY3MjU4NjEyOTY5MDQsInBvc2l0aW9uX3R5cGUiOjUsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiI5ZTI4ZDZmNjdmZWI5NSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjMsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjAzNDc1NTg1OTMwNjUzNiwicG9zaXRpb25fdHlwZSI6MjEsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiIxMDExMzI3Y2ZlNTk5NSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjMsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMDB4MjUwLDMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2NzM1MTU5MTI2NjI3MCwicG9zaXRpb25fdHlwZSI6MjIsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tZWRnZS0xLTAiLCJyZXF1ZXN0X2lkIjoiMTE0MjEzNjM2MzU4MTI0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDA2MywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjE2MHg2MDAiLCJpbXByZXNzaW9uX2lkIjo4NTI3ODA5MjAzMzE1MjMwLCJwb3NpdGlvbl90eXBlIjozOCwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJydWJpY29uIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIxMjFiMGI5ZTkwNTU1MTEiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzQsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDYzLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJ1Ymljb24iLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJyZXF1ZXN0X2lkIjoiMTNlZTBiZGQ2ZTI2MTgyIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDA2MywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjQ2NjY3MjU4NjEyOTY5MDQsInBvc2l0aW9uX3R5cGUiOjUsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoidHJpcGxlbGlmdCIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiIxNWU5YmZjY2VjY2M1MmYiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjk2LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjYwMzQ3NTU4NTkzMDY1MzYsInBvc2l0aW9uX3R5cGUiOjIxLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InRyaXBsZWxpZnQiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMTYwNjA2ZDMzY2Q2NDlhIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5NiwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJyZXF1ZXN0X2lkIjoiMTgyMDc4OWQxYzMzY2I2Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MCwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2MDM0NzU1ODU5MzA2NTM2LCJwb3NpdGlvbl90eXBlIjoyMSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMTk4ODJiMjIwMDY4MGYyIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MCwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMS0wIiwicmVxdWVzdF9pZCI6IjIwZTdkYzY4OWYxZjA3MSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTAsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIxNjB4NjAwIiwiaW1wcmVzc2lvbl9pZCI6ODUyNzgwOTIwMzMxNTIzMCwicG9zaXRpb25fdHlwZSI6MzgsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoiYW14IiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIyMWUxMjZhMzFkYTNiYzgiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkwLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6ImFteCIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInJlcXVlc3RfaWQiOiIyMjQyZDUzMDg4NWZmMDkiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkwLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6NDY2NjcyNTg2MTI5NjkwNCwicG9zaXRpb25fdHlwZSI6NSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJyZXF1ZXN0X2lkIjoiMjQyMjY3ZjBjZTdkZmY0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2MDM0NzU1ODU5MzA2NTM2LCJwb3NpdGlvbl90eXBlIjoyMSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMjVhMzg5N2YwY2M1MDBlIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMS0wIiwicmVxdWVzdF9pZCI6IjI2YjI1NWQ4Njc3NjJlZiIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTEsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIxNjB4NjAwIiwiaW1wcmVzc2lvbl9pZCI6ODUyNzgwOTIwMzMxNTIzMCwicG9zaXRpb25fdHlwZSI6MzgsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoib25ldGFnIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIyN2ViOTdhOWY0OTYwY2IiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkxLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6Im9uZXRhZyIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInJlcXVlc3RfaWQiOiIyOGY0MjU2YjViY2U2YzIiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkxLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6NDY2NjcyNTg2MTI5NjkwNCwicG9zaXRpb25fdHlwZSI6NSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJzb3ZybiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiIzMDUwN2Y5N2Q0N2JjNjMiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDE3LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMzAweDI1MCwzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjczNTE1OTEyNjYyNzAsInBvc2l0aW9uX3R5cGUiOjIyLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InNvdnJuIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwicmVxdWVzdF9pZCI6IjMxZGJkZmRmOGI4ZTBiYyIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwMTcsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiI3Mjh4OTAiLCJpbXByZXNzaW9uX2lkIjo0NjY2NzI1ODYxMjk2OTA0LCJwb3NpdGlvbl90eXBlIjo1LCJyZWZyZXNoX2NvdW50IjoxfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/bluemonkey.gif?e=W3siYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiIzOTg3M2I1NTA4MmE0OCIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEzMjUsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjAzNDc1NTg1OTMwNjUzNiwicG9zaXRpb25fdHlwZSI6MjEsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiI0MTQ0MDIzM2YxMDM3YiIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEzMjUsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMDB4MjUwLDMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2NzM1MTU5MTI2NjI3MCwicG9zaXRpb25fdHlwZSI6MjIsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tZWRnZS0xLTAiLCJyZXF1ZXN0X2lkIjoiNTI1MWY4MTUyNThhMjQiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzQsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMzI1LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjg1Mjc4MDkyMDMzMTUyMzAsInBvc2l0aW9uX3R5cGUiOjM4LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJpc2UiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMi0wIiwicmVxdWVzdF9pZCI6IjY0NTg0YjJlOWI2MTA0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTMyNSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjE2MHg2MDAiLCJpbXByZXNzaW9uX2lkIjo1NzUwNDI2MjM5MzIwNjExLCJwb3NpdGlvbl90eXBlIjozOSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJyaXNlIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwicmVxdWVzdF9pZCI6IjdkZGUxZjU3YWY1ZWQzIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTMyNSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjQ2NjY3MjU4NjEyOTY5MDQsInBvc2l0aW9uX3R5cGUiOjUsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiI5ZTI4ZDZmNjdmZWI5NSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjMsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjAzNDc1NTg1OTMwNjUzNiwicG9zaXRpb25fdHlwZSI6MjEsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiIxMDExMzI3Y2ZlNTk5NSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjMsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMDB4MjUwLDMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2NzM1MTU5MTI2NjI3MCwicG9zaXRpb25fdHlwZSI6MjIsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tZWRnZS0xLTAiLCJyZXF1ZXN0X2lkIjoiMTE0MjEzNjM2MzU4MTI0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDA2MywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjE2MHg2MDAiLCJpbXByZXNzaW9uX2lkIjo4NTI3ODA5MjAzMzE1MjMwLCJwb3NpdGlvbl90eXBlIjozOCwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJydWJpY29uIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIxMjFiMGI5ZTkwNTU1MTEiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzQsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDYzLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJ1Ymljb24iLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJyZXF1ZXN0X2lkIjoiMTNlZTBiZGQ2ZTI2MTgyIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDA2MywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjQ2NjY3MjU4NjEyOTY5MDQsInBvc2l0aW9uX3R5cGUiOjUsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoidHJpcGxlbGlmdCIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiIxNWU5YmZjY2VjY2M1MmYiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjk2LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjYwMzQ3NTU4NTkzMDY1MzYsInBvc2l0aW9uX3R5cGUiOjIxLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InRyaXBsZWxpZnQiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMTYwNjA2ZDMzY2Q2NDlhIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5NiwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJyZXF1ZXN0X2lkIjoiMTgyMDc4OWQxYzMzY2I2Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MCwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2MDM0NzU1ODU5MzA2NTM2LCJwb3NpdGlvbl90eXBlIjoyMSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMTk4ODJiMjIwMDY4MGYyIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MCwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMS0wIiwicmVxdWVzdF9pZCI6IjIwZTdkYzY4OWYxZjA3MSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTAsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIxNjB4NjAwIiwiaW1wcmVzc2lvbl9pZCI6ODUyNzgwOTIwMzMxNTIzMCwicG9zaXRpb25fdHlwZSI6MzgsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoiYW14IiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIyMWUxMjZhMzFkYTNiYzgiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkwLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6ImFteCIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInJlcXVlc3RfaWQiOiIyMjQyZDUzMDg4NWZmMDkiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkwLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6NDY2NjcyNTg2MTI5NjkwNCwicG9zaXRpb25fdHlwZSI6NSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJyZXF1ZXN0X2lkIjoiMjQyMjY3ZjBjZTdkZmY0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2MDM0NzU1ODU5MzA2NTM2LCJwb3NpdGlvbl90eXBlIjoyMSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMjVhMzg5N2YwY2M1MDBlIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMS0wIiwicmVxdWVzdF9pZCI6IjI2YjI1NWQ4Njc3NjJlZiIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTEsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIxNjB4NjAwIiwiaW1wcmVzc2lvbl9pZCI6ODUyNzgwOTIwMzMxNTIzMCwicG9zaXRpb25fdHlwZSI6MzgsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoib25ldGFnIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIyN2ViOTdhOWY0OTYwY2IiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkxLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6Im9uZXRhZyIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInJlcXVlc3RfaWQiOiIyOGY0MjU2YjViY2U2YzIiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkxLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6NDY2NjcyNTg2MTI5NjkwNCwicG9zaXRpb25fdHlwZSI6NSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJzb3ZybiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiIzMDUwN2Y5N2Q0N2JjNjMiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDE3LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMzAweDI1MCwzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjczNTE1OTEyNjYyNzAsInBvc2l0aW9uX3R5cGUiOjIyLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InNvdnJuIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwicmVxdWVzdF9pZCI6IjMxZGJkZmRmOGI4ZTBiYyIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwMTcsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiI3Mjh4OTAiLCJpbXByZXNzaW9uX2lkIjo0NjY2NzI1ODYxMjk2OTA0LCJwb3NpdGlvbl90eXBlIjo1LCJyZWZyZXNoX2NvdW50IjoxfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-headers: Content-Type
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Fri, 04 Oct 2024 20:20:31 GMT
expires: Thu, 03 Oct 2024 20:20:31 GMT
vary: Accept-Encoding
x-middleton-display: imp_sol
content-length: 43
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZldGNoZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzM1MTU5MTI2NjI3MCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZldGNoZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmV0Y2hlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZldGNoZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzM1MTU5MTI2NjI3MCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZldGNoZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmV0Y2hlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:31 GMT
expires: Thu, 03 Oct 2024 20:20:31 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/bluemonkey.gif?e=W3siYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiIzMjAyZmFmOC1jNjgzLTQ0Y2EtOTFhYi1iNjdlM2E4YzA3ZTYiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYmFubmVyLTEtMCIsInJlcXVlc3RfaWQiOiIzNGUwMjAzMWE3YTZkNGYiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMzI1LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoic292cm4iLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiMzY5Y2E2ODQ2MWRlMmJlIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNzE5LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDAxNywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjg1MTEyNTM0OTMzMTE5NTIsInBvc2l0aW9uX3R5cGUiOjMwLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJ1Ymljb24iLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiMzg5NzcxYzdlMTVlODQiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDYzLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoidHJpcGxlbGlmdCIsImF1Y3Rpb25faWQiOiIzMjAyZmFmOC1jNjgzLTQ0Y2EtOTFhYi1iNjdlM2E4YzA3ZTYiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYmFubmVyLTEtMCIsInJlcXVlc3RfaWQiOiI0MDgyYjBlMDJhMzNiMTgiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjk2LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoiYW14IiwiYXVjdGlvbl9pZCI6IjMyMDJmYWY4LWM2ODMtNDRjYS05MWFiLWI2N2UzYThjMDdlNiIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1iYW5uZXItMS0wIiwicmVxdWVzdF9pZCI6IjQyMjU4M2U3ZWRlODYzOSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDcxOSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTAsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiI3Mjh4OTAiLCJpbXByZXNzaW9uX2lkIjo4NTExMjUzNDkzMzExOTUyLCJwb3NpdGlvbl90eXBlIjozMCwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiNDQ1OWU4Mzk2NmNkNmQxIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNzE5LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjg1MTEyNTM0OTMzMTE5NTIsInBvc2l0aW9uX3R5cGUiOjMwLCJyZWZyZXNoX2NvdW50IjoxfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/bluemonkey.gif?e=W3siYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiIzMjAyZmFmOC1jNjgzLTQ0Y2EtOTFhYi1iNjdlM2E4YzA3ZTYiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYmFubmVyLTEtMCIsInJlcXVlc3RfaWQiOiIzNGUwMjAzMWE3YTZkNGYiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMzI1LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoic292cm4iLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiMzY5Y2E2ODQ2MWRlMmJlIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNzE5LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDAxNywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjg1MTEyNTM0OTMzMTE5NTIsInBvc2l0aW9uX3R5cGUiOjMwLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJ1Ymljb24iLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiMzg5NzcxYzdlMTVlODQiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDYzLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoidHJpcGxlbGlmdCIsImF1Y3Rpb25faWQiOiIzMjAyZmFmOC1jNjgzLTQ0Y2EtOTFhYi1iNjdlM2E4YzA3ZTYiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYmFubmVyLTEtMCIsInJlcXVlc3RfaWQiOiI0MDgyYjBlMDJhMzNiMTgiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjk2LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoiYW14IiwiYXVjdGlvbl9pZCI6IjMyMDJmYWY4LWM2ODMtNDRjYS05MWFiLWI2N2UzYThjMDdlNiIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1iYW5uZXItMS0wIiwicmVxdWVzdF9pZCI6IjQyMjU4M2U3ZWRlODYzOSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDcxOSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTAsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiI3Mjh4OTAiLCJpbXByZXNzaW9uX2lkIjo4NTExMjUzNDkzMzExOTUyLCJwb3NpdGlvbl90eXBlIjozMCwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiNDQ1OWU4Mzk2NmNkNmQxIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNzE5LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjg1MTEyNTM0OTMzMTE5NTIsInBvc2l0aW9uX3R5cGUiOjMwLCJyZWZyZXNoX2NvdW50IjoxfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-headers: Content-Type
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Fri, 04 Oct 2024 20:20:31 GMT
expires: Thu, 03 Oct 2024 20:20:31 GMT
vary: Accept-Encoding
x-middleton-display: imp_sol
content-length: 43
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxNDMwMSJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxNDMwMSJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:31 GMT
expires: Thu, 03 Oct 2024 20:20:31 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJhZF9sb2FkX3RpbWUiLCJ2YWwiOiIxNDMwMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJhZF9sb2FkX3RpbWUiLCJ2YWwiOiIxNDMwMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:32 GMT
expires: Thu, 03 Oct 2024 20:20:32 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJhZF9sb2FkX3RpbWUiLCJ2YWwiOiIxNDcwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJhZF9sb2FkX3RpbWUiLCJ2YWwiOiIxNDcwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:32 GMT
expires: Thu, 03 Oct 2024 20:20:32 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJzdGF0X3NvdXJjZV9pZCI6MCwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiYWRfbG9hZF90aW1lIiwidmFsIjoiMTQ5ODcifV0sImlzX29yaWciOmZhbHNlfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJzdGF0X3NvdXJjZV9pZCI6MCwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiYWRfbG9hZF90aW1lIiwidmFsIjoiMTQ5ODcifV0sImlzX29yaWciOmZhbHNlfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:32 GMT
expires: Thu, 03 Oct 2024 20:20:32 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI0In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2MDM0NzU1ODU5MzA2NTM2IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicmV2ZW51ZSI6MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwic3RhdF9zb3VyY2VfaWQiOjAsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNvbGxhcHNlZCIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI0In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2MDM0NzU1ODU5MzA2NTM2IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicmV2ZW51ZSI6MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwic3RhdF9zb3VyY2VfaWQiOjAsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNvbGxhcHNlZCIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:34 GMT
expires: Thu, 03 Oct 2024 20:20:34 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjEsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJzdGF0X3NvdXJjZV9pZCI6MCwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjoxLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiY29sbGFwc2VkIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjEsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJzdGF0X3NvdXJjZV9pZCI6MCwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjoxLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiY29sbGFwc2VkIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:34 GMT
expires: Thu, 03 Oct 2024 20:20:34 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX2xvYWQiLCJ2YWwiOiIyMDA0OSJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX2xvYWQiLCJ2YWwiOiIyMDA0OSJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:37 GMT
expires: Thu, 03 Oct 2024 20:20:37 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVzdF9yZXZlbnVlX3VzZCIsInZhbCI6IjAuMDAwMDAyIn1dfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVzdF9yZXZlbnVlX3VzZCIsInZhbCI6IjAuMDAwMDAyIn1dfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:37 GMT
expires: Thu, 03 Oct 2024 20:20:37 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLjAwMDAwMiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAwMDIsInN0YXRfc291cmNlX2lkIjozNSwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NTQ0NjEwNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0ODA5MTQ4MDYyIn1dLCJpc19vcmlnIjpmYWxzZX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLjAwMDAwMiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAwMDIsInN0YXRfc291cmNlX2lkIjozNSwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NTQ0NjEwNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0ODA5MTQ4MDYyIn1dLCJpc19vcmlnIjpmYWxzZX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:37 GMT
expires: Thu, 03 Oct 2024 20:20:37 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyNC0xMC0wNCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjIwIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjUifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjk2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjUxNiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyNC0xMC0wNCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjIwIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjUifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjk2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjUxNiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:37 GMT
expires: Thu, 03 Oct 2024 20:20:37 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImF1Y3Rpb25fZXBvY2giOjE3MjgwNzMyMzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjIsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjI5MCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImlzX3JsIjowLCJuZXR3b3JrX2NvZGUiOjIxNzMyMTE4OTE0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjJ9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImF1Y3Rpb25fZXBvY2giOjE3MjgwNzMyMzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjIsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjI5MCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImlzX3JsIjowLCJuZXR3b3JrX2NvZGUiOjIxNzMyMTE4OTE0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjJ9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:37 GMT
expires: Thu, 03 Oct 2024 20:20:37 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:38 GMT
expires: Thu, 03 Oct 2024 20:20:38 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:39 GMT
expires: Thu, 03 Oct 2024 20:20:39 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjIifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjIifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:42 GMT
expires: Thu, 03 Oct 2024 20:20:42 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyODA3MzI0MTg4NyJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyODA3MzI0MTg4NyJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:42 GMT
expires: Thu, 03 Oct 2024 20:20:42 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjMifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjMifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:47 GMT
expires: Thu, 03 Oct 2024 20:20:47 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMSJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjMwIn1dfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMSJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjMwIn1dfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:48 GMT
expires: Thu, 03 Oct 2024 20:20:48 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyODA3MzI1MDkyOSJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyODA3MzI1MDkyOSJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:52 GMT
expires: Thu, 03 Oct 2024 20:20:52 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNsc192YWx1ZSIsInZhbCI6IjAuMDAzMDgzMjA1NTk3NzQ0MDUzNCJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNsc192YWx1ZSIsInZhbCI6IjAuMDAzMDgzMjA1NTk3NzQ0MDUzNCJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:51 GMT
expires: Thu, 03 Oct 2024 20:20:51 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZF90aW1lIiwidmFsIjoiMTQxMTgifV0sImlzX29yaWciOmZhbHNlfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZF90aW1lIiwidmFsIjoiMTQxMTgifV0sImlzX29yaWciOmZhbHNlfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 04 Oct 2024 20:20:51 GMT
expires: Thu, 03 Oct 2024 20:20:51 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
DNS

ad-delivery.net

msedge.exe

Remote address:

8.8.8.8:53

Request

ad-delivery.net

IN A

Response

ad-delivery.net

IN A

104.26.2.70

ad-delivery.net

IN A

104.26.3.70

ad-delivery.net

IN A

172.67.69.19
DNS

go.ezodn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

go.ezodn.com

IN A

Response

go.ezodn.com

IN A

172.67.142.121

go.ezodn.com

IN A

104.21.87.79
DNS

www.mediafiredls.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.mediafiredls.com

IN A

Response

www.mediafiredls.com

IN A

172.67.73.78

www.mediafiredls.com

IN A

104.26.3.173

www.mediafiredls.com

IN A

104.26.2.173
DNS

translate.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

translate.googleapis.com

IN A

Response

translate.googleapis.com

IN A

142.250.200.10
DNS

api.amplitude.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.amplitude.com

IN A

Response

api.amplitude.com

IN A

52.36.87.142

api.amplitude.com

IN A

52.37.122.183

api.amplitude.com

IN A

52.27.213.114

api.amplitude.com

IN A

34.209.161.251

api.amplitude.com

IN A

52.43.168.152

api.amplitude.com

IN A

44.237.230.81

api.amplitude.com

IN A

34.211.96.32

api.amplitude.com

IN A

52.41.33.45
GET

https://go.ezodn.com/detroitchicago/boise.js?gcb=195-12&cb=5

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/boise.js?gcb=195-12&cb=5 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Tue, 01 Oct 2024 17:34:16 GMT
cf-cache-status: HIT
age: 269154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bcAFixpv9Tmx4z02lUvmOI2Pez%2ByhS3oIhPDRitY6q8RCEA1Ftd%2BojcRslowog8fMh8g1U58hRXHG06XZnhnMHE8JZcgV2pCpYu1J1SxUawbv2K2BbD4Zhemvd6Mcs8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df299a03cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/parsonsmaize/abilene.js?gcb=195-12&cb=38

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /parsonsmaize/abilene.js?gcb=195-12&cb=38 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Thu, 06 Jun 2024 01:54:07 GMT
cf-cache-status: HIT
age: 3730487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=paDzCQhPBfWUjp3IFTCsLSIOFKiD9Z0tfu5okn5xTXJOt%2FK1ec83qUrqITYZYBoLIQyvXyIzmeLaQvrxl99B5kznnpCujzsdgvYIk0YL0wBxPdZwgmK3%2FTFqiCxkKYk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df299a0acd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/et.js?gcb=195-12&cb=3

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/et.js?gcb=195-12&cb=3 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:41 GMT
cf-cache-status: HIT
age: 3796625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqwEsYMiJqwTpIsFPn7gXTqkmlwL7M7%2BXxoiNjHa8H5JpWY1YiA7OuaCKxTpRak29S%2F1AiFAUVGxnXOYwzcyPlfGsGY8uOQ6Mid6Yd7y4paMh1lVp0xpj3xMJt07qDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2999ffcd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-12&shcb=34

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-12&shcb=34 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:41 GMT
cf-cache-status: HIT
age: 3796621
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2FLF3MIKEIlVNc%2FMudAyjFZrftnePoI48bODcjBBQxQvQjuSZQn9FnWYkm6S9C10ZFD0Ba4UKZnAtalIDyzgTAVk2GKKUHKMaDyhpWGlkazINoHJmI9uts%2F5mgFRONo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2abc1ccd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/anchorfix.js?cb=27&gcb=195-12

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/anchorfix.js?cb=27&gcb=195-12 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:40 GMT
cf-cache-status: HIT
age: 3730485
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZhYV%2BIzEfeTix8jWIkudMJiDgZECHziKjqm9FWi7G3WuZ9u%2BR6%2FwH1tYZHpWDvjORex6zj58YWtjoSEvo7%2FPqBMYfgldtB%2B74%2BsVXfICUjBNd8BrzHzxWVx97ZQHohU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2abc0ccd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/sidebarwall.js?gcb=12&cb=22

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/sidebarwall.js?gcb=12&cb=22 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:41 GMT
cf-cache-status: HIT
age: 65063
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xQIPmzuDCJkkOxTWO39EMZkOtUfh7qiPRPB6zNVNzIcSR8US4lewHHouJKvcf8646ePHChkOAWOJcX4zZxHp8XQjveQsvvefsVCpxjE2otMuwh%2FDf22esPjz1BNBhzE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2acc2acd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/tuscon.js?gcb=12&cb=14

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/tuscon.js?gcb=12&cb=14 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 2510868
last-modified: Thu, 05 Sep 2024 18:52:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFrfUb0wfF5R2J9F9H1RQ3ejNAGRE7pKd1iOLc2jgVCyt2%2BjuHEptWTYnWu9qg0%2FxEA4d8JvWdDVqGE6WHAbeESuifnkhjIcFqrVLWoehxFOELXvmVWY6IoOU33mC8I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2acc2fcd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/kenai.js?gcb=12&cb=17

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/kenai.js?gcb=12&cb=17 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 50156
last-modified: Fri, 04 Oct 2024 06:24:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=noBBSmpdsWTSxsJl80Qq5KUVXxDrXLRoLycy58o5xqAvbOyNDl%2BPz4INQwmtxM%2FzW780IfAgyl8GUvDTFECib5fidO2%2FqqTaeZAjJ7yEV0dRjxvo1IDoWS7slmFK%2Bjc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2acc31cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/portland.js?gcb=12&cb=218

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/portland.js?gcb=12&cb=218 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Thu, 18 Jul 2024 23:40:07 GMT
cf-cache-status: HIT
age: 3801500
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TAcLdEmK2LxFW1hF%2BheZBzdg3N6vqoGNS7pg23K2lXKJCiwPmTXHfJvUF828v3Xzl4Nv1U0Z3otmtbvgzY5aidWRUQx595EZDsWeYM%2B2NWgLQRkfWcfsGCbQ0qh85PY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2acc3dcd95-LHR
content-encoding: br
GET

https://go.ezodn.com/hb/dall.js?cb=195-12-105

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /hb/dall.js?cb=195-12-105 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 608280
last-modified: Fri, 27 Sep 2024 19:22:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cdX0DUlBmG%2Fn5PKMpfWvHMUmVlz9D7fcBxIz7oG4iTVzF0BLHOAUmi%2FX3DDUn7OPhfFrx0pOcm7jxeG4kuCJ1yQSKFfJYWhdpBL76O2YSVjmm%2F35aF3BBUk2l9J4qJk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2adc4ecd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/augusta.js?gcb=195-12&cb=45

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/augusta.js?gcb=195-12&cb=45 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 25 Sep 2024 21:49:21 GMT
cf-cache-status: HIT
age: 772256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f49ED28Bd%2Fd6Ba4YkDysWYFXmecKODC6q2X4xBM9CuAx51riSUBoRjKZ1JrtJLYC3KYqAnhaFwzWeQBbXKbfEyBaVYZa06Ut5HMi7zdJ%2Fp%2F%2FHKndAqBVGR9TMU0bL8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2abc12cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/banger.js?cb=195-12&bv=381&PageSpeed=off

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/banger.js?cb=195-12&bv=381&PageSpeed=off HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
last-modified: Fri, 27 Sep 2024 21:57:24 GMT
cf-cache-status: HIT
age: 66678
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i74XEmdF8RLBbNdzMyakYrEMhZAvUKqc8w2Sy%2BGFoudsqXOuqmtNF2XJ5q7KxF65FjGtAGMENIUxYjTZs9wMbM5hV0hAQtsEDFVNseciaX87ydHlkxsXx4%2Fh8JZs4Vc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2acc39cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-12&cb=10

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /parsonsmaize/mulvane.js?gcb=195-12&cb=10 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Thu, 03 Oct 2024 19:01:16 GMT
cf-cache-status: HIT
age: 91138
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltTBL2FMjgV8Elzj8rUtyUmyBrXCPW%2Fh7hY2T050tfhLqA6wHQmFHsyqZo3FUdbxC8o0u6jfjhDMhge6Tjoj4KgITiyfYgj4BzDDpQjREo%2F697oEvjBX7TfDyh5DlIA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2b6cfccd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/reno.js?gcb=195-12&cb=2

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/reno.js?gcb=195-12&cb=2 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:42 GMT
cf-cache-status: HIT
age: 3730485
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVkYkyWTZ%2FESXZ5KmcQ1eCsIlRqJHNGlvpKpxl6GmmsVoRNVp%2Bf%2BBbMszbCeRY3ad%2BpbT%2FlUGP7rL0PG%2BRP0INnqUPzdYXkIRzye6cGaNNz7JSIxRBi5P9W%2FHi702Zw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2b6cfecd95-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/detroitchicago/wichita.js?gcb=195-12&cb=12

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/wichita.js?gcb=195-12&cb=12 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Tue, 18 Jun 2024 17:07:02 GMT
cf-cache-status: HIT
age: 51914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xwJ3UFXpWatiNUfjX9Md7LijwKPdzjlyMy7SThsF%2BEeEDL2rLdLN7WRt6eRS6mdi8sYetS%2F%2BnaN02OOqYPSKYpPO5Pt4zxfrOfoZdzaVsSJZokACOAFe0ShVoONAII%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2b6cfbcd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-12&cb=7

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/raleigh.js?gcb=195-12&cb=7 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:40 GMT
cf-cache-status: HIT
age: 54495
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=unAyf999ess4eqMV5HI46tJOE4O%2FxEfl44KhiEBN68wSj9Sn9aRbbfvqAMVPDkQxkqkke5yM8SK%2BuXuwbaUZtm7lQeSdndGVYYaK8dEVgkfQ5JMOjNelCCjlfPDu8sk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2b6d01cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/detroitchicago/vista.js?gcb=195-12&cb=6

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /detroitchicago/vista.js?gcb=195-12&cb=6 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 14 Aug 2024 17:33:51 GMT
cf-cache-status: HIT
age: 1373228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WvFn4DNgVRFWOAnOrO9r16ZGTfYHMmBBIIkbMwfnS4DNGp5xhKEHY9KwZyV2dh3KktrUjegjdJ0iI98jMTl5ce5XJ4sGl6BTyS%2BJDHtd4vYoX1OrUK%2B0%2F0UFbt4lXy4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2b6d03cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/nmash.js?bv=381

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/nmash.js?bv=381 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Mon, 10 Jun 2024 22:21:30 GMT
cf-cache-status: HIT
age: 3730483
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZE31IkFukRCac3E3oY2gdmCb0v6K5vNfUEN4Ng7NfEXgiH6CN2kGdTCy6lv2UEfVk1aj9rb2ST6XjvWwysT297EexukPigJqQrnQpMar%2B%2BWndaBKNxYcDLulMEdkvF0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2beda3cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/parsonsmaize/olathe.js?gcb=195-12&cb=25

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /parsonsmaize/olathe.js?gcb=195-12&cb=25 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 27 Sep 2024 19:22:18 GMT
cf-cache-status: HIT
age: 608279
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9FM8Are2dkxPfvcDfTHRg3XMgBrg3GyrU5r0yk6KVUvEb4cYIsigZjRumg3PX4PFsZonRI4mNwepvAJxkyeqyf%2FRxnNBepsVSPNQxfPgJk9wYCDwk4ih8xHp9wC%2B%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2beda0cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/parsonsmaize/chanute.js?a=a&cb=10&dcb=195-12&shcb=34

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /parsonsmaize/chanute.js?a=a&cb=10&dcb=195-12&shcb=34 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:40 GMT
cf-cache-status: HIT
age: 3725896
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vo7AdULzLnkcTpx6MmTML6QmhlBiheRAqS%2B26Xs1gN06u6O2MHucDxCKHNmoOblaQ4wi7bBWf%2B7l%2B4JgF%2B7HqRuEpYudVf3FXvFkJhAaB7G35GyUMuCro0gQ3G3oPCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2beda6cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-12&cb=4

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /tardisrocinante/vitals.js?gcb=195-12&cb=4 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 3725902
last-modified: Thu, 22 Aug 2024 17:21:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3aP0sZ%2BUPs3MzaWlbONaW47tguUltmmE0d2J4ecclTPYEP9FPUnkGzMnbT8EWDmiwa9ZQooWGKqsOPazPukSkHPkNeQjVEMG4anXW6xE4Z8YXXYpJAYej%2BQpuivCgxM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2beda5cd95-LHR
content-encoding: br
GET

https://g.ezodn.com/cmp/v2/v.js?v=4

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /cmp/v2/v.js?v=4 HTTP/2.0
host: g.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
last-modified: Thu, 25 Apr 2024 19:45:59 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1800727
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGJXtRVWj%2F1eYdqnsfUu8RbU33DdSAAe2EY3D5y6YRDXHuLPbXT3JV0XpXeNp3psWo7enDUTE1MPbO5ZEsSKdpQAwwlVn1Q9uOdMnAD3CnuvHlj93ozYy4slO4oH5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2c0db9cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/ezadloadhb.js?gcb=195-12&cb=232

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/ezadloadhb.js?gcb=195-12&cb=232 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:18 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 02 Oct 2024 21:19:29 GMT
cf-cache-status: HIT
age: 169249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PhG3%2FwEUtKLMzo5kyIYpOI0XFFQBTelzjuNroJlWpp%2BE4hHTh%2BNZ%2BIjnR%2FBPAXTtgCzGZOtwgqrERUPqDPfjf0vsDo2bGbQwitqEB82%2BiJni%2B4sKBr%2BqaQ1ft9sba%2Bw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2cdecdcd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/ezjitscroll.js?gcb=195-12&cb=232

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/ezjitscroll.js?gcb=195-12&cb=232 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:29 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 02 Oct 2024 21:19:21 GMT
cf-cache-status: HIT
age: 169243
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aUG2qF%2BsKHzV7W4DOtk1w1J1jXJGuawb7ZfmhXvOstV2Siy43EmAcCG5OyE4nSco4N5MD5uuHHnc4Nxinc4Qwb5Ujgzh3U5%2F1ix0XJSvFW9JikZKk3ooJXfgbbsRd6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df75e8bacd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/ezicsticky.js?gcb=195-12&cb=232

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/ezicsticky.js?gcb=195-12&cb=232 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:29 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 02 Oct 2024 21:19:16 GMT
cf-cache-status: HIT
age: 169272
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=meGKxok1eQY4s83tQEudymFkVTuwg8HAmeyyvFPODlGQ9kvbUGgQnVRrULGbOi%2BoCEyA7Y9lJiz4zCsml6EIaEgL8TFhgudsar5Tm9voa8%2BH4wYtzZ%2B1N4xFgKHE024%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df75d8b8cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/ezjitpos.js?gcb=195-12&cb=232

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/ezjitpos.js?gcb=195-12&cb=232 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 02 Oct 2024 21:19:09 GMT
cf-cache-status: HIT
age: 169273
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fnL%2BpQg5Xv3WXmI9CIfTUg5MEe6awSp4m19VmKmEq5LQvKGCrjByzBfIcabLRhJHQsUtpwrJio8kE%2FKsEySsPuwhdtejGnE43F3eaewvqBQ6ZXcyHrS1VFIjmtAIjPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df78dd63cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/ezadfilled.js?gcb=195-12&cb=232

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/ezadfilled.js?gcb=195-12&cb=232 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:37 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 02 Oct 2024 21:19:54 GMT
cf-cache-status: HIT
age: 169242
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTs2za6DUGZ1Wpznq0v2JaTIpqQItzCdSDgOyY5BmuswrwLtC%2FVKNbRgbHh3jlwN3%2B%2FlhcBjpgj%2FCq0qTu1jbJY7%2FYrY3i%2FvihRxRwoNfH%2FRZIHPCfv76nDepCkw9%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7dfa5ac29cd95-LHR
content-encoding: br
GET

https://go.ezodn.com/porpoiseant/ezidentity.js?gcb=195-12&cb=232

msedge.exe

Remote address:

172.67.142.121:443

Request

GET /porpoiseant/ezidentity.js?gcb=195-12&cb=232 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:47 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 02 Oct 2024 21:20:02 GMT
cf-cache-status: HIT
age: 169242
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oBJXaofUtW2mAAsmbwET%2F4zZqwthEGCNntsTWPocDa3od1i0Sn28z8hG52WbLqkhxxuteITwHBvlhRIh33mbmPFHPZERIol0SXVMVWkAVe79sTDNBgo1ROLEeLEnJXI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7dfe42b66cd95-LHR
content-encoding: br
GET

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.cqeQTTBUutw.O/am=AAAB/d=1/exm=el_conf/ed=1/rs=AN8SPfpqTiIjQutwNX-Uswei4-RXEVD2fw/m=el_main

msedge.exe

Remote address:

142.250.200.10:443

Request

GET /_/translate_http/_/js/k=translate_http.tr.en_GB.cqeQTTBUutw.O/am=AAAB/d=1/exm=el_conf/ed=1/rs=AN8SPfpqTiIjQutwNX-Uswei4-RXEVD2fw/m=el_main HTTP/2.0
host: translate.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

msedge.exe

Remote address:

142.250.200.10:443

Request

GET /v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/2.0
host: translate-pa.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ad-delivery.net/px.gif?ch=2

msedge.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ABPtcPre1u088olDEqisL4vqj4Y9CrIIxG4mj-xpWTpshSDFW8uWUxQz-ZFVXiQ1eyo1nTm4_Ps
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sat, 05 Oct 2024 20:20:17 GMT
cache-control: public, max-age=86400
age: 19031
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4j4MW%2FsEvwQ2KHK4nSYCyCgNL60uSKJ9tFqX9tibYBz3AnLM7ZR4T57X5NfwxNP142qO5Lv4uIRn%2Fhjb6xQMAm2KXrmM%2BZM5qqmJOD%2FhhyYIAzNUtEprweSGvbHgxzS%2F1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df299aaf653f-LHR
GET

https://ad-delivery.net/px.gif?ch=1&e=0.04533270277765844

msedge.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.04533270277765844 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ABPtcPre1u088olDEqisL4vqj4Y9CrIIxG4mj-xpWTpshSDFW8uWUxQz-ZFVXiQ1eyo1nTm4_Ps
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sat, 05 Oct 2024 20:20:17 GMT
cache-control: public, max-age=86400
age: 19031
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BmK41tUX%2BPNcZY4hTKDKRkvYRAdgu305P1u6MDUiGCTgHRCPRQi%2B0qMWu%2Bgnc27r2QbI6rzNt2EZAyQgqjmt0aMRJOh9G5F7Bw%2BvzmqDMSkZfrYCGON1VqnPicVKOrTOZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df299ab3653f-LHR
GET

https://www.mediafiredls.com/adsupply/0

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /adsupply/0 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 04 Oct 2024 20:20:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRXxGkN5TVakIttr27txUloHLEKkCF4LWx1VRYytkgLiukYlSQ4flX95GlXhI7sSAKUFrRkBImOUSWYZAswJ6RqchcvuwvsPd5V0ZALnl03otnMC2CHnIePgbcexd1MXsODz67AJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df299c0a7768-LHR
content-encoding: br
GET

https://www.mediafiredls.com/onclick/0

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /onclick/0 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 04 Oct 2024 20:20:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aM72gEL1NoK6m6IGgn3nQfSTW7XALbFX4seiOoKLplk5WtwcX5ighVLlQk8ZRSZ1rFpwQRtvP8o5ZXPrs0Zxsmz9WmZToWrtRVdhck4E%2B8eSVdY8s2j6sG8kl3%2Fzq3QNVZ0LB0kr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df2b6eba7768-LHR
content-encoding: br
GET

https://www.mediafiredls.com/clicked/1

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /clicked/1 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 04 Oct 2024 20:20:42 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 04 Oct 2024 20:20:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zpshWaoVOn13wksVmu4mx9vSDWEvZYxPJUA1DslGPjmmSqGJnsXvIlV97Jn0mDUuPIIxEt64xu3Tuf2ukDZIGsLP4heTPCCFxgCOhUX1Gm4Np7fpLvWTAZBz9rIVpLFFzPjewKyR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7dfc568327768-LHR
content-encoding: br
GET

https://www.mediafiredls.com/completed/1

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /completed/1 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 04 Oct 2024 20:20:42 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 04 Oct 2024 20:20:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPsJENq3gzUb0ARRsKL3obFqnvYFV2%2BRVSV%2B%2FinAGPOMM9Y8uyexqaxgj1ZD14liZxHdY%2BSMPU2%2BbsHc0elVmK%2BcrbIILJ2cMj21zW%2FsurfJg00Q%2B7DwpmbL%2Bhb0WpZB8Jzk7lcz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7dfc608d67768-LHR
content-encoding: br
DNS

otnolatrnup.com

msedge.exe

Remote address:

8.8.8.8:53

Request

otnolatrnup.com

IN A

Response

otnolatrnup.com

IN A

104.19.208.227

otnolatrnup.com

IN A

104.18.159.164
POST

https://api.amplitude.com/

msedge.exe

Remote address:

52.36.87.142:443

Request

POST / HTTP/2.0
host: api.amplitude.com
content-length: 1086
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:17 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
strict-transport-security: max-age=15768000
DNS

securepubads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

172.217.16.226
DNS

32.42.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.42.21.104.in-addr.arpa

IN PTR

Response
DNS

73.80.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.80.16.104.in-addr.arpa

IN PTR

Response
DNS

216.74.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.74.22.104.in-addr.arpa

IN PTR

Response
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

144.170.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.170.67.172.in-addr.arpa

IN PTR

Response
DNS

113.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.39.65.18.in-addr.arpa

IN PTR

Response

113.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-113ams1r cloudfrontnet
GET

https://securepubads.g.doubleclick.net/tag/js/gpt.js

msedge.exe

Remote address:

172.217.16.226:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

40.18.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.18.239.18.in-addr.arpa

IN PTR

Response

40.18.239.18.in-addr.arpa

IN PTR

server-18-239-18-40ams58r cloudfrontnet
DNS

g.ezodn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

g.ezodn.com

IN A

Response

g.ezodn.com

IN A

172.67.142.121

g.ezodn.com

IN A

104.21.87.79
DNS

api.btloader.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.btloader.com

IN A

Response

api.btloader.com

IN A

130.211.23.194
DNS

78.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

223.187.37.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.187.37.13.in-addr.arpa

IN PTR

Response

223.187.37.13.in-addr.arpa

IN PTR

ec2-13-37-187-223 eu-west-3compute amazonawscom
DNS

198.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.250.142.in-addr.arpa

IN PTR

Response

198.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f61e100net
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR

Response

227.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f31e100net
DNS

tags.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

tags.crwdcntrl.net

IN A

Response

tags.crwdcntrl.net

IN A

18.239.18.118

tags.crwdcntrl.net

IN A

18.239.18.33

tags.crwdcntrl.net

IN A

18.239.18.12

tags.crwdcntrl.net

IN A

18.239.18.78
DNS

164.159.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.159.18.104.in-addr.arpa

IN PTR

Response
DNS

121.142.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.142.67.172.in-addr.arpa

IN PTR

Response
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

70.2.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.2.26.104.in-addr.arpa

IN PTR

Response
DNS

78.73.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.73.67.172.in-addr.arpa

IN PTR

Response
DNS

142.87.36.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.87.36.52.in-addr.arpa

IN PTR

Response

142.87.36.52.in-addr.arpa

IN PTR

ec2-52-36-87-142 us-west-2compute amazonawscom
GET

https://api.btloader.com/country?o=5678961798414336

msedge.exe

Remote address:

130.211.23.194:443

Request

GET /country?o=5678961798414336 HTTP/2.0
host: api.btloader.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://api.btloader.com/pv?tid=35yLXO2F&w=5115845767331840&o=5678961798414336&cv=2.1.59-1-g78ed83d&widget=false&r=false&vr=1280x609&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&sid=pnXasxa41H&pm=false&upapi=true

msedge.exe

Remote address:

130.211.23.194:443

Request

GET /pv?tid=35yLXO2F&w=5115845767331840&o=5678961798414336&cv=2.1.59-1-g78ed83d&widget=false&r=false&vr=1280x609&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&sid=pnXasxa41H&pm=false&upapi=true HTTP/2.0
host: api.btloader.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

translate-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

translate-pa.googleapis.com

IN A

Response

translate-pa.googleapis.com

IN A

142.250.200.42

translate-pa.googleapis.com

IN A

142.250.178.10

translate-pa.googleapis.com

IN A

172.217.169.42

translate-pa.googleapis.com

IN A

142.250.200.10

translate-pa.googleapis.com

IN A

216.58.213.10

translate-pa.googleapis.com

IN A

172.217.169.74

translate-pa.googleapis.com

IN A

172.217.16.234

translate-pa.googleapis.com

IN A

142.250.187.234

translate-pa.googleapis.com

IN A

216.58.212.234

translate-pa.googleapis.com

IN A

142.250.180.10

translate-pa.googleapis.com

IN A

216.58.204.74

translate-pa.googleapis.com

IN A

216.58.201.106

translate-pa.googleapis.com

IN A

142.250.179.234

translate-pa.googleapis.com

IN A

142.250.187.202
DNS

bcp.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

bcp.crwdcntrl.net

IN A

Response

bcp.crwdcntrl.net

IN A

52.48.114.218

bcp.crwdcntrl.net

IN A

54.74.215.235

bcp.crwdcntrl.net

IN A

54.216.230.172

bcp.crwdcntrl.net

IN A

54.78.53.108

bcp.crwdcntrl.net

IN A

54.76.113.237

bcp.crwdcntrl.net

IN A

52.211.255.159

bcp.crwdcntrl.net

IN A

34.251.185.45

bcp.crwdcntrl.net

IN A

54.76.166.236
GET

https://tags.crwdcntrl.net/c/4545/cc_af.js

msedge.exe

Remote address:

18.239.18.118:443

Request

GET /c/4545/cc_af.js HTTP/2.0
host: tags.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 04 Oct 2024 20:20:17 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 435254ceec69c136096ca9b455fd3534.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: hgFTGVJFdLIfG5QNqqxP0BlR70siJNZzsb7n4bC68ArGF-OrJlH8vQ==
cache-control: public, max-age=86400
GET

https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

msedge.exe

Remote address:

18.239.18.118:443

Request

GET /lt/c/16589/sync.min.js HTTP/2.0
host: tags.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
last-modified: Tue, 20 Aug 2024 18:47:43 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 04 Oct 2024 01:42:06 GMT
cache-control: public, max-age=86400
etag: W/"4a385df4045c9db00ad295e7c0ca65d1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 435254ceec69c136096ca9b455fd3534.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: 91MEZm6o-FMd15yFF1cj3CVjtb81oHHKQn0xdN-tFMcBFeSP0RiB8Q==
age: 67105
DNS

ad.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

ad.crwdcntrl.net

IN A

Response

ad.crwdcntrl.net

IN A

52.48.114.218

ad.crwdcntrl.net

IN A

52.211.255.159

ad.crwdcntrl.net

IN A

54.76.113.237

ad.crwdcntrl.net

IN A

54.78.53.108

ad.crwdcntrl.net

IN A

54.76.166.236

ad.crwdcntrl.net

IN A

34.251.185.45

ad.crwdcntrl.net

IN A

54.216.230.172

ad.crwdcntrl.net

IN A

54.74.215.235
DNS

bshr.ezodn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bshr.ezodn.com

IN A

Response

bshr.ezodn.com

IN A

104.21.87.79

bshr.ezodn.com

IN A

172.67.142.121
GET

https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=f82c71c27cc841a2b1449f9a7e99a3cf

msedge.exe

Remote address:

52.48.114.218:443

Request

GET /map/c=3722/tp=ADSP/tpid=f82c71c27cc841a2b1449f9a7e99a3cf HTTP/2.0
host: bcp.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 04 Oct 2024 20:20:18 GMT
content-type: image/gif
content-length: 49
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.5.22
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)
POST

https://bcp.crwdcntrl.net/6/map

msedge.exe

Remote address:

52.48.114.218:443

Request

POST /6/map HTTP/2.0
host: bcp.crwdcntrl.net
content-length: 663
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json;charset=utf-8
content-length: 156
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.28.69
set-cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 01-Jul-2025 20:07:00 GMT;SameSite=None;Secure
set-cookie: _cc_id=56d4d140dbdd0d4736a70aa67bfd813a;Path=/;Domain=crwdcntrl.net;Expires=Tue, 01-Jul-2025 20:07:00 GMT;SameSite=None;Secure
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
server: Jetty(9.4.38.v20210224)
GET

https://id.crwdcntrl.net/id?gdpr_applies=true&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

msedge.exe

Remote address:

52.48.114.218:443

Request

GET /id?gdpr_applies=true&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA HTTP/2.0
host: id.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json;charset=utf-8
content-length: 75
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.11.156
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
server: Jetty(9.4.38.v20210224)
GET

https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?12385206

msedge.exe

Remote address:

52.48.114.218:443

Request

GET /5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?12385206 HTTP/2.0
host: ad.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 04 Oct 2024 20:20:18 GMT
content-type: application/javascript;charset=utf-8
content-length: 146
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.14.204
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)
OPTIONS

https://bshr.ezodn.com/?bf=30000&dc=21732118914%7C1254144

msedge.exe

Remote address:

104.21.87.79:443

Request

OPTIONS /?bf=30000&dc=21732118914%7C1254144 HTTP/2.0
host: bshr.ezodn.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-pingback
origin: https://www.mediafire.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:18 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type,x-pingback
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=06pzDfGszf0VpsZAWp%2BN1kIMAE4Vym1XNBk7HNhwLesLOjEWLce2T9me%2F7m8CUIruZWCoT7pJgMY3OK63GWvMWIh2d5S6e2e%2BNdzdXUesM5KBKpXxaxcSpJa%2F2PVMSdIZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2d18dabef8-LHR
GET

https://bshr.ezodn.com/?bf=30000&dc=21732118914%7C1254144

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /?bf=30000&dc=21732118914%7C1254144 HTTP/2.0
host: bshr.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
x-pingback: pingpong
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:18 GMT
content-type: application/json; charset=utf8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: public, max-age=1209600
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
last-modified: Mon, 09 Sep 2024 21:12:44 GMT
cf-cache-status: HIT
age: 1047503
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4yGAiYba8%2BEEG6huY7BBBSDby1qR1bnsyi0asWBdxL4JOFnM2i4gMpP%2FyqTjo7BjLLDJMFkV8fZOIy2cLFAI2viGOFtie1QS0VWhlOXPjUryxp1lLejmfPb41LOYt8kBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7df2de9c1bef8-LHR
content-encoding: br
GET

https://go.ezodn.com/dac/4809148062

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /dac/4809148062 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:37 GMT
content-type: text/plain
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: public, max-age=14400
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
last-modified: Mon, 09 Sep 2024 21:18:59 GMT
cf-cache-status: HIT
age: 1052106
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncRC%2F1tPbF98PSIP6cz%2FiUyqc3mygiXgQi1GfYfm2L6R%2FFuRaUYcNNs9LUB8QI36Yhux%2F5yE5EgoOtU2mhPMdMs%2FkyycsfDZasv0uRbaUKzKnKxCNWPISevMGFo0uHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd7dfa5a85bbef8-LHR
DNS

crt.rootg2.amazontrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

crt.rootg2.amazontrust.com

IN A

Response

crt.rootg2.amazontrust.com

IN A

18.239.83.98

crt.rootg2.amazontrust.com

IN A

18.239.83.27

crt.rootg2.amazontrust.com

IN A

18.239.83.86

crt.rootg2.amazontrust.com

IN A

18.239.83.100
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

msedge.exe

Remote address:

18.239.83.98:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 01 Oct 2024 12:29:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: V1G03yRdB5RKU57mlQbgnZbxsHaG3Ze5
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 04 Oct 2024 19:20:08 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 87e83cc6e8f384d40eab78133e901302.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P5
X-Amz-Cf-Id: G7V5FyYGBMDcZLiNwn5zzfoxq7J3TDc5tdNO2KJLStNmKvBjikGASg==
Age: 3611
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

msedge.exe

Remote address:

18.239.83.98:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 01 Oct 2024 12:29:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: V1G03yRdB5RKU57mlQbgnZbxsHaG3Ze5
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 04 Oct 2024 19:20:08 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 87e83cc6e8f384d40eab78133e901302.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P5
X-Amz-Cf-Id: HGF1PLr1H_jon0ql3XRre9wGG4o_O9SdlgxANi0AECEYcXgaEcU1ZA==
Age: 3611
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

msedge.exe

Remote address:

18.239.83.98:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 01 Oct 2024 12:29:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: V1G03yRdB5RKU57mlQbgnZbxsHaG3Ze5
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 04 Oct 2024 19:20:08 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3f24561b20ab2825cb11ac40fc1c2434.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P5
X-Amz-Cf-Id: zuYl0kGZL-tmgeaJRLyoCgfupWdCOZSt4NP7wSe8SMM6L_cqlVDjhA==
Age: 3611
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.169.34
DNS

226.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.16.217.172.in-addr.arpa

IN PTR

Response

226.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f21e100net

226.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f2�H
DNS

194.23.211.130.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.23.211.130.in-addr.arpa

IN PTR

Response

194.23.211.130.in-addr.arpa

IN PTR

19423211130bcgoogleusercontentcom
DNS

34.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.169.217.172.in-addr.arpa

IN PTR

Response

34.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f21e100net
DNS

118.18.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.18.239.18.in-addr.arpa

IN PTR

Response

118.18.239.18.in-addr.arpa

IN PTR

server-18-239-18-118ams58r cloudfrontnet
DNS

79.87.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.87.21.104.in-addr.arpa

IN PTR

Response
DNS

98.83.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.83.239.18.in-addr.arpa

IN PTR

Response

98.83.239.18.in-addr.arpa

IN PTR

server-18-239-83-98ams58r cloudfrontnet
DNS

218.114.48.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.114.48.52.in-addr.arpa

IN PTR

Response

218.114.48.52.in-addr.arpa

IN PTR

ec2-52-48-114-218 eu-west-1compute amazonawscom
DNS

fundingchoicesmessages.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.16.238
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
GET

https://g.ezoic.net/cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&pageview_id=c2d70dab-256c-4001-7a5e-66ccc38cf07a

msedge.exe

Remote address:

13.37.187.223:443

Request

GET /cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&pageview_id=c2d70dab-256c-4001-7a5e-66ccc38cf07a HTTP/2.0
host: g.ezoic.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Fri, 04 Oct 2024 20:20:30 GMT
expires: Thu, 03 Oct 2024 20:20:30 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-middleton-display: cmp_sol
content-length: 43
DNS

region1.analytics.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

stats.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

108.177.15.154

stats.g.doubleclick.net

IN A

108.177.15.156

stats.g.doubleclick.net

IN A

108.177.15.155

stats.g.doubleclick.net

IN A

108.177.15.157
DNS

gum.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

id.a-mx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

id.a-mx.com

IN A

Response

id.a-mx.com

IN A

79.127.216.47

id.a-mx.com

IN A

79.127.227.46
DNS

ups.analytics.yahoo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ups.analytics.yahoo.com

IN A

Response

ups.analytics.yahoo.com

IN CNAME

dcs-ups.g03.yahoodns.net

dcs-ups.g03.yahoodns.net

IN CNAME

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

IN CNAME

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

IN CNAME

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.75.62.37

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.71.149.231
DNS

consentdeliveryfd.azurefd.net

msedge.exe

Remote address:

8.8.8.8:53

Request

consentdeliveryfd.azurefd.net

IN A

Response

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

id.hadron.ad.gt

msedge.exe

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt

IN A

Response

id.hadron.ad.gt

IN CNAME

id.hadron.ad.gt.cdn.cloudflare.net

id.hadron.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69
DNS

id5-sync.com

msedge.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.82
DNS

api.rlcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.rlcdn.com

IN A

Response

api.rlcdn.com

IN A

34.120.133.55
DNS

id.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

id.crwdcntrl.net

IN A

Response

id.crwdcntrl.net

IN A

54.76.113.237

id.crwdcntrl.net

IN A

34.251.185.45

id.crwdcntrl.net

IN A

54.76.166.236

id.crwdcntrl.net

IN A

54.78.53.108

id.crwdcntrl.net

IN A

54.216.230.172

id.crwdcntrl.net

IN A

52.211.255.159

id.crwdcntrl.net

IN A

54.74.215.235

id.crwdcntrl.net

IN A

52.48.114.218
DNS

match.adsrvr.org

msedge.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

3.33.220.150

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

52.223.40.198
DNS

www.google.co.uk

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

142.250.200.35
DNS

cdn-ima.33across.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn-ima.33across.com

IN A

Response

cdn-ima.33across.com

IN CNAME

cdn-ima.33across.com.cdn.cloudflare.net

cdn-ima.33across.com.cdn.cloudflare.net

IN A

104.18.35.167

cdn-ima.33across.com.cdn.cloudflare.net

IN A

172.64.152.89
DNS

invstatic101.creativecdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

invstatic101.creativecdn.com

IN A

Response

invstatic101.creativecdn.com

IN A

34.96.70.87
DNS

static.criteo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

oa.openxcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

oa.openxcdn.net

IN A

Response

oa.openxcdn.net

IN A

34.102.146.192
DNS

tpc.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

216.58.201.97
OPTIONS

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

msedge.exe

Remote address:

178.250.1.11:443

Request

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://www.mediafire.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 04 Oct 2024 20:20:30 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 288852
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 04 Oct 2024 20:20:30 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: uid=b24365c9-56d1-4f49-8e0d-453a0b1aed25; expires=Wed, 29 Oct 2025 20:20:30 GMT; domain=.criteo.com; path=/; secure; samesite=none
server-processing-duration-in-ticks: 415650
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
date: Fri, 04 Oct 2024 20:20:31 GMT
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=3e4553ff-97c9-4b80-aa08-44009a771ae3; expires=Wed, 29 Oct 2025 20:20:31 GMT; domain=.criteo.com; path=/; secure; samesite=none
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
x-robots-tag: noindex
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 319482
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=3&topUrl=www.mediafire.com&bundle=PwNleF9iZ3pFU1ZoYXQ5b1JmUE84TTZvaFNFR2djcDIlMkZkZWtjdXZ3dURFUXltbzU3RkdVQ1lMQ1plcnRiTEM4JTJGbzZ5TkZOeUtPamUzNW5WcTd0ckpVV21adWRzUHhmMGolMkZYbmNqWTElMkZ2JTJGNWRBT3h3bmRKRWtqUWl0dUJ6R0FEbXZBSlU&info=JqO2e183NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6TlplVSUyRlF4WGRvaGkwZEFvaXhQUHhtaEElM0QlM0Q&idsd=-556611640,-1143725137&cw=1&lsw=1

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=3&topUrl=www.mediafire.com&bundle=PwNleF9iZ3pFU1ZoYXQ5b1JmUE84TTZvaFNFR2djcDIlMkZkZWtjdXZ3dURFUXltbzU3RkdVQ1lMQ1plcnRiTEM4JTJGbzZ5TkZOeUtPamUzNW5WcTd0ckpVV21adWRzUHhmMGolMkZYbmNqWTElMkZ2JTJGNWRBT3h3bmRKRWtqUWl0dUJ6R0FEbXZBSlU&info=JqO2e183NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6TlplVSUyRlF4WGRvaGkwZEFvaXhQUHhtaEElM0QlM0Q&idsd=-556611640,-1143725137&cw=1&lsw=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 04 Oct 2024 20:20:31 GMT
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: uid=6f3ffe0d-0074-44d2-bbfe-c21563c953ac; expires=Wed, 29 Oct 2025 20:20:31 GMT; domain=.criteo.com; path=/; secure; samesite=none
server-processing-duration-in-ticks: 509949
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://id.a-mx.com/sync/?tagId=&ref=null&u=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&tl=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&nf=0&rt=true&v=9.14.0&av=2.0&vg=epbjs&us_privacy=null&am=null&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

msedge.exe

Remote address:

79.127.216.47:443

Request

GET /sync/?tagId=&ref=null&u=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&tl=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&nf=0&rt=true&v=9.14.0&av=2.0&vg=epbjs&us_privacy=null&am=null&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA HTTP/1.1
Host: id.a-mx.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
Accept: */*
Origin: https://www.mediafire.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

date: Fri, 4 Oct 2024 22:20:29 +0200
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
location: https://c3.a-mo.net/b?uid=807c1844-fff1-489f-bf20-065da249a41e&sh=id.a-mx.com&?us_privacy=null&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1
content-length: 0
set-cookie: amdt_t=g::1728073230371; Max-Age=31536000; Expires=Sat, 04 Oct 2025 20:20:30 GMT; Path=/; Domain=a-mx.com; Secure; HTTPOnly; SameSite=None
set-cookie: amuid2=807c1844-fff1-489f-bf20-065da249a41e; Max-Age=31536000; Expires=Sat, 04 Oct 2025 20:20:30 GMT; Path=/; Domain=a-mx.com; Secure; HTTPOnly; SameSite=None
GET

https://id.a-mx.com/set?oid=807c1844-fff1-489f-bf20-065da249a41e&uid=807c1844-fff1-489f-bf20-065da249a41e&?gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

msedge.exe

Remote address:

79.127.216.47:443

Request

GET /set?oid=807c1844-fff1-489f-bf20-065da249a41e&uid=807c1844-fff1-489f-bf20-065da249a41e&?gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1 HTTP/1.1
Host: id.a-mx.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
Accept: */*
Origin: null
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: amdt_t=g::1728073230371; amuid2=807c1844-fff1-489f-bf20-065da249a41e

Response

HTTP/1.1 200 OK

date: Fri, 4 Oct 2024 22:20:29 +0200
access-control-allow-credentials: true
access-control-allow-origin: null
content-type: application/json
content-length: 66
GET

https://ups.analytics.yahoo.com/ups/58713/fed?v=1&1p=0&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=&url=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&pixelId=58713

msedge.exe

Remote address:

3.75.62.37:443

Request

GET /ups/58713/fed?v=1&1p=0&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=&url=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&pixelId=58713 HTTP/2.0
host: ups.analytics.yahoo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a20v887485693z86304663za200zb6304663&_p=1728073215959&_gaz=1&gcs=G111&gcd=13r3r3r3r5l1&npa=0&dma=0&tcfd=10000&tag_exp=101671035~101747727&cid=864837303.1728073217&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728073216&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&dt=Ui-Dropped&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tfd=15624

msedge.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a20v887485693z86304663za200zb6304663&_p=1728073215959&_gaz=1&gcs=G111&gcd=13r3r3r3r5l1&npa=0&dma=0&tcfd=10000&tag_exp=101671035~101747727&cid=864837303.1728073217&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728073216&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&dt=Ui-Dropped&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tfd=15624 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://id5-sync.com/api/config/prebid

msedge.exe

Remote address:

162.19.138.119:443

Request

POST /api/config/prebid HTTP/2.0
host: id5-sync.com
content-length: 411
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.mediafire.com
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=383b210b-e88b-7e80-a770-a31b10c971c4#1728073230373#1; Max-Age=7776000; Expires=Thu, 02-Jan-2025 20:20:30 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
date: Fri, 04 Oct 2024 20:20:29 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/g/v2/457.json

msedge.exe

Remote address:

162.19.138.119:443

Request

POST /g/v2/457.json HTTP/2.0
host: id5-sync.com
content-length: 1233
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
access-control-allow-origin: https://www.mediafire.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id.hadron.ad.gt/api/v1/pbhid?partner_id=524&_it=prebid&t=1&src=id&domain=www.mediafire.com&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

msedge.exe

Remote address:

172.67.23.234:443

Request

GET /api/v1/pbhid?partner_id=524&_it=prebid&t=1&src=id&domain=www.mediafire.com&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1 HTTP/2.0
host: id.hadron.ad.gt
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
access-control-allow-origin: *
allow: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd7df7998f853a5-LHR
content-encoding: br
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727

msedge.exe

Remote address:

108.177.15.154:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://api.rlcdn.com/api/identity/envelope?pid=14067&ct=4&cv=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

msedge.exe

Remote address:

34.120.133.55:443

Request

GET /api/identity/envelope?pid=14067&ct=4&cv=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA HTTP/2.0
host: api.rlcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://oa.openxcdn.net/esp.js

msedge.exe

Remote address:

34.102.146.192:443

Request

GET /esp.js HTTP/2.0
host: oa.openxcdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1758293139

msedge.exe

Remote address:

142.250.200.35:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1758293139 HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn-ima.33across.com/ob.js

msedge.exe

Remote address:

104.18.35.167:443

Request

GET /ob.js HTTP/2.0
host: cdn-ima.33across.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2024 20:25:40 GMT
vary: Accept-Encoding
etag: W/"66ce3644-43df"
expires: Mon, 07 Oct 2024 20:20:30 GMT
cache-control: public, max-age=259200
content-encoding: gzip
cf-cache-status: HIT
age: 257830
server: cloudflare
cf-ray: 8cd7df7a19ee4886-LHR
GET

https://match.adsrvr.org/track/rid?ttd_pid=muno13d&fmt=json

msedge.exe

Remote address:

3.33.220.150:443

Request

GET /track/rid?ttd_pid=muno13d&fmt=json HTTP/2.0
host: match.adsrvr.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
access-control-allow-origin: https://www.mediafire.com
cache-control: private
expires: Sun, 03 Nov 2024 20:20:30 GMT
vary: Origin
content-encoding: gzip
vary: Accept-Encoding
GET

https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js

msedge.exe

Remote address:

34.96.70.87:443

Request

GET /encrypted-signals/encrypted-tag-g.js HTTP/2.0
host: invstatic101.creativecdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.criteo.net/js/ld/publishertag.ids.js

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /js/ld/publishertag.ids.js HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: text/javascript
last-modified: Thu, 05 Sep 2024 10:56:45 GMT
etag: W/"66d98e6d-a677"
expires: Sat, 05 Oct 2024 20:20:30 GMT
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
DNS

c3.a-mo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

c3.a-mo.net

IN A

Response

c3.a-mo.net

IN CNAME

id.a-mx.com

id.a-mx.com

IN A

79.127.227.46

id.a-mx.com

IN A

79.127.216.47
DNS

lb.eu-1-id5-sync.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

162.19.138.119
DNS

oajs.openx.net

msedge.exe

Remote address:

8.8.8.8:53

Request

oajs.openx.net

IN A

Response

oajs.openx.net

IN A

34.120.107.143

oajs.openx.net

IN A

34.120.135.53
DNS

dnacdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN A

Response

dnacdn.net

IN A

178.250.1.11
GET

https://lb.eu-1-id5-sync.com/lb/v1

msedge.exe

Remote address:

162.19.138.116:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.mediafire.com
vary: Origin
content-type: application/json;charset=UTF-8
date: Fri, 04 Oct 2024 20:20:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://c3.a-mo.net/b?uid=807c1844-fff1-489f-bf20-065da249a41e&sh=id.a-mx.com&?us_privacy=null&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

msedge.exe

Remote address:

79.127.227.46:443

Request

GET /b?uid=807c1844-fff1-489f-bf20-065da249a41e&sh=id.a-mx.com&?us_privacy=null&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1 HTTP/1.1
Host: c3.a-mo.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
Accept: */*
Origin: null
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

date: Fri, 4 Oct 2024 20:20:30 GMT
access-control-allow-credentials: true
access-control-allow-origin: null
location: https://id.a-mx.com/set?oid=807c1844-fff1-489f-bf20-065da249a41e&uid=807c1844-fff1-489f-bf20-065da249a41e&?gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1
content-length: 0
set-cookie: amdt_t=p::1728073230607; Max-Age=31536000; Expires=Sat, 04 Oct 2025 20:20:30 GMT; Path=/; Domain=a-mo.net; Secure; HTTPOnly; SameSite=None
set-cookie: amuid2=807c1844-fff1-489f-bf20-065da249a41e; Max-Age=31536000; Expires=Sat, 04 Oct 2025 20:20:30 GMT; Path=/; Domain=a-mo.net; Secure; HTTPOnly; SameSite=None
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
GET

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&rid=esp

msedge.exe

Remote address:

34.120.107.143:443

Request

GET /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&rid=esp HTTP/2.0
host: oajs.openx.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://dnacdn.net/dna

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /dna HTTP/2.0
host: dnacdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Fri, 04 Oct 2024 20:20:30 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: browser_data=P_LKFV83NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6Tlo0YzJCYiUyQkpkblhhaHo2bUs1TndjZUElM0QlM0Q; expires=Wed, 29 Oct 2025 20:20:30 GMT; domain=dnacdn.net; path=/; secure; samesite=none
server-processing-duration-in-ticks: 129583
strict-transport-security: max-age=31536000; preload;
GET

https://dnacdn.net/dna

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /dna HTTP/2.0
host: dnacdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: browser_data=P_LKFV83NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6Tlo0YzJCYiUyQkpkblhhaHo2bUs1TndjZUElM0QlM0Q

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 04 Oct 2024 20:20:31 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: browser_data=JqO2e183NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6TlplVSUyRlF4WGRvaGkwZEFvaXhQUHhtaEElM0QlM0Q; expires=Wed, 29 Oct 2025 20:20:31 GMT; domain=dnacdn.net; path=/; secure; samesite=none
server-processing-duration-in-ticks: 189627
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://www.google.com/recaptcha/api2/aframe

msedge.exe

Remote address:

216.58.204.68:443

Request

GET /recaptcha/api2/aframe HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

hb.yellowblue.io

msedge.exe

Remote address:

8.8.8.8:53

Request

hb.yellowblue.io

IN A

Response

hb.yellowblue.io

IN A

18.239.50.10

hb.yellowblue.io

IN A

18.239.50.87

hb.yellowblue.io

IN A

18.239.50.3

hb.yellowblue.io

IN A

18.239.50.124
DNS

tlx.3lift.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tlx.3lift.com

IN A

Response

tlx.3lift.com

IN CNAME

eu-tlx.3lift.com

eu-tlx.3lift.com

IN A

3.78.168.176

eu-tlx.3lift.com

IN A

18.157.230.4

eu-tlx.3lift.com

IN A

3.124.64.248
DNS

prebid.a-mo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

prebid.a-mo.net

IN A

Response

prebid.a-mo.net

IN CNAME

nld-prebid.a-mx.net

nld-prebid.a-mx.net

IN A

163.5.194.33

nld-prebid.a-mx.net

IN A

163.5.194.36

nld-prebid.a-mx.net

IN A

163.5.194.30

nld-prebid.a-mx.net

IN A

163.5.194.35

nld-prebid.a-mx.net

IN A

163.5.194.32

nld-prebid.a-mx.net

IN A

163.5.194.31

nld-prebid.a-mx.net

IN A

163.5.194.37

nld-prebid.a-mx.net

IN A

163.5.194.34
DNS

onetag-sys.com

msedge.exe

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.253

onetag-sys.com

IN A

51.89.9.251

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.38.120.206

onetag-sys.com

IN A

51.89.9.252
DNS

ap.lijit.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ap.lijit.com

IN A

Response

ap.lijit.com

IN CNAME

vap.lijit.com

vap.lijit.com

IN CNAME

emeas.vap.lijit.com

emeas.vap.lijit.com

IN CNAME

eu.vap.lijit.com

eu.vap.lijit.com

IN CNAME

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.19.188.138

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.210.21.58

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.229.25.175

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.242.65.112

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.253.139.138

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.155.119.8

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.216.33.27

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.76.222.75
DNS

fastlane.rubiconproject.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fastlane.rubiconproject.com

IN A

Response

fastlane.rubiconproject.com

IN CNAME

tagged-by.rubiconproject.net.akadns.net

tagged-by.rubiconproject.net.akadns.net

IN A

69.173.156.139
POST

https://hb.yellowblue.io/hb-multi

msedge.exe

Remote address:

18.239.50.10:443

Request

POST /hb-multi HTTP/2.0
host: hb.yellowblue.io
content-length: 5159
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
content-length: 107
date: Fri, 04 Oct 2024 20:20:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-encoding: gzip
x-reason: maxmind hosting provider
x-envoy-upstream-service-time: 1
server: istio-envoy
x-cache: Miss from cloudfront
via: 1.1 9ac192ffc1203361ea1141b56df84966.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
x-amz-cf-id: eKFUxAusRHjs7UZZZzJEZ4TAW2f5FTOGrTwJ8KN2ujGcSapym_Xz6w==
POST

https://hb.yellowblue.io/hb-multi

msedge.exe

Remote address:

18.239.50.10:443

Request

POST /hb-multi HTTP/2.0
host: hb.yellowblue.io
content-length: 3665
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
content-length: 108
date: Fri, 04 Oct 2024 20:20:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-encoding: gzip
x-reason: maxmind hosting provider
x-envoy-upstream-service-time: 2
server: istio-envoy
x-cache: Miss from cloudfront
via: 1.1 9ac192ffc1203361ea1141b56df84966.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
x-amz-cf-id: gPrygODAW-o5k0rS0u766cHGkGNDszT-mc8JOgkQX95lPM85ENYorg==
POST

https://prebid.a-mo.net/a/c

msedge.exe

Remote address:

163.5.194.33:443

Request

POST /a/c HTTP/2.0
host: prebid.a-mo.net
content-length: 5718
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
cache-control: max-age=0, private, must-revalidate
date: Fri, 04 Oct 2024 20:20:29 GMT
server: envoy
vary: origin, accept-encoding, Accept-Encoding
x-nbr: 8
x-envoy-upstream-service-time: 1
POST

https://prebid.a-mo.net/a/c

msedge.exe

Remote address:

163.5.194.33:443

Request

POST /a/c HTTP/2.0
host: prebid.a-mo.net
content-length: 4152
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: amdt_t=p::1728073230607
cookie: amuid2=807c1844-fff1-489f-bf20-065da249a41e

Response

HTTP/2.0 204

access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
cache-control: max-age=0, private, must-revalidate
date: Fri, 04 Oct 2024 20:20:29 GMT
server: envoy
vary: origin, accept-encoding, Accept-Encoding
x-nbr: 8
x-envoy-upstream-service-time: 1
GET

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=16&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-3-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=9e28d6f67feb95&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=cdd0fbcd-b720-43a9-884b-bd2ea358abb1&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-3-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.9465178819063118

msedge.exe

Remote address:

69.173.156.139:443

Request

GET /a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=16&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-3-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=9e28d6f67feb95&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=cdd0fbcd-b720-43a9-884b-bd2ea358abb1&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-3-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.9465178819063118 HTTP/2.0
host: fastlane.rubiconproject.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.21.4
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=M1V66MLW-22-DFXZ; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
set-cookie: audit=1|naVuGyos1qo7w5CvKxM9KUvhnMlHMGjEa0YRSVmCiSrgdfttHgrpfjxx/yZYSo4fB2HwTzCAiRTgcRgjl6EitdyQTP+AXpTcwgb+LGB5CwL1vSrj7XfwfnU6EDJdn7p25HbAWuUV9cTQhrYHyU/IRcZG7ZU8nS12WnNCqiUnVcdQ/H7EXDTXIEJQSl4kwmKoi9GDoSLXZQTw2JtnSaSQtEDRyNWpMbBvbMKZkReXTIXGsk+5LOgR84ATLYJtKhWv8WFTTVtkSRqZ0pAZGx8/+NNWRnI302t3TJB0yUgiaf5Eg29G5oV46N49qhx4rl9UT+h2ct9ZDKQ8AMyRQSAfHez5hH/Bhc/nSJ/gIk51q1m85Irg9HrXq39KCsp5zqgf7msNpq4DcjqScgSiwEXmqZYYA6qUQQ+VBkBhGbv1JaheT/XtyXclLYBFiDOww48GLGp6lrWtpKoBW9wiOC+BzLbfbMdbMELfcsf+I8G5GZ7j6jFhPKrci/Xgdd7v+1n6CV3dk+H3MjhWz40HKQNpe4mT6367OtIrNCJ3fPCIGTpDq3gqrHkMwckMZ938/sahTCIf3dlzTl14bafj0rftjsitP3kI3est3/EPfSXFwlMx0gAPY7o0Xih+DlgaPKYoEJf/d4cldHxk3UDydTn7cCXEFj77MEG6uEgH9lOENjapDKEcq9kZob10odNEzyD0Su09vtULUUFhwVuVpf3KdLip6XtzcZuGs91xdzitq8Ypub+oFwWHByuzlRJovQei7H8WC5WpTXW+xUA9sgf/4b7FQD2yB//h3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
GET

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=15&alt_size_ids=16&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-4-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=1011327cfe5995&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=353eb9ff-1e23-425e-acdc-7e115ea1e1e9&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-4-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.8619651744239318

msedge.exe

Remote address:

69.173.156.139:443

Request

GET /a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=15&alt_size_ids=16&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-4-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=1011327cfe5995&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=353eb9ff-1e23-425e-acdc-7e115ea1e1e9&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-4-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.8619651744239318 HTTP/2.0
host: fastlane.rubiconproject.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.21.4
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=M1V66MLW-1H-7337; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
set-cookie: audit=1|naVuGyos1qrU2iaaa2HqpkvhnMlHMGjEa0YRSVmCiSrgdfttHgrpfjxx/yZYSo4fB2HwTzCAiRTgcRgjl6EitdyQTP+AXpTcwgb+LGB5CwL1vSrj7XfwfnU6EDJdn7p25HbAWuUV9cTQhrYHyU/IRcZG7ZU8nS12WnNCqiUnVcdQ/H7EXDTXIEJQSl4kwmKoi9GDoSLXZQTw2JtnSaSQtEDRyNWpMbBvbMKZkReXTIXGsk+5LOgR84ATLYJtKhWv8WFTTVtkSRqZ0pAZGx8/+NNWRnI302t3TJB0yUgiaf5Eg29G5oV46N49qhx4rl9UT+h2ct9ZDKQ8AMyRQSAfHez5hH/Bhc/nSJ/gIk51q1m85Irg9HrXq39KCsp5zqgf7msNpq4DcjqScgSiwEXmqZYYA6qUQQ+VBkBhGbv1JaheT/XtyXclLYBFiDOww48GLGp6lrWtpKoBW9wiOC+BzLbfbMdbMELfcsf+I8G5GZ7j6jFhPKrci/Xgdd7v+1n6CV3dk+H3MjhWz40HKQNpe4mT6367OtIrNCJ3fPCIGTpDq3gqrHkMwckMZ938/sahTCIf3dlzTl14bafj0rftjsitP3kI3est3/EPfSXFwlMx0gAPY7o0Xih+DlgaPKYoEJf/d4cldHxk3UDydTn7cCXEFj77MEG6uEgH9lOENjapDKEcq9kZob10odNEzyD0Su09vtULUUFhwVuVpf3KdLip6XtzcZuGs91xdzitq8Ypub+oFwWHByuzlRJovQei7H8WC5WpTXW+xUA9sgf/4b7FQD2yB//h3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
GET

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=9&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-edge-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=114213636358124&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=88948cc7-eca0-4513-b0e8-300381ab5c59&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-edge-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.8011712897548022

msedge.exe

Remote address:

69.173.156.139:443

Request

GET /a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=9&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-edge-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=114213636358124&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=88948cc7-eca0-4513-b0e8-300381ab5c59&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-edge-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.8011712897548022 HTTP/2.0
host: fastlane.rubiconproject.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.21.4
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=M1V66MLX-1D-AJ6P; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
set-cookie: audit=1|naVuGyos1qq1g38Ey4ijqUvhnMlHMGjEa0YRSVmCiSrgdfttHgrpfjxx/yZYSo4fB2HwTzCAiRTgcRgjl6EitdyQTP+AXpTcwgb+LGB5CwL1vSrj7XfwfnU6EDJdn7p25HbAWuUV9cTQhrYHyU/IRcZG7ZU8nS12WnNCqiUnVcdQ/H7EXDTXIEJQSl4kwmKoi9GDoSLXZQTw2JtnSaSQtEDRyNWpMbBvbMKZkReXTIXGsk+5LOgR84ATLYJtKhWv8WFTTVtkSRqZ0pAZGx8/+NNWRnI302t3TJB0yUgiaf5Eg29G5oV46N49qhx4rl9UT+h2ct9ZDKQ8AMyRQSAfHez5hH/Bhc/nSJ/gIk51q1m85Irg9HrXq39KCsp5zqgf7msNpq4DcjqScgSiwEXmqZYYA6qUQQ+VBkBhGbv1JaheT/XtyXclLYBFiDOww48GLGp6lrWtpKoBW9wiOC+BzLbfbMdbMELfcsf+I8G5GZ7j6jFhPKrci/Xgdd7v+1n6CV3dk+H3MjhWz40HKQNpe4mT6367OtIrNCJ3fPCIGTpDq3gqrHkMwckMZ938/sahTCIf3dlzTl14bafj0rftjsitP3kI3est3/EPfSXFwlMx0gAPY7o0Xih+DlgaPKYoEJf/d4cldHxk3UDydTn7cCXEFj77MEG6uEgH9lOENjapDKEcq9kZob10odNEzyD0Su09vtULUUFhwVuVpf3KdLip6XtzcZuGs91xdzitq8Ypub+oFwWHByuzlRJovQei7H8WC5WpTXW+xUA9sgf/4b7FQD2yB//h3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
GET

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=9&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-edge-2-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=121b0b9e9055511&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=d589d19d-f22a-45ee-8d1c-1c8ba397a0e1&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-edge-2-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.6642710844709234

msedge.exe

Remote address:

69.173.156.139:443

Request

GET /a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=9&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-edge-2-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=121b0b9e9055511&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=d589d19d-f22a-45ee-8d1c-1c8ba397a0e1&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-edge-2-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.6642710844709234 HTTP/2.0
host: fastlane.rubiconproject.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.21.4
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=M1V66MLY-27-BOO6; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
set-cookie: audit=1|naVuGyos1qoAzBNLLJxyuUvhnMlHMGjEa0YRSVmCiSrgdfttHgrpfjxx/yZYSo4fB2HwTzCAiRTgcRgjl6EitdyQTP+AXpTcwgb+LGB5CwL1vSrj7XfwfnU6EDJdn7p25HbAWuUV9cTQhrYHyU/IRcZG7ZU8nS12WnNCqiUnVcdQ/H7EXDTXIEJQSl4kwmKoi9GDoSLXZQTw2JtnSaSQtEDRyNWpMbBvbMKZkReXTIXGsk+5LOgR84ATLYJtKhWv8WFTTVtkSRqZ0pAZGx8/+NNWRnI302t3TJB0yUgiaf5Eg29G5oV46N49qhx4rl9UT+h2ct9ZDKQ8AMyRQSAfHez5hH/Bhc/nSJ/gIk51q1m85Irg9HrXq39KCsp5zqgf7msNpq4DcjqScgSiwEXmqZYYA6qUQQ+VBkBhGbv1JaheT/XtyXclLYBFiDOww48GLGp6lrWtpKoBW9wiOC+BzLbfbMdbMELfcsf+I8G5GZ7j6jFhPKrci/Xgdd7v+1n6CV3dk+H3MjhWz40HKQNpe4mT6367OtIrNCJ3fPCIGTpDq3gqrHkMwckMZ938/sahTCIf3dlzTl14bafj0rftjsitP3kI3est3/EPfSXFwlMx0gAPY7o0Xih+DlgaPKYoEJf/d4cldHxk3UDydTn7cCXEFj77MEG6uEgH9lOENjapDKEcq9kZob10odNEzyD0Su09vtULUUFhwVuVpf3KdLip6XtzcZuGs91xdzitq8Ypub+oFwWHByuzlRJovQei7H8WC5WpTXW+xUA9sgf/4b7FQD2yB//h3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
GET

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-2-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=13ee0bdd6e26182&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=f629d9b7-9d6d-484c-ae76-9f763f846309&rp_hard_floor=0.4456&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-2-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.2971904478049172

msedge.exe

Remote address:

69.173.156.139:443

Request

GET /a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-2-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=13ee0bdd6e26182&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=f629d9b7-9d6d-484c-ae76-9f763f846309&rp_hard_floor=0.4456&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-2-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.2971904478049172 HTTP/2.0
host: fastlane.rubiconproject.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.21.4
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=M1V66MLX-I-FE9W; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
set-cookie: audit=1|naVuGyos1qrS4vraMMso1UvhnMlHMGjEa0YRSVmCiSrgdfttHgrpfjxx/yZYSo4fB2HwTzCAiRTgcRgjl6EitdyQTP+AXpTcwgb+LGB5CwL1vSrj7XfwfnU6EDJdn7p25HbAWuUV9cTQhrYHyU/IRcZG7ZU8nS12WnNCqiUnVcdQ/H7EXDTXIEJQSl4kwmKoi9GDoSLXZQTw2JtnSaSQtEDRyNWpMbBvbMKZkReXTIXGsk+5LOgR84ATLYJtKhWv8WFTTVtkSRqZ0pAZGx8/+NNWRnI302t3TJB0yUgiaf5Eg29G5oV46N49qhx4rl9UT+h2ct9ZDKQ8AMyRQSAfHez5hH/Bhc/nSJ/gIk51q1m85Irg9HrXq39KCsp5zqgf7msNpq4DcjqScgSiwEXmqZYYA6qUQQ+VBkBhGbv1JaheT/XtyXclLYBFiDOww48GLGp6lrWtpKoBW9wiOC+BzLbfbMdbMELfcsf+I8G5GZ7j6jFhPKrci/Xgdd7v+1n6CV3dk+H3MjhWz40HKQNpe4mT6367OtIrNCJ3fPCIGTpDq3gqrHkMwckMZ938/sahTCIf3dlzTl14bafj0rftjsitP3kI3est3/EPfSXFwlMx0gAPY7o0Xih+DlgaPKYoEJf/d4cldHxk3UDydTn7cCXEFj77MEG6uEgH9lOENjapDKEcq9kZob10odNEzyD0Su09vtULUUFhwVuVpf3KdLip6XtzcZuGs91xdzitq8Ypub+oFwWHByuzlRJovQei7H8WC5WpTXW+xUA9sgf/4b7FQD2yB//h3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Sat, 04-Oct-2025 20:20:30 GMT; Max-Age=31536000; SameSite=None; Secure
GET

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_amxdt.net=amx*r*5725bd11-6562-4924-80db-9e9f53cb3bfb%5E1&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-banner-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=3202faf8-c683-44ca-91ab-b67e3a8c07e6&l_pb_bid_id=389771c7e15e84&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=904bc2b6-cb74-4628-9fff-35b5835a712d&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-banner-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.012989275456984695

msedge.exe

Remote address:

69.173.156.139:443

Request

GET /a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_amxdt.net=amx*r*5725bd11-6562-4924-80db-9e9f53cb3bfb%5E1&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-banner-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=3202faf8-c683-44ca-91ab-b67e3a8c07e6&l_pb_bid_id=389771c7e15e84&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=904bc2b6-cb74-4628-9fff-35b5835a712d&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-banner-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.012989275456984695 HTTP/2.0
host: fastlane.rubiconproject.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.21.4
date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
pragma: no-cache
vary: Accept-Encoding
content-length: 438
POST

https://tlx.3lift.com/header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---

msedge.exe

Remote address:

3.78.168.176:443

Request

POST /header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1--- HTTP/2.0
host: tlx.3lift.com
content-length: 4425
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 15 Oct 1992 20:10:00 GMT
pragma: no-cache
x-xss-protection: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
set-cookie: receive-cookie-deprecation=1; Secure; HttpOnly; Path=/; Domain=.3lift.com; SameSite=None; Partitioned; Max-Age=7776000
set-cookie: tluid=1550373902627879521017; Max-Age=7776000; Expires=Thu, 02 Jan 2025 20:20:30 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None
vary: Accept-Encoding
content-encoding: gzip
POST

https://tlx.3lift.com/header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---

msedge.exe

Remote address:

3.78.168.176:443

Request

POST /header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1--- HTTP/2.0
host: tlx.3lift.com
content-length: 4559
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 15 Oct 1992 20:10:00 GMT
pragma: no-cache
x-xss-protection: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
set-cookie: receive-cookie-deprecation=1; Secure; HttpOnly; Path=/; Domain=.3lift.com; SameSite=None; Partitioned; Max-Age=7776000
set-cookie: tluid=179752860097469722310; Max-Age=7776000; Expires=Thu, 02 Jan 2025 20:20:31 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None
vary: Accept-Encoding
content-encoding: gzip
POST

https://onetag-sys.com/prebid-request

msedge.exe

Remote address:

51.89.9.253:443

Request

POST /prebid-request HTTP/2.0
host: onetag-sys.com
content-length: 6903
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://www.mediafire.com
access-control-allow-headers: content-type, origin, referer, user-agent
access-control-allow-credentials: true
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
content-type: application/json
content-encoding: gzip
content-length: 41
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
POST

https://onetag-sys.com/prebid-request

msedge.exe

Remote address:

51.89.9.253:443

Request

POST /prebid-request HTTP/2.0
host: onetag-sys.com
content-length: 4517
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://www.mediafire.com
access-control-allow-headers: content-type, origin, referer, user-agent
access-control-allow-credentials: true
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
content-type: application/json
content-encoding: gzip
content-length: 41
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_9.14.0

msedge.exe

Remote address:

52.19.188.138:443

Request

POST /rtb/bid?src=prebid_prebid_9.14.0 HTTP/2.0
host: ap.lijit.com
content-length: 2800
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:30 GMT
content-type: application/json
content-length: 752
vary: Accept-Encoding
set-cookie: ljtrtb=;Version=1;Domain=.lijit.com;Path=/;Max-Age=0;Secure;Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=None;
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-encoding: gzip
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_9.14.0

msedge.exe

Remote address:

52.19.188.138:443

Request

POST /rtb/bid?src=prebid_prebid_9.14.0 HTTP/2.0
host: ap.lijit.com
content-length: 2631
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:20:31 GMT
content-type: application/json
content-length: 752
vary: Accept-Encoding
set-cookie: ljtrtb=;Version=1;Domain=.lijit.com;Path=/;Max-Age=0;Secure;Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=None;
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-encoding: gzip
DNS

234.23.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.23.67.172.in-addr.arpa

IN PTR

Response
DNS

11.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.1.250.178.in-addr.arpa

IN PTR

Response
DNS

154.15.177.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.15.177.108.in-addr.arpa

IN PTR

Response

154.15.177.108.in-addr.arpa

IN PTR

wr-in-f1541e100net
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

47.216.127.79.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.216.127.79.in-addr.arpa

IN PTR

Response

47.216.127.79.in-addr.arpa

IN PTR

unn-79-127-216-47 datapacketcom
DNS

37.62.75.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.62.75.3.in-addr.arpa

IN PTR

Response

37.62.75.3.in-addr.arpa

IN PTR

ec2-3-75-62-37eu-central-1compute amazonawscom
DNS

119.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.138.19.162.in-addr.arpa

IN PTR

Response

119.138.19.162.in-addr.arpa

IN PTR

ns31533570 ip-162-19-138eu
DNS

55.133.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.133.120.34.in-addr.arpa

IN PTR

Response

55.133.120.34.in-addr.arpa

IN PTR

5513312034bcgoogleusercontentcom
DNS

192.146.102.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.146.102.34.in-addr.arpa

IN PTR

Response

192.146.102.34.in-addr.arpa

IN PTR

19214610234bcgoogleusercontentcom
DNS

35.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.200.250.142.in-addr.arpa

IN PTR

Response

35.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f31e100net
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f11e100net

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1�G

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f97�G
DNS

167.35.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.35.18.104.in-addr.arpa

IN PTR

Response
DNS

87.70.96.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.70.96.34.in-addr.arpa

IN PTR

Response

87.70.96.34.in-addr.arpa

IN PTR

87709634bcgoogleusercontentcom
DNS

3.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

150.220.33.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.220.33.3.in-addr.arpa

IN PTR

Response

150.220.33.3.in-addr.arpa

IN PTR

a12b7a488abeaa9e4awsglobalacceleratorcom
DNS

46.227.127.79.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.227.127.79.in-addr.arpa

IN PTR

Response

46.227.127.79.in-addr.arpa

IN PTR

unn-79-127-227-46 datapacketcom
DNS

143.107.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

143.107.120.34.in-addr.arpa

IN PTR

Response

143.107.120.34.in-addr.arpa

IN PTR

14310712034bcgoogleusercontentcom
DNS

116.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.138.19.162.in-addr.arpa

IN PTR

Response

116.138.19.162.in-addr.arpa

IN PTR

ns31533567 ip-162-19-138eu
DNS

10.50.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.50.239.18.in-addr.arpa

IN PTR

Response

10.50.239.18.in-addr.arpa

IN PTR

server-18-239-50-10ams58r cloudfrontnet
DNS

68.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.204.58.216.in-addr.arpa

IN PTR

Response

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f681e100net

68.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f4�H

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f4�H
DNS

33.194.5.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.194.5.163.in-addr.arpa

IN PTR

Response
DNS

139.156.173.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.156.173.69.in-addr.arpa

IN PTR

Response
DNS

176.168.78.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.168.78.3.in-addr.arpa

IN PTR

Response

176.168.78.3.in-addr.arpa

IN PTR

ec2-3-78-168-176eu-central-1compute amazonawscom
DNS

253.9.89.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

253.9.89.51.in-addr.arpa

IN PTR

Response

253.9.89.51.in-addr.arpa

IN PTR

ip253 ip-51-89-9eu
DNS

138.188.19.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.188.19.52.in-addr.arpa

IN PTR

Response

138.188.19.52.in-addr.arpa

IN PTR

ec2-52-19-188-138 eu-west-1compute amazonawscom
DNS

google-bidout-d.openx.net

msedge.exe

Remote address:

8.8.8.8:53

Request

google-bidout-d.openx.net

IN A

Response

google-bidout-d.openx.net

IN A

34.98.64.218

google-bidout-d.openx.net

IN A

35.244.159.8
GET

https://google-bidout-d.openx.net/w/1.0/pd?plm=5

msedge.exe

Remote address:

34.98.64.218:443

Request

GET /w/1.0/pd?plm=5 HTTP/2.0
host: google-bidout-d.openx.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com

IN A

Response

10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.200.33
GET

https://10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

msedge.exe

Remote address:

142.250.200.33:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: 10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ag.gbc.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ag.gbc.criteo.com

IN A

Response

ag.gbc.criteo.com

IN CNAME

gbc3.fr3.eu.criteo.com

gbc3.fr3.eu.criteo.com

IN A

185.235.86.89

gbc3.fr3.eu.criteo.com

IN A

185.235.86.94

gbc3.fr3.eu.criteo.com

IN A

185.235.86.108

gbc3.fr3.eu.criteo.com

IN A

185.235.86.91

gbc3.fr3.eu.criteo.com

IN A

185.235.86.92

gbc3.fr3.eu.criteo.com

IN A

185.235.86.111

gbc3.fr3.eu.criteo.com

IN A

185.235.86.107

gbc3.fr3.eu.criteo.com

IN A

185.235.86.87

gbc3.fr3.eu.criteo.com

IN A

185.235.86.86

gbc3.fr3.eu.criteo.com

IN A

185.235.86.88

gbc3.fr3.eu.criteo.com

IN A

185.235.86.103

gbc3.fr3.eu.criteo.com

IN A

185.235.86.109

gbc3.fr3.eu.criteo.com

IN A

185.235.86.105

gbc3.fr3.eu.criteo.com

IN A

185.235.86.102

gbc3.fr3.eu.criteo.com

IN A

185.235.86.95

gbc3.fr3.eu.criteo.com

IN A

185.235.86.84

gbc3.fr3.eu.criteo.com

IN A

185.235.86.90

gbc3.fr3.eu.criteo.com

IN A

185.235.86.110

gbc3.fr3.eu.criteo.com

IN A

185.235.86.101

gbc3.fr3.eu.criteo.com

IN A

185.235.86.93

gbc3.fr3.eu.criteo.com

IN A

185.235.86.85

gbc3.fr3.eu.criteo.com

IN A

185.235.86.106

gbc3.fr3.eu.criteo.com

IN A

185.235.86.100

gbc3.fr3.eu.criteo.com

IN A

185.235.86.97

gbc3.fr3.eu.criteo.com

IN A

185.235.86.104

gbc3.fr3.eu.criteo.com

IN A

185.235.86.99

gbc3.fr3.eu.criteo.com

IN A

185.235.86.98

gbc3.fr3.eu.criteo.com

IN A

185.235.86.96
DNS

gem.gbc.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

gem.gbc.criteo.com

IN A

Response

gem.gbc.criteo.com

IN CNAME

gbc6.fr3.eu.criteo.com

gbc6.fr3.eu.criteo.com

IN A

185.235.86.180

gbc6.fr3.eu.criteo.com

IN A

185.235.86.192

gbc6.fr3.eu.criteo.com

IN A

185.235.86.168

gbc6.fr3.eu.criteo.com

IN A

185.235.86.193

gbc6.fr3.eu.criteo.com

IN A

185.235.86.188

gbc6.fr3.eu.criteo.com

IN A

185.235.86.173

gbc6.fr3.eu.criteo.com

IN A

185.235.86.179

gbc6.fr3.eu.criteo.com

IN A

185.235.86.175

gbc6.fr3.eu.criteo.com

IN A

185.235.86.189

gbc6.fr3.eu.criteo.com

IN A

185.235.86.177

gbc6.fr3.eu.criteo.com

IN A

185.235.86.182

gbc6.fr3.eu.criteo.com

IN A

185.235.86.194

gbc6.fr3.eu.criteo.com

IN A

185.235.86.170

gbc6.fr3.eu.criteo.com

IN A

185.235.86.190

gbc6.fr3.eu.criteo.com

IN A

185.235.86.191

gbc6.fr3.eu.criteo.com

IN A

185.235.86.187

gbc6.fr3.eu.criteo.com

IN A

185.235.86.178

gbc6.fr3.eu.criteo.com

IN A

185.235.86.185

gbc6.fr3.eu.criteo.com

IN A

185.235.86.172

gbc6.fr3.eu.criteo.com

IN A

185.235.86.195

gbc6.fr3.eu.criteo.com

IN A

185.235.86.174

gbc6.fr3.eu.criteo.com

IN A

185.235.86.184

gbc6.fr3.eu.criteo.com

IN A

185.235.86.181

gbc6.fr3.eu.criteo.com

IN A

185.235.86.171

gbc6.fr3.eu.criteo.com

IN A

185.235.86.186

gbc6.fr3.eu.criteo.com

IN A

185.235.86.176

gbc6.fr3.eu.criteo.com

IN A

185.235.86.183

gbc6.fr3.eu.criteo.com

IN A

185.235.86.169
GET

https://gem.gbc.criteo.com/newidsd

msedge.exe

Remote address:

185.235.86.180:443

Request

GET /newidsd HTTP/2.0
host: gem.gbc.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 04 Oct 2024 20:20:31 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 52879
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://ag.gbc.criteo.com/newidsd

msedge.exe

Remote address:

185.235.86.89:443

Request

GET /newidsd HTTP/2.0
host: ag.gbc.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 04 Oct 2024 20:20:31 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 44392
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

194.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.212.58.216.in-addr.arpa

IN PTR

Response

194.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f21e100net

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f194�H

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f2�H
DNS

218.64.98.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.64.98.34.in-addr.arpa

IN PTR

Response

218.64.98.34.in-addr.arpa

IN PTR

218649834bcgoogleusercontentcom
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

180.86.235.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.86.235.185.in-addr.arpa

IN PTR

Response
DNS

89.86.235.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.86.235.185.in-addr.arpa

IN PTR

Response
DNS

check.analytics.rlcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

check.analytics.rlcdn.com

IN A

Response

check.analytics.rlcdn.com

IN A

13.227.219.17

check.analytics.rlcdn.com

IN A

13.227.219.97

check.analytics.rlcdn.com

IN A

13.227.219.49

check.analytics.rlcdn.com

IN A

13.227.219.68
GET

https://check.analytics.rlcdn.com/check/14067

msedge.exe

Remote address:

13.227.219.17:443

Request

GET /check/14067 HTTP/2.0
host: check.analytics.rlcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
content-length: 25
date: Fri, 04 Oct 2024 20:20:33 GMT
x-amzn-trace-id: Root=1-67004e11-5308d095218918de5058853a
x-amzn-requestid: 7faf1365-7fc1-4b5c-80ba-72718ecbbceb
access-control-allow-origin: *
x-amz-apigw-id: fJEixEbJDoEEq2Q=
x-cache: Miss from cloudfront
via: 1.1 58a361324cd2b1576fcc05c5471b9b12.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: im7ZN6shJ78GIumxvMIGRaLT70XGKtdhY4fsie4_tTQ-KQ8ozO5PDg==
GET

https://check.analytics.rlcdn.com/check/14067

msedge.exe

Remote address:

13.227.219.17:443

Request

GET /check/14067 HTTP/2.0
host: check.analytics.rlcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
content-length: 25
date: Fri, 04 Oct 2024 20:20:33 GMT
x-amzn-trace-id: Root=1-67004e11-6309ae381c6d92c0606c0f69
x-amzn-requestid: f4df2f90-1ef7-4895-8ea9-16bdee4b1fa8
access-control-allow-origin: *
x-amz-apigw-id: fJEiyH7djoEENVg=
x-cache: Miss from cloudfront
via: 1.1 58a361324cd2b1576fcc05c5471b9b12.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: 9UxgLXWh23XuV7IbMcTemOwcI5Im6wYqtSEwLFu3VCYn-opyIQJJww==
DNS

17.219.227.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.219.227.13.in-addr.arpa

IN PTR

Response

17.219.227.13.in-addr.arpa

IN PTR

server-13-227-219-17ams54r cloudfrontnet
DNS

cdn.ampproject.org

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

216.58.204.65
GET

https://cdn.ampproject.org/rtv/032406252034000/amp4ads-v0.js

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /rtv/032406252034000/amp4ads-v0.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/032406252034000/v0/amp-ad-exit-0.1.js

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /rtv/032406252034000/v0/amp-ad-exit-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/032406252034000/v0/amp-analytics-0.1.js

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /rtv/032406252034000/v0/amp-analytics-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/032406252034000/v0/amp-fit-text-0.1.js

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /rtv/032406252034000/v0/amp-fit-text-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/032406252034000/v0/amp-form-0.1.js

msedge.exe

Remote address:

216.58.204.65:443

Request

GET /rtv/032406252034000/v0/amp-form-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

65.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.204.58.216.in-addr.arpa

IN PTR

Response

65.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f11e100net

65.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f65�G

65.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f1�G
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

download2266.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

download2266.mediafire.com

IN A

Response

download2266.mediafire.com

IN A

199.91.155.7
GET

https://download2266.mediafire.com/otj85vo3pi8gpEebtMY2G9IRUv3bvX3pR6BWsu1dtsVpxOnOsRL4Fc4JD6PpERr5C4Mk9YOGjnSlgNzd3apQrEeApaw5jEqvBXftu_QiFek127MKgvT8TF0SITnN7Gucrl_kFJ4glRAj3iaOBH-8DG80YUwsWJVOhHURYj8_fwze/3nfa6p4pxkve92c/Ui-Dropped.jar

msedge.exe

Remote address:

199.91.155.7:443

Request

GET /otj85vo3pi8gpEebtMY2G9IRUv3bvX3pR6BWsu1dtsVpxOnOsRL4Fc4JD6PpERr5C4Mk9YOGjnSlgNzd3apQrEeApaw5jEqvBXftu_QiFek127MKgvT8TF0SITnN7Gucrl_kFJ4glRAj3iaOBH-8DG80YUwsWJVOhHURYj8_fwze/3nfa6p4pxkve92c/Ui-Dropped.jar HTTP/1.1
Host: download2266.mediafire.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __cf_bm=a4qWaZ0cpUUeaCn.qm5FbExeILV.xTr3Suid8DID_5M-1728073215-1.0.1.1-oo2JYfu9LT.Twu_9vwHqdyr1R7LWBS9jwbmTlP5qoo3AJM1Zl07GE0.vuIeJjveHGR1nz0xOL.VZoX5fYoHMWQ; ukey=o4a8dpd366wtxt2jvx9m73eps29ureaa; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%223nfa6p4pxkve92c%22%2C%22mf_term%22%3A%22cffd20c5c25ac69cca475c26a2f21775%22%7D; ezoab_484470=mod281-c; ezosuibasgeneris-1=de7d166a-9193-4a49-4143-1f32c6aa56ed; lp_484470=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file; ezovuuidtime_484470=1728073217; ezovuuid_484470=3aea8790-fdfb-4162-4b5e-ffdcee29099c; ezoref_484470=; active_template::484470=pub_site.1728073217; _gid=GA1.2.1286535164.1728073217; _gat_gtag_UA_829541_1=1; amp_28916b=ouFg2BvNXNvdC2S4QeGixq...1i9cj1cpk.1i9cj1cpm.0.1.1; ezopvc_484470=2; cf_clearance=ukuPpK.a1OuTkWHQ1kAzQc51Vz5usNoSyk72Ch.N95Y-1728073217-1.2.1.1-lpsEdfO1yBJqc_59pab_U5kc3YSiOubTdWPr4sZmPHEnYT3Nphjwkfqc1D7ABZtXtHtyrzyyfNhoO8EPsBaFXQ4XwAy0T66d6DvHswMbht2y6sSMmZ.Z90YGuzB461rI6qveCItKEJ.o_urZznFgMvseFCWY.IaOcmo3vTyj8C8KghvGbQUd2I0trV1uhkA.UjPnwxIQtOr_KF5QOW0WD2wYiPukUJrFh59Li60zxzOtc8rFYmLIfklocsfdIAveBOEtkDQ2O76AHmyC87CARJyfwVrDEzRJ6ByrdszmyOd6VWBilBN.LvDb_YrpLrq_lotRLjq1sXQDgFUqItW4cXU5ZcZmtFtqCrjqUrVR8w4FqF3TvB3Oqu5SUHBV3wvUp0Mj89M3rSqrRoNdCMCb2FlRK9B5QvNF.yJV.JuBXSU; _ga=GA1.1.864837303.1728073217; ez-consent-tcf=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA; _cc_id=56d4d140dbdd0d4736a70aa67bfd813a; panoramaId_expiry=1728159630250; cto_bidid=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA; __gads=ID=0685dcfeef4fcc4a:T=1728073230:RT=1728073230:S=ALNI_MbgjlgKHlSBEQ2uN8a9AygdlTJrQw; __gpi=UID=00000f02c83e58fe:T=1728073230:RT=1728073230:S=ALNI_MZpdVF5CwzyhG3TvBZHI0hvb4q67g; __eoi=ID=ed5fd538a1a8ddb0:T=1728073230:RT=1728073230:S=AA-AfjZlI8-JFzj5hIiobCNMkoPK; cto_bundle=e6MUAl9iZ3pFU1ZoYXQ5b1JmUE84TTZvaFNGeXJPVEpHQjZ0JTJGNmVrWDR4NGVTeDF4JTJCNlRoWlpQSTZzcm1oZUtLdUVKTDYxTmwlMkZyV1VCOUtaZkM0SFpuJTJCeGtlYXglMkYlMkJmeTlUeUdCQWpnYmlFdzJTYlJtJTJCQk8za3NFNEpLWlM3YVhjc3o2NmtiWmRlUnl3djZoNDdDVDklMkJqVHJBJTNEJTNE; accept-cookies=1; _ga_K68XP6D85D=GS1.1.1728073216.1.0.1728073236.40.0.0

Response

HTTP/1.1 200 OK

server: bd-0.1.27
content-type: application/zip
accept-ranges: bytes
connection: close
cache-control: no-store
x-robots-tag: noindex, nofollow
content-disposition: attachment; filename="Ui-Dropped.jar"
content-length: 71179
date: Fri, 04 Oct 2024 20:20:42 GMT
GET

http://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

msedge.exe

Remote address:

104.19.208.227:80

Request

GET /hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9 HTTP/1.1
Host: otnolatrnup.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Date: Fri, 04 Oct 2024 20:20:43 GMT
Content-Length: 0
Connection: keep-alive
Location: https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8cd7dfcc59a693e9-LHR
DNS

woreppercomming.com

msedge.exe

Remote address:

8.8.8.8:53

Request

woreppercomming.com

IN A

Response

woreppercomming.com

IN A

65.9.95.107

woreppercomming.com

IN A

65.9.95.72

woreppercomming.com

IN A

65.9.95.126

woreppercomming.com

IN A

65.9.95.51
GET

https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=3.45&totalcpv=0.00345&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00345&s2sParam=0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

msedge.exe

Remote address:

65.9.95.107:443

Request

GET /4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=3.45&totalcpv=0.00345&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00345&s2sParam=0c648c0e-9e2c-403e-bd98-f7dbbb7491a9 HTTP/2.0
host: woreppercomming.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-length: 0
location: https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=wl2hr43qpps4d4l43ein16fo
date: Fri, 04 Oct 2024 20:20:44 GMT
server: nginx
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 4fabb44a-878d-4024-bdef-2de07d973f5e-v4=EQrG4sYMEdyIJlV0H6-OB2I-l-tn4N6UFoav0BhIdaQ; Max-Age=86400; Expires=Sat, 05 Oct 2024 20:20:44 GMT; Domain=woreppercomming.com; Path=/; Secure; HttpOnly;SameSite=None
set-cookie: cc-v4=jA0HxLXSjlhm5hoV9vSJeUkBZi3fOzdhBwUGq6FCK1gmQZIzBi9AoUzQuYzx5auKqQ6jkM0bUkvjD2DWGBNAcobN2swfcigUfNvrsbR69x4mmHki8GdqN3skmHf%2BzIRz320h46245lKWwhtWbyXKrg%3D%3D; Max-Age=31536000; Expires=Sat, 04 Oct 2025 20:20:44 GMT; Domain=woreppercomming.com; Path=/; Secure; HttpOnly;SameSite=None
x-cache: Miss from cloudfront
via: 1.1 a60a14dea4b4a9f77d34297a625f2e24.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: VChl827HvP-kOKXHiDunY9_gnU0wjAvKEEudDPITDR_kgkPgS23zfg==
DNS

7.155.91.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.155.91.199.in-addr.arpa

IN PTR

Response
DNS

227.208.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.208.19.104.in-addr.arpa

IN PTR

Response
DNS

www.chancial.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.chancial.com

IN A

Response

www.chancial.com

IN A

172.67.141.135

www.chancial.com

IN A

104.21.79.34
GET

https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=wl2hr43qpps4d4l43ein16fo

msedge.exe

Remote address:

172.67.141.135:443

Request

GET /5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=wl2hr43qpps4d4l43ein16fo HTTP/2.0
host: www.chancial.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Fri, 04 Oct 2024 20:20:44 GMT
content-type: text/html; charset=utf-8
location: https://www.opera.com/gx?utm_content=2923_c25be22e-ac35-4bba-a2b8-212f01034d26&utm_source=PWNgames&utm_medium=pa&utm_campaign=PWN_GB_XVR_WEB_2923&utm_id=0c9aad0057ac4a6080d208b904075a7a&edition=std-2
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
x-eflow-request-id: da076fbc-73e5-4910-a882-42a1515139f4
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
x-served-by: cache-lcy-eglc8600032-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1728073244.282502,VS0,VE99
vary: Origin
set-cookie: uniqueClick_L2WFNRF=ac2b1d74-483d-45ba-a6eb-bcb2c4c07ce0:1728073244; Path=/; Expires=Sat, 05 Oct 2024 20:20:44 GMT; SameSite=None; Secure
set-cookie: transaction_id=0c9aad0057ac4a6080d208b904075a7a; Path=/; Expires=Thu, 02 Jan 2025 20:20:44 GMT; SameSite=None; Secure
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5R%2FfbfS874ZcVTX9GpkUvUFH6wVksrW9sKfsTToemhpmQAJSGJ1XQDumukDzyxDRm%2FHcHG9ZkvLewQsmvFRnR0Bu7vGBOzy64YRIVt%2BCRLUG2xZd1jaTeeK19WaZKjXs7Iop"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd7dfd0adcbcd91-LHR
DNS

www.opera.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.opera.com

IN A

Response

www.opera.com

IN CNAME

front-geo.production.opera-website.route53.opera.com

front-geo.production.opera-website.route53.opera.com

IN A

18.195.77.204

front-geo.production.opera-website.route53.opera.com

IN A

18.194.121.65

front-geo.production.opera-website.route53.opera.com

IN A

18.156.151.221

front-geo.production.opera-website.route53.opera.com

IN A

3.120.77.189

front-geo.production.opera-website.route53.opera.com

IN A

18.185.202.20

front-geo.production.opera-website.route53.opera.com

IN A

52.58.109.22

front-geo.production.opera-website.route53.opera.com

IN A

3.127.99.168

front-geo.production.opera-website.route53.opera.com

IN A

3.66.40.186
DNS

107.95.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.95.9.65.in-addr.arpa

IN PTR

Response

107.95.9.65.in-addr.arpa

IN PTR

server-65-9-95-107prg50r cloudfrontnet
DNS

200.163.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

135.141.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

135.141.67.172.in-addr.arpa

IN PTR

Response
DNS

204.77.195.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.77.195.18.in-addr.arpa

IN PTR

Response

204.77.195.18.in-addr.arpa

IN PTR

ec2-18-195-77-204eu-central-1compute amazonawscom
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

connect.facebook.net

msedge.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.147.35
DNS

21.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.151.70.163.in-addr.arpa

IN PTR

Response

21.151.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-02-lhr6fbcdnnet
DNS

68.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.209.201.84.in-addr.arpa

IN PTR

Response
DNS

35.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.147.70.163.in-addr.arpa

IN PTR

Response

35.147.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr6facebookcom
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://www.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
access-control-allow-headers: X-Playlog-Web
date: Fri, 04 Oct 2024 20:21:29 GMT
server: Playlog
cache-control: private
content-length: 131
cross-origin-resource-policy: 0
access-control-allow-origin: https://www.google.com
content-type: text/plain; charset=UTF-8
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

142.250.187.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 907
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: CN38ygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cqhzvklpT2yO88_vCQZzzGAtld4FoBvQYnwHB8ojVCdQMmB6r_jagU
cookie: __Secure-ENID=22.SE=FuirgFs8SohC204-q506yxXnXi0W4zCUyYVHzQF-07E9J6iiwgpZynsCpf8GpRPbkPLqs5daXGnxsxnKp2g-dYH1Ps7F3Q59JUSKSqkArswWaR8PsMMuy5kQ9BFtYQHpQs_7FBUHqf6z3BHwGz6RQmcLsk2c2lKi_5GpKV8XjQDnUrqfKcqqAr4VOeuDsbxHwI813-27yxlDmKx8

Response

HTTP/2.0 200

access-control-allow-origin: https://www.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
access-control-allow-credentials: true
date: Fri, 04 Oct 2024 20:21:29 GMT
server: Playlog
cache-control: private
content-length: 131
server: 0
content-type: text/plain; charset=UTF-8
cross-origin-resource-policy: 0
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

142.250.187.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 906
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: CN38ygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cqhzvklpT2yO88_vCQZzzGAtld4FoBvQYnwHB8ojVCdQMmB6r_jagU
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMDMtMF9SQzEaAmVuIAEaBgiA4Py3Bg
cookie: __Secure-BUCKET=CN0C
cookie: __Secure-ENID=22.SE=EkMSVdJksLx8HHH0fnHYsDMveQchuddCM6uVNrjXy3GNPoJMdfAgO5bFjR1uaeunlZgJxiod7TJz3VIm8JvjyCCayp-qFin0rkJ9O_0Wvee4nD6siCZ8YS-1EeTl47Ao7KqjjzS3tOi1JeV9xsIlAVlPimDs5Q4JxY_gLxaiOPkSfesgGQKvtRgeWAyxyPLxNkbZb7SvNBTkzJFAB4emB0Momu5TQDg
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

10.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f10�H
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

216.58.201.106
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.200.10:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: chrome-untrusted://new-tab-page
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.200.10:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
content-length: 69
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: chrome-untrusted://new-tab-page
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

14.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.178.250.142.in-addr.arpa

IN PTR

Response

14.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f141e100net
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.238
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

142.250.187.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 1417
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: chrome-untrusted://new-tab-page
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

dns-tunnel-check.googlezip.net

chrome.exe

Remote address:

8.8.8.8:53

Request

dns-tunnel-check.googlezip.net

IN A

Response

dns-tunnel-check.googlezip.net

IN A

216.239.34.159
DNS

tunnel.googlezip.net

chrome.exe

Remote address:

8.8.8.8:53

Request

tunnel.googlezip.net

IN A

Response

tunnel.googlezip.net

IN A

216.239.34.157
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.pinterest.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Fri, 04 Oct 2024 20:21:28 GMT
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.reddit.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Fri, 04 Oct 2024 20:21:29 GMT
DNS

157.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.34.239.216.in-addr.arpa

IN PTR

Response
DNS

consent.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A

Response

consent.google.com

IN A

142.250.179.238
POST

https://consent.google.com/save?continue=https://www.google.com/search?q%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26oq%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTE3NTY5ajBqN6gCALACAQ%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241003-0_RC1&uxe=none&cm=2&set_eom=true

chrome.exe

Remote address:

142.250.179.238:443

Request

POST /save?continue=https://www.google.com/search?q%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26oq%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTE3NTY5ajBqN6gCALACAQ%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241003-0_RC1&uxe=none&cm=2&set_eom=true HTTP/2.0
host: consent.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
x-client-data: CN38ygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cqhzvklpT2yO88_vCQZzzGAtld4FoBvQYnwHB8ojVCdQMmB6r_jagU
cookie: __Secure-ENID=22.SE=FuirgFs8SohC204-q506yxXnXi0W4zCUyYVHzQF-07E9J6iiwgpZynsCpf8GpRPbkPLqs5daXGnxsxnKp2g-dYH1Ps7F3Q59JUSKSqkArswWaR8PsMMuy5kQ9BFtYQHpQs_7FBUHqf6z3BHwGz6RQmcLsk2c2lKi_5GpKV8XjQDnUrqfKcqqAr4VOeuDsbxHwI813-27yxlDmKx8
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMDMtMF9SQzEaAmVuIAEaBgiA4Py3Bg
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

encrypted-tbn0.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

encrypted-tbn0.gstatic.com

IN A

Response

encrypted-tbn0.gstatic.com

IN A

142.250.187.206
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT76n8ejT5QNYPHLIz0z5L14KFgMXlhXJGRJG8gAsKvdHHhOlJSMOg2BKyI&s

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /images?q=tbn:ANd9GcT76n8ejT5QNYPHLIz0z5L14KFgMXlhXJGRJG8gAsKvdHHhOlJSMOg2BKyI&s HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ2US0PCu7C6B7L3g9Nz5VKjt-zvlTSh29UJoYXCqu6PZr5mcHNZ2919bWx&s

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /images?q=tbn:ANd9GcQ2US0PCu7C6B7L3g9Nz5VKjt-zvlTSh29UJoYXCqu6PZr5mcHNZ2919bWx&s HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQXjwqT_biMnI8x3RUdIRPhLhBM7WXzWfXX0kwPpKElErnH9242L62tRdem&s

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /images?q=tbn:ANd9GcQXjwqT_biMnI8x3RUdIRPhLhBM7WXzWfXX0kwPpKElErnH9242L62tRdem&s HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS3r4WLvxbGZPehCDAu2MRH4faqoRt-KNKVIsYBMJu_vwm2l7A8ndUmCzT7&s

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /images?q=tbn:ANd9GcS3r4WLvxbGZPehCDAu2MRH4faqoRt-KNKVIsYBMJu_vwm2l7A8ndUmCzT7&s HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRs62G4wkbYVTHjEoSeZ9bksW-j9Di4lFqasg&s

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /images?q=tbn:ANd9GcRs62G4wkbYVTHjEoSeZ9bksW-j9Di4lFqasg&s HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS0Ywiouz8VnrtqIO-L2YvW9DUdv95Ux9gCZg&s

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /images?q=tbn:ANd9GcS0Ywiouz8VnrtqIO-L2YvW9DUdv95Ux9gCZg&s HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

get.activated.win

powershell.exe

Remote address:

8.8.8.8:53

Request

get.activated.win

IN A

Response

get.activated.win

IN A

172.67.219.75

get.activated.win

IN A

104.21.24.156
GET

https://get.activated.win/

powershell.exe

Remote address:

172.67.219.75:443

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1237
Host: get.activated.win
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 04 Oct 2024 20:23:30 GMT
Content-Type: text/plain
Content-Length: 2998
Connection: keep-alive
CF-Ray: 8cd7e3dc9b1e779d-LHR
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "319a8d60215d712079c8cbfe1a89564c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8e4iBhhbv3v9q%2Bc9AyYacnvG2YOo7SeuUaWWTi8qzWM0nRhegv%2FUSFnfnEBmkachme3OpDpio65S9GN3OkF42sXQwA7xBSZUonFi3llMDkwY9xB%2BlRj08XMGR5iooH4f3jGwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
alt-svc: h3=":443"; ma=86400
DNS

raw.githubusercontent.com

powershell.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.108.133
GET

https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/52d4c52dba8e29a3c1fb295c8946dbe6cf2f0239/MAS/All-In-One-Version-KL/MAS_AIO.cmd

powershell.exe

Remote address:

185.199.109.133:443

Request

GET /massgravel/Microsoft-Activation-Scripts/52d4c52dba8e29a3c1fb295c8946dbe6cf2f0239/MAS/All-In-One-Version-KL/MAS_AIO.cmd HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1237
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 436430
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "ffe0955937c5294321b81f65fb6490a14673dc8255f84f3890529315d0ea2e61"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 8612:18F99A:55CF36:6B88B0:66FE2996
Accept-Ranges: bytes
Date: Fri, 04 Oct 2024 20:23:30 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4249-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1728073410.408891,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: aeeb5079395d6fd14271b5ae827cfbc34a8ff2cf
Expires: Fri, 04 Oct 2024 20:28:30 GMT
Source-Age: 150
DNS

75.219.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.219.67.172.in-addr.arpa

IN PTR

Response
DNS

133.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.109.199.185.in-addr.arpa

IN PTR

Response

133.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-133githubcom
DNS

updatecheck.massgrave.dev

PING.EXE

Remote address:

8.8.8.8:53

Request

updatecheck.massgrave.dev

IN A

Response

updatecheck.massgrave.dev

IN A

127.69.2.7
DNS

updatecheck.massgrave.dev

PING.EXE

Remote address:

8.8.8.8:53

Request

updatecheck.massgrave.dev

IN A

Response

updatecheck.massgrave.dev

IN A

127.69.2.7
DNS

l.root-servers.net

PING.EXE

Remote address:

8.8.8.8:53

Request

l.root-servers.net

IN A

Response

l.root-servers.net

IN A

199.7.83.42
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

purchase.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

purchase.mp.microsoft.com

IN A

Response

purchase.mp.microsoft.com

IN CNAME

purchase.md.mp.microsoft.com.akadns.net

purchase.md.mp.microsoft.com.akadns.net

IN CNAME

purchase-europeeap.md.mp.microsoft.com.akadns.net

purchase-europeeap.md.mp.microsoft.com.akadns.net

IN CNAME

ne-az-conspurchase-mp.trafficmanager.net

ne-az-conspurchase-mp.trafficmanager.net

IN CNAME

purchase.mp.microsoft.com.edgekey.net

purchase.mp.microsoft.com.edgekey.net

IN CNAME

e110219.a.akamaiedge.net

e110219.a.akamaiedge.net

IN A

95.100.104.23

e110219.a.akamaiedge.net

IN A

95.100.104.27
DNS

purchase.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

purchase.mp.microsoft.com

IN A

Response

purchase.mp.microsoft.com

IN CNAME

purchase.md.mp.microsoft.com.akadns.net

purchase.md.mp.microsoft.com.akadns.net

IN CNAME

purchase-europeeap.md.mp.microsoft.com.akadns.net

purchase-europeeap.md.mp.microsoft.com.akadns.net

IN CNAME

ne-az-conspurchase-mp.trafficmanager.net

ne-az-conspurchase-mp.trafficmanager.net

IN CNAME

purchase.mp.microsoft.com.edgekey.net

purchase.mp.microsoft.com.edgekey.net

IN CNAME

e110219.a.akamaiedge.net

e110219.a.akamaiedge.net

IN A

95.100.104.23

e110219.a.akamaiedge.net

IN A

95.100.104.27
POST

https://purchase.mp.microsoft.com/v7.0/users/me/orders

Remote address:

95.100.104.23:443

Request

POST /v7.0/users/me/orders HTTP/2.0
host: purchase.mp.microsoft.com
content-type: application/json; charset=utf-8
authorization: MSAHW1.0=t=EwCoBF8iAQAU83yqpqqR54GevzgBeOaUQZ3Kf9cAAVvVki+1E6v4r902kMp6/R4XenltUlI74hTyxlYyuTZG0ZQnwqMzKBJLL6bTJhURG80iy5LsWpFgv9617kOVYsyCEzTQbVkw0DaYID6BsRsaFK50FUjDGHNMErsFCVuenq8M/5oQ5d+Obrr10bOFc50vm5fuG2Hn8YFsmxaFkzCCqmFhxa+xjdUHwMTAvO0eOudvRSoVOGyhvC93pRB/E3HDqcDtIzKaiXS7adhUZaFUL0g3HGo6enMGV4fghR/cwSofAo07Ll9I5mlBDqWHW2S0FATFOTyQB5Zki4qo9irJ50cZEvWtpw7sJTjwBL6NnxfiBfSLS5WE31B6nClaNQAQZgAAEHmYK6y+fIiLdyAuRhS/sjlwA0J22LBq8AAbzuteU54XqPFqdRxb2+ac9kVtj+G9SNboWS1unMwA676dueGHhDJK+osgfdKabPd5l69Iehn+2R9lVXdC2g0MO0hvVqwXEo13qMnTlQs8+4k+D/DIK8ewjvtkQ7wGRrS8c5116TC6oYjDHREumyIzDErwKCeaS2woGBPv1oEWWI/N1DyFxrB+Cm7ueB0m5znXzyKRJDM1zGAinzrfP8HVVWEJzTjMsv4VfxrdL2dxXAjMDJpX65hA+g/ENMyj8PIaH1V0amlT2LYxWPFsn/Hf7Oljog8cv+66QwT0N0tctrOS53UayKmu1EO7Y0hvqfyDFA22LQadKgD3V7FjVnbIUVEnHy8l7N54BNVIqFsMb6EL5uLRqmtmIzKVlxN3Nm21AcFtxTFT4g7wSq2u5F/Lvi2LDHAZqtToP/aP4KH+7UqgyR7SwLDSdnEOgv64Hmd6M1DO8QHt5HmXncjD2Kgec+Dn6sCzQBvE1cuNmTfkxfoZ/u4YCRjvW/ZJhBPLaTIUIhvuLtIrLgQS69zOrJS3V2ObMIesMcPwWj8baPjX6TJBM0vlL1SrnQlbMYNdEMntJVjojpySdg7qAajx3CksSQuPdzcyg2e+gojM5WvYZ2Ov7s2niSYlt5sQJ9c2evjJRJr8zgAoqS4Jcn9s3uxUt64CYP7E5qYuA1Ii9n7bNcg6bTbkO8DISUTEyuw58SHwluEa0pySfd673YUv/Kt0p5H29989R5kGk171uLPERwfKCqqdBhK5Is3ZTP4LukS6MDAoctlSVHd7EKgcZqOlkef7fzZR8ugxB86kib2s3qgN882hbiScqvmUDyRE6fXto2KDSE5ZOmcOa0C8C964U/HlEbp3ZToMgexYEd2A29itNqXvsq9B5/ga0NaqaNt69XyA0P9f+/b3UtLiLD+WtGgtKpEqTRwQcVP/NP7/82qHXSLgOsd4MURhtpc1YWyiQ1r8LeJfUAYe9dKuQ2iZ1EuszOpgIcmTKi6x/T+irupbvWfP2DwwkgfjqQ8T9qwoZlGKLAEJNq633wXY0lYWzlFInBR4mEiNb8OlszFfIYl2uwWnfF+otcJyshaQatR/yOwz4AkrhuoICkQ/A1XvtrMc353zxRnfLiSUBgVOvFW5OvQicqr59Hdp458kMKdivAfhN1PLz4ecAw==&p=
user-agent: LM
ms-cv: liboh2emYUWqfuml.11
content-length: 5365

Response

HTTP/2.0 201

content-length: 2851
content-type: application/json; charset=utf-8
location: https://purchase.mp.microsoft.com/v7.0/users/me/orders?id=1a530e8a-8043-4c8a-a78b-09b68ec35d63
ms-correlationid: 2d9fcd52-1e4a-4414-8627-09d695d1cbeb
ms-requestid: f0e0657d-168c-4d0d-8550-705b505a9baa
ms-cv: liboh2emYUWqfuml.11.3836901862.118259991.0
x-content-type-options: nosniff
ms-serverid: 4776b8df-6shtv
x-envoy-upstream-service-time: 628
expires: Fri, 04 Oct 2024 20:23:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 04 Oct 2024 20:23:58 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
DNS

206.221.208.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.221.208.4.in-addr.arpa

IN PTR

Response
DNS

23.104.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.104.100.95.in-addr.arpa

IN PTR

Response

23.104.100.95.in-addr.arpa

IN PTR

a95-100-104-23deploystaticakamaitechnologiescom
DNS

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

Remote address:

8.8.8.8:53

Request

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

IN PTR

Response
DNS

246.197.219.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.197.219.23.in-addr.arpa

IN PTR

Response

246.197.219.23.in-addr.arpa

IN PTR

a23-219-197-246deploystaticakamaitechnologiescom
DNS

4.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.173.189.20.in-addr.arpa

IN PTR

Response
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CN38ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f31e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f67�G

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f3�G
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc

chrome.exe

Remote address:

172.217.16.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cqhzvklpT2yO88_vCQZzzGAtld4FoBvQYnwHB8ojVCdQMmB6r_jagU
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMDMtMF9SQzEaAmVuIAEaBgiA4Py3Bg
cookie: __Secure-BUCKET=CN0C
cookie: __Secure-ENID=22.SE=EkMSVdJksLx8HHH0fnHYsDMveQchuddCM6uVNrjXy3GNPoJMdfAgO5bFjR1uaeunlZgJxiod7TJz3VIm8JvjyCCayp-qFin0rkJ9O_0Wvee4nD6siCZ8YS-1EeTl47Ao7KqjjzS3tOi1JeV9xsIlAVlPimDs5Q4JxY_gLxaiOPkSfesgGQKvtRgeWAyxyPLxNkbZb7SvNBTkzJFAB4emB0Momu5TQDg
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

172.217.16.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 908
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: CN38ygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cqhzvklpT2yO88_vCQZzzGAtld4FoBvQYnwHB8ojVCdQMmB6r_jagU
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMDMtMF9SQzEaAmVuIAEaBgiA4Py3Bg
cookie: __Secure-BUCKET=CN0C
cookie: __Secure-ENID=22.SE=EkMSVdJksLx8HHH0fnHYsDMveQchuddCM6uVNrjXy3GNPoJMdfAgO5bFjR1uaeunlZgJxiod7TJz3VIm8JvjyCCayp-qFin0rkJ9O_0Wvee4nD6siCZ8YS-1EeTl47Ao7KqjjzS3tOi1JeV9xsIlAVlPimDs5Q4JxY_gLxaiOPkSfesgGQKvtRgeWAyxyPLxNkbZb7SvNBTkzJFAB4emB0Momu5TQDg
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

172.217.169.42

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

216.58.213.10
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.200.42:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: chrome-untrusted://new-tab-page
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A
DNS

dns-tunnel-check.googlezip.net

chrome.exe

Remote address:

8.8.8.8:53

Request

dns-tunnel-check.googlezip.net

IN A

Response

dns-tunnel-check.googlezip.net

IN A

216.239.34.159
DNS

dns-tunnel-check.googlezip.net

chrome.exe

Remote address:

8.8.8.8:53

Request

dns-tunnel-check.googlezip.net

IN A
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: code.visualstudio.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Fri, 04 Oct 2024 20:26:21 GMT
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

216.58.213.10
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: code.visualstudio.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Fri, 04 Oct 2024 20:26:15 GMT
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto

chrome.exe

Remote address:

142.250.200.42:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CN38ygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net
DNS

code.visualstudio.com

chrome.exe

Remote address:

8.8.8.8:53

Request

code.visualstudio.com

IN A

Response

code.visualstudio.com

IN CNAME

afd-vscode-site-fd-prod-dvgdfjcmaka5a3fq.z01.azurefd.net

afd-vscode-site-fd-prod-dvgdfjcmaka5a3fq.z01.azurefd.net

IN CNAME

star-azurefd-prod.trafficmanager.net

star-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
GET

https://code.visualstudio.com/vendor/bootstrap/css/bootstrap.min.css

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /vendor/bootstrap/css/bootstrap.min.css HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:15 GMT
content-type: text/css; charset=UTF-8
content-length: 121154
cache-control: public, max-age=86400
etag: W/"1d942-19253098da0"
last-modified: Thu, 03 Oct 2024 15:39:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202615Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qek1
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/dist/v2/style.css

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /dist/v2/style.css HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:15 GMT
content-type: image/svg+xml
content-length: 2181
cache-control: public, max-age=86400
etag: W/"885-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202615Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qek3
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/theme-light.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/theme-light.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:15 GMT
content-type: image/svg+xml
content-length: 795
cache-control: public, max-age=86400
etag: W/"31b-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202615Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qek4
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/theme-dark.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/theme-dark.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:15 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
content-encoding: gzip
etag: W/"3ce4f-19253098da0"
last-modified: Thu, 03 Oct 2024 15:39:48 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202615Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qek2
x-cache: CONFIG_NOCACHE
GET

https://code.visualstudio.com/assets/icons/search.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/search.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 610
cache-control: public, max-age=86400
etag: W/"262-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qem3
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/search-dark.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/search-dark.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 610
cache-control: public, max-age=86400
etag: W/"262-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qem4
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/home-screenshot-copilot.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/home-screenshot-copilot.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 1388804
cache-control: public, max-age=86400
etag: W/"153104-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen1
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/dist/index.js

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /dist/index.js HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 205
cache-control: public, max-age=86400
etag: W/"cd-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen3
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/download.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/download.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 1365230
cache-control: public, max-age=86400
etag: W/"14d4ee-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen4
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/home-screenshot-copilot-light.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/home-screenshot-copilot-light.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 562
cache-control: public, max-age=86400
etag: W/"232-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen5
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-js.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-js.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 606
cache-control: public, max-age=86400
etag: W/"25e-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen6
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-ts.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-ts.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 639
cache-control: public, max-age=86400
etag: W/"27f-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen7
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-python.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-python.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 709
cache-control: public, max-age=86400
etag: W/"2c5-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen8
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-cs.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-cs.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 620
cache-control: public, max-age=86400
etag: W/"26c-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen9
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-cpp.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-cpp.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 510
cache-control: public, max-age=86400
etag: W/"1fe-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qena
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-html.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-html.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 579
cache-control: public, max-age=86400
etag: W/"243-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenb
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-java.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-java.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 632
cache-control: public, max-age=86400
etag: W/"278-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenc
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-json.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-json.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 710
cache-control: public, max-age=86400
etag: W/"2c6-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qend
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-php.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-php.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 385
cache-control: public, max-age=86400
etag: W/"181-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qene
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-markdown.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-markdown.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 445
cache-control: public, max-age=86400
etag: W/"1bd-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenf
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-powershell.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-powershell.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 429
cache-control: public, max-age=86400
etag: W/"1ad-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qeng
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/home/language-yaml.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/language-yaml.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 412
cache-control: public, max-age=86400
etag: W/"19c-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenh
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-terminal.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-terminal.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 1390
cache-control: public, max-age=86400
etag: W/"56e-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenk
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-debug.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-debug.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 2756
cache-control: public, max-age=86400
etag: W/"ac4-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenm
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-version-control.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-version-control.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 2965
cache-control: public, max-age=86400
etag: W/"b95-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenn
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-build-tasks.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-build-tasks.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 1187
cache-control: public, max-age=86400
etag: W/"4a3-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenp
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-local-history.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-local-history.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 3768
cache-control: public, max-age=86400
etag: W/"eb8-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenq
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-themes.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-themes.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 1078
cache-control: public, max-age=86400
etag: W/"436-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenr
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-accessibility.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-accessibility.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 2336
cache-control: public, max-age=86400
etag: W/"920-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qens
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/codicon-web.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/codicon-web.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 432
cache-control: public, max-age=86400
etag: W/"1b0-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qent
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/x-icon.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/x-icon.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 1399
cache-control: public, max-age=86400
etag: W/"577-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenu
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/github-icon.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/github-icon.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 1105
cache-control: public, max-age=86400
etag: W/"451-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenv
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/youtube-icon.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/youtube-icon.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/svg+xml
content-length: 307
cache-control: public, max-age=86400
etag: W/"133-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qenw
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/icons/microsoft.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/microsoft.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
content-encoding: gzip
etag: W/"63af8-1925309cc20"
last-modified: Thu, 03 Oct 2024 15:40:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qen2
x-cache: CONFIG_NOCACHE
GET

https://code.visualstudio.com/assets/home/swimlane-copilot-light.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/home/swimlane-copilot-light.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 8443
cache-control: public, max-age=86400
etag: W/"20fb-1925309ace0"
last-modified: Thu, 03 Oct 2024 15:39:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qep8
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/python-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/python-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 70426
cache-control: public, max-age=86400
etag: W/"1131a-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qep7
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/copilot-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/copilot-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 2768
cache-control: public, max-age=86400
etag: W/"ad0-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qep9
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/c-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/c-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 4794
cache-control: public, max-age=86400
etag: W/"12ba-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qepa
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/jupyter-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/jupyter-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 6457
cache-control: public, max-age=86400
etag: W/"1939-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qepb
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/gitlens-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/gitlens-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 3791
cache-control: public, max-age=86400
etag: W/"ecf-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qepc
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/cs-dev-kit-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/cs-dev-kit-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 5346
cache-control: public, max-age=86400
etag: W/"14e2-1925309a510"
last-modified: Thu, 03 Oct 2024 15:39:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qepd
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/github-pull-requests-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/github-pull-requests-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 8085
cache-control: public, max-age=86400
etag: W/"1f95-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qepe
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/images/remote-extension.png

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/images/remote-extension.png HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: image/png
content-length: 3089
cache-control: public, max-age=86400
etag: W/"c11-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202616Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qepf
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/docs/?dv=win64user

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /docs/?dv=win64user HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073576445

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:18 GMT
content-type: text/html; charset=utf-8
content-length: 14736
content-encoding: gzip
etag: W/"e981-n+9//v9Ey1npB3URyMgnBFMi8Xw"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202618Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf2x
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
GET

https://code.visualstudio.com/dist/v2/style.css

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /dist/v2/style.css HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
if-none-match: W/"3ce4f-19253098da0"
if-modified-since: Thu, 03 Oct 2024 15:39:48 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073576445

Response

HTTP/2.0 304

date: Fri, 04 Oct 2024 20:26:19 GMT
cache-control: public, max-age=0
etag: W/"3ce4f-19253098da0"
last-modified: Thu, 03 Oct 2024 15:39:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202618Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf47
x-cache: CONFIG_NOCACHE
GET

https://code.visualstudio.com/dist/index.js

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /dist/index.js HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
if-none-match: W/"63af8-1925309cc20"
if-modified-since: Thu, 03 Oct 2024 15:40:04 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073576445

Response

HTTP/2.0 304

date: Fri, 04 Oct 2024 20:26:19 GMT
cache-control: public, max-age=0
etag: W/"63af8-1925309cc20"
last-modified: Thu, 03 Oct 2024 15:40:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202618Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf49
x-cache: CONFIG_NOCACHE
GET

https://code.visualstudio.com/assets/community/sidebar/rss.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/community/sidebar/rss.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 662
cache-control: public, max-age=86400
etag: W/"296-1925309ace0"
last-modified: Thu, 03 Oct 2024 15:39:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf55
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/community/sidebar/stackoverflow.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/community/sidebar/stackoverflow.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 583
cache-control: public, max-age=86400
etag: W/"247-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf57
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/community/sidebar/twitter.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/community/sidebar/twitter.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 309
cache-control: public, max-age=86400
etag: W/"135-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf58
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/community/sidebar/github.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/community/sidebar/github.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 1246
cache-control: public, max-age=86400
etag: W/"4de-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf59
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/community/sidebar/issue.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/community/sidebar/issue.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 733
cache-control: public, max-age=86400
etag: W/"2dd-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf5a
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/community/sidebar/youtube.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/community/sidebar/youtube.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 965
cache-control: public, max-age=86400
etag: W/"3c5-1925309ace0"
last-modified: Thu, 03 Oct 2024 15:39:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf5b
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/assets/loading.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/loading.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/dist/v2/style.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 783
cache-control: public, max-age=86400
etag: W/"30f-192488ab1b0"
last-modified: Tue, 01 Oct 2024 14:45:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf5c
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
GET

https://code.visualstudio.com/sha/download?build=stable&os=win32-x64-user

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /sha/download?build=stable&os=win32-x64-user HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://code.visualstudio.com/docs/?dv=win64user
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606

Response

HTTP/2.0 302

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: text/html; charset=utf-8
content-length: 167
location: https://vscode.download.prss.microsoft.com/dbazure/download/stable/d78a74bcdfad14d5d3b1b782f87255d802b57511/VSCodeUserSetup-x64-1.94.0.exe
vary: Accept
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf84
x-cache: CONFIG_NOCACHE
set-cookie: ASLBSA=00030be214d0cddc3ff4cc4fe91410644048dd542080144d9b14485a532831c2633c; Path=/; Secure; HttpOnly;
set-cookie: ASLBSACORS=00030be214d0cddc3ff4cc4fe91410644048dd542080144d9b14485a532831c2633c; SameSite=none; Path=/; Secure; HttpOnly;
GET

https://code.visualstudio.com/assets/icons/v2/cloud-download.svg

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /assets/icons/v2/cloud-download.svg HTTP/2.0
host: code.visualstudio.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/dist/v2/style.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MSFPC=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708
cookie: MicrosoftApplicationsTelemetryDeviceId=b692c0db-0e03-4126-8319-5647c303469b
cookie: ai_session=gxh/w/yldizRyVk9+W3rCO|1728073576445|1728073578606
cookie: ASLBSA=00030be214d0cddc3ff4cc4fe91410644048dd542080144d9b14485a532831c2633c
cookie: ASLBSACORS=00030be214d0cddc3ff4cc4fe91410644048dd542080144d9b14485a532831c2633c

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:19 GMT
content-type: image/svg+xml
content-length: 1675
cache-control: public, max-age=86400
etag: W/"68b-192488ad0f0"
last-modified: Tue, 01 Oct 2024 14:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
request-context: appId=cid-v1:
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-azure-ref: 20241004T202619Z-15f4bcb964fxzqmlpnx886dywc00000005r000000000qf90
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 0
accept-ranges: bytes
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: github.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Fri, 04 Oct 2024 20:26:15 GMT
DNS

js.monitor.azure.com

chrome.exe

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net

aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net

IN CNAME

star-azurefd-prod.trafficmanager.net

star-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
GET

https://consentdeliveryfd.azurefd.net/mscc/lib/v2/wcp-consent.js

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /mscc/lib/v2/wcp-consent.js HTTP/2.0
host: consentdeliveryfd.azurefd.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: application/javascript
content-length: 81726
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 26488
cache-control: max-age=43200
content-md5: X1JOIM5h9UISVFS6+GfEew==
etag: 0x8DA85F6EA62BF74
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: bfef85d7-e01e-0087-475d-1653ba000000
x-ms-version: 2009-09-19
x-azure-ref: 20241004T202616Z-15f4bcb964fpr7x4we73pvmc7s00000003y0000000006h9d
accept-ranges: bytes
GET

https://js.monitor.azure.com/scripts/c/ms.analytics-web-4.min.js

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /scripts/c/ms.analytics-web-4.min.js HTTP/2.0
host: js.monitor.azure.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 04 Oct 2024 20:26:16 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: no-transform, public, max-age=1800, immutable
last-modified: Mon, 16 Sep 2024 18:19:55 GMT
x-ms-request-id: d6a2415a-201e-0041-637e-0f75a5000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 4.3.2
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.analytics-web-4.3.2.min.js
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241004T202616Z-15f4bcb964fkwx6g7x8epmx1yg00000005e000000002f1vb
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
content-encoding: br
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllOkqJ-rLQJhIFDT0fUzwhbx_LEwt2_C4=?alt=proto

chrome.exe

Remote address:

142.250.200.42:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllOkqJ-rLQJhIFDT0fUzwhbx_LEwt2_C4=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CN38ygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

browser.events.data.microsoft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.microsoft.com

IN A

Response

browser.events.data.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdcus04.centralus.cloudapp.azure.com

onedscolprdcus04.centralus.cloudapp.azure.com

IN A

52.182.143.208
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

chrome.exe

Remote address:

52.182.143.208:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://code.visualstudio.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://code.visualstudio.com
date: Fri, 04 Oct 2024 20:26:18 GMT
DNS

208.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.143.182.52.in-addr.arpa

IN PTR

Response
DNS

208.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.143.182.52.in-addr.arpa

IN PTR

Response
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578250&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578250&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1130
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708; Domain=.microsoft.com; Expires=Sat, 04 Oct 2025 20:26:19 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=ddaf87afb25a4ea79bf616b28354d724; Domain=.microsoft.com; Expires=Fri, 04 Oct 2024 20:56:19 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1072
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:19 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578352&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0&NoResponseBody=true

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578352&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2551
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708; Domain=.microsoft.com; Expires=Sat, 04 Oct 2025 20:26:19 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=64853c8ef562449f8af0978b878cab39; Domain=.microsoft.com; Expires=Fri, 04 Oct 2024 20:56:19 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 970
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:19 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578250&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578250&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2952
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708; Domain=.microsoft.com; Expires=Sat, 04 Oct 2025 20:26:19 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0; Domain=.microsoft.com; Expires=Fri, 04 Oct 2024 20:56:19 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1072
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:19 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073579214&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073579214&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2828
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708
cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 593
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:19 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073579214&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073579214&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1147
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708
cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 593
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:19 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1439
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
upload-time: 1728073580255
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.2
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
time-delta-to-apply-millis: 593
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: 1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103
client-id: NO_AUTH
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708
cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 677
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:20 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

chrome.exe

Remote address:

52.182.143.208:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2607
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
upload-time: 1728073581266
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.2
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
time-delta-to-apply-millis: 593
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: 1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103
client-id: NO_AUTH
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://code.visualstudio.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708
cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 682
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://code.visualstudio.com
access-control-expose-headers: time-delta-millis
date: Fri, 04 Oct 2024 20:26:21 GMT
DNS

www.microsoft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.23.205.233
GET

https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /en-us/videoplayer/embed/RE4M6Vx HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-md5: hkok18ShCX8wshXnnLQZZw==
last-modified: Tue, 05 Mar 2024 21:06:58 GMT
etag: 0x8DC3D5831CEF515
x-ms-request-id: 34756aa9-d01e-0001-1d1d-9012fd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 2365
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a57a6.0
ms-cv-esi: CASMicrosoftCVdb6a57a6.0
set-cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522; path=/; Expires=Thu, 02 Jan 2025 20:26:19 GMT; Secure; SameSite=None
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/mwf/mwfmdl2-v3.54.woff2

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/mwf/mwfmdl2-v3.54.woff2 HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: text/css
content-md5: s3mPNUr4gfjB6LNacJrySg==
last-modified: Tue, 03 Sep 2024 16:45:36 GMT
etag: 0x8DCCC37D5F0A8AA
x-ms-request-id: 2c84978f-201e-00d7-0b24-fe7c74000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 26788
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd1.0
ms-cv-esi: CASMicrosoftCVdb6a5cd1.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/mwf/slider.css

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/mwf/slider.css HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: text/css
content-md5: en6abKfReABqk3pRD/oEiw==
last-modified: Tue, 03 Sep 2024 16:45:36 GMT
etag: 0x8DCCC37D603CD02
x-ms-request-id: c2a28a3a-501e-00bf-1124-fe1ae4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 4721
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd2.0
ms-cv-esi: CASMicrosoftCVdb6a5cd2.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/onerfstatics/default-theme.css

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/onerfstatics/default-theme.css HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: text/css
content-md5: Qx2IBKe6KsCZOpGWTxnIkA==
last-modified: Tue, 03 Sep 2024 16:44:53 GMT
etag: 0x8DCCC37BC501DCE
x-ms-request-id: 47d18cf0-001e-0024-7f24-fedbe1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 3189
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd3.0
ms-cv-esi: CASMicrosoftCVdb6a5cd3.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/css/index.css

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/css/index.css HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-length: 22904
content-type: application/octet-stream
content-md5: xlSmI62Quz3Ndp27rDTYYw==
last-modified: Tue, 03 Sep 2024 16:45:36 GMT
etag: 0x8DCCC37D5E5B87B
x-ms-request-id: 63cfcf14-b01e-0043-0224-fecb1d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
date: Fri, 04 Oct 2024 20:26:19 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd0.0
ms-cv-esi: CASMicrosoftCVdb6a5cd0.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/index.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/index.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: R8yn10RORZSCp2Qjmz6hEw==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C363EC2A
x-ms-request-id: 68d00a2f-d01e-006a-7a24-fef569000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 11292
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd4.0
ms-cv-esi: CASMicrosoftCVdb6a5cd4.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/page-bi-tags.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/page-bi-tags.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: YMVWHoXWRddHqW5JYP+ABg==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C37FB953
x-ms-request-id: c21db1fe-701e-002e-6f24-fe7f56000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 16018
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd5.0
ms-cv-esi: CASMicrosoftCVdb6a5cd5.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/load-script.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/load-script.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: 8SDQIHRasb8YmrkLe3OUIw==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C3769BD9
x-ms-request-id: 164122a3-a01e-0035-6324-fe4c8e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 9399
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd6.0
ms-cv-esi: CASMicrosoftCVdb6a5cd6.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/require.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/require.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: HpvrL9KKsl7R+1KJAeV8pw==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C3932B7A
x-ms-request-id: 6f81c99f-c01e-00cf-0224-fea313000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 17943
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd7.0
ms-cv-esi: CASMicrosoftCVdb6a5cd7.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/mscc/wcp-consent.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/mscc/wcp-consent.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: I/fMXAtOQJJnOnVA0IVCxg==
last-modified: Tue, 03 Sep 2024 16:45:36 GMT
etag: 0x8DCCC37D5DC4D2D
x-ms-request-id: b8e42971-301e-00cb-7b24-fe2e14000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 28383
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd8.0
ms-cv-esi: CASMicrosoftCVdb6a5cd8.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfcomponentfactory.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/onerfstatics/onerfcomponentfactory.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: VpwYNkFlNL3E50Zm3BQHZw==
last-modified: Tue, 03 Sep 2024 16:45:36 GMT
etag: 0x8DCCC37D6101B3B
x-ms-request-id: ba72b0de-801e-00de-0f24-fe39a7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 108439
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cd9.0
ms-cv-esi: CASMicrosoftCVdb6a5cd9.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfonedsconfig.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/onerfstatics/onerfonedsconfig.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: KyYMo8LZOb+dlHwC4mvddA==
last-modified: Tue, 03 Sep 2024 16:45:36 GMT
etag: 0x8DCCC37D62732CB
x-ms-request-id: aaf35597-f01e-0099-3f24-fe52fc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 97013
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cda.0
ms-cv-esi: CASMicrosoftCVdb6a5cda.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/mwf/slider.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/mwf/slider.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: D7Mlw9V3y1fqdZFmt/ZjeQ==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C389994F
x-ms-request-id: 7107efd0-b01e-00b7-4524-fe00eb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 10754
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cdc.0
ms-cv-esi: CASMicrosoftCVdb6a5cdc.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/require-config.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/require-config.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: 1hRrd7pxUtz8qioewyLffw==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C36D5770
x-ms-request-id: 5bf12706-501e-00e2-2224-fe1060000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 15380
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cdd.0
ms-cv-esi: CASMicrosoftCVdb6a5cdd.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/lazy-sizes.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/lazy-sizes.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: EL5SqDHOkyCB8T+31J+F2Q==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C39C6FE2
x-ms-request-id: 42c88746-601e-009b-5424-feec44000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 10539
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cde.0
ms-cv-esi: CASMicrosoftCVdb6a5cde.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/vp-attributes.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/vp-attributes.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: xWcGSEIXUVgHSaRsWAnBww==
last-modified: Tue, 03 Sep 2024 16:45:05 GMT
etag: 0x8DCCC37C35A80DC
x-ms-request-id: f6a2b20f-201e-006e-4124-fe786e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 04 Oct 2024 20:26:19 GMT
content-length: 11614
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVdb6a5cdf.0
ms-cv-esi: CASMicrosoftCVdb6a5cdf.0
x-rtag: VP_PROD
GET

https://www.microsoft.com/videoplayer/lib/js/auto-play.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/js/auto-play.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522
GET

https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfjquery-3.5.1.js

chrome.exe

Remote address:

2.23.205.233:443

Request

GET /videoplayer/lib/onerfstatics/onerfjquery-3.5.1.js HTTP/2.0
host: www.microsoft.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: akacd_OneRF=1735849579~rv=32~id=d9fa4e42b770e8c71494dd111fbca522
cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708
cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0
DNS

marketplace.visualstudio.com

chrome.exe

Remote address:

8.8.8.8:53

Request

marketplace.visualstudio.com

IN A

Response

marketplace.visualstudio.com

IN A

13.107.42.18
OPTIONS

https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

chrome.exe

Remote address:

13.107.42.18:443

Request

OPTIONS /_apis/public/gallery/extensionquery HTTP/2.0
host: marketplace.visualstudio.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://code.visualstudio.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

p3p: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
x-tfs-processid: dd9b991b-3fe5-46a5-b4d5-f4ee16697575
strict-transport-security: max-age=31536000; includeSubDomains
activityid: 0d901c46-21ee-439d-bbe8-dc2607dac96c
x-tfs-session: 0d901c46-21ee-439d-bbe8-dc2607dac96c
x-vss-e2eid: 0d901c46-21ee-439d-bbe8-dc2607dac96c
x-vss-senderdeploymentid: 2663b13f-50e3-a655-a159-22f6f4725fab
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-methods: OPTIONS,GET,POST,PATCH,PUT,DELETE
access-control-expose-headers: ActivityId,X-TFS-Session,X-MS-ContinuationToken,X-VSS-GlobalMessage,ETag
access-control-allow-headers: content-type, authorization
request-context: appId=cid-v1:84715e31-583a-4723-a46d-946169b2f4a8
access-control-expose-headers: Request-Context
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 408F5C0D97714E5691B3C62253F74359 Ref B: DUS30EDGE0817 Ref C: 2024-10-04T20:26:19Z
date: Fri, 04 Oct 2024 20:26:18 GMT
content-length: 0
OPTIONS

https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

chrome.exe

Remote address:

13.107.42.18:443

Request

OPTIONS /_apis/public/gallery/extensionquery HTTP/2.0
host: marketplace.visualstudio.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://code.visualstudio.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

p3p: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
x-tfs-processid: a954ba08-762d-4192-8f2b-86b66fc6c268
strict-transport-security: max-age=31536000; includeSubDomains
activityid: 836e7e80-5399-4073-b28b-5317e3f32ded
x-tfs-session: 836e7e80-5399-4073-b28b-5317e3f32ded
x-vss-e2eid: 836e7e80-5399-4073-b28b-5317e3f32ded
x-vss-senderdeploymentid: 2663b13f-50e3-a655-a159-22f6f4725fab
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-methods: OPTIONS,GET,POST,PATCH,PUT,DELETE
access-control-expose-headers: ActivityId,X-TFS-Session,X-MS-ContinuationToken,X-VSS-GlobalMessage,ETag
access-control-allow-headers: content-type, authorization
request-context: appId=cid-v1:84715e31-583a-4723-a46d-946169b2f4a8
access-control-expose-headers: Request-Context
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: B292C8A074A3448ABB308CF5AA5E3FE1 Ref B: DUS30EDGE0817 Ref C: 2024-10-04T20:26:19Z
date: Fri, 04 Oct 2024 20:26:18 GMT
content-length: 0
POST

https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

chrome.exe

Remote address:

13.107.42.18:443

Request

POST /_apis/public/gallery/extensionquery HTTP/2.0
host: marketplace.visualstudio.com
content-length: 190
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json;api-version=3.0-preview.1
content-type: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://code.visualstudio.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 31531
content-type: application/json; charset=utf-8; api-version=3.0-preview.1
content-encoding: gzip
expires: -1
vary: Accept-Encoding
p3p: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
set-cookie: VstsSession=%7B%22PersistentSessionId%22%3A%229fc0e82b-4ca4-4082-a029-c65a2240e925%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22SignInState%22%3A%7B%7D%7D;SameSite=None; domain=.visualstudio.com; expires=Sat, 04-Oct-2025 20:26:19 GMT; path=/; secure; HttpOnly
x-tfs-processid: d7f73ba3-ef23-479f-a704-d07a89865a87
strict-transport-security: max-age=31536000; includeSubDomains
activityid: fef6ad43-5c14-4b5a-8ca2-cc1b65d8fe01
x-tfs-session: fef6ad43-5c14-4b5a-8ca2-cc1b65d8fe01
x-vss-e2eid: fef6ad43-5c14-4b5a-8ca2-cc1b65d8fe01
x-vss-senderdeploymentid: 2663b13f-50e3-a655-a159-22f6f4725fab
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-methods: OPTIONS,GET,POST,PATCH,PUT,DELETE
access-control-expose-headers: ActivityId,X-TFS-Session,X-MS-ContinuationToken,X-VSS-GlobalMessage,ETag
access-control-allow-headers: authorization
request-context: appId=cid-v1:84715e31-583a-4723-a46d-946169b2f4a8
access-control-expose-headers: Request-Context
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5C6E2D2D425949B3AF4402723EA53BDF Ref B: DUS30EDGE0817 Ref C: 2024-10-04T20:26:19Z
date: Fri, 04 Oct 2024 20:26:18 GMT
POST

https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

chrome.exe

Remote address:

13.107.42.18:443

Request

POST /_apis/public/gallery/extensionquery HTTP/2.0
host: marketplace.visualstudio.com
content-length: 332
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json;api-version=3.0-preview.1
content-type: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://code.visualstudio.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8; api-version=3.0-preview.1
content-encoding: gzip
expires: -1
vary: Accept-Encoding
p3p: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
set-cookie: VstsSession=%7B%22PersistentSessionId%22%3A%228fe040e2-d3de-4307-b1fb-208d9602a127%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22SignInState%22%3A%7B%7D%7D;SameSite=None; domain=.visualstudio.com; expires=Sat, 04-Oct-2025 20:26:19 GMT; path=/; secure; HttpOnly
x-tfs-processid: feffdc04-72ef-4466-8858-81914d765474
strict-transport-security: max-age=31536000; includeSubDomains
activityid: 562bbc8b-c648-4437-9d01-708e7007494c
x-tfs-session: 562bbc8b-c648-4437-9d01-708e7007494c
x-vss-e2eid: 562bbc8b-c648-4437-9d01-708e7007494c
x-vss-senderdeploymentid: 2663b13f-50e3-a655-a159-22f6f4725fab
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-methods: OPTIONS,GET,POST,PATCH,PUT,DELETE
access-control-expose-headers: ActivityId,X-TFS-Session,X-MS-ContinuationToken,X-VSS-GlobalMessage,ETag
access-control-allow-headers: authorization
request-context: appId=cid-v1:84715e31-583a-4723-a46d-946169b2f4a8
access-control-expose-headers: Request-Context
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: B2AF5D66DDDB4F1FB2DF09219A5861D6 Ref B: DUS30EDGE0817 Ref C: 2024-10-04T20:26:19Z
date: Fri, 04 Oct 2024 20:26:18 GMT
DNS

assets.onestore.ms

chrome.exe

Remote address:

8.8.8.8:53

Request

assets.onestore.ms

IN A

Response

assets.onestore.ms

IN CNAME

assets.onestore.ms.akadns.net

assets.onestore.ms.akadns.net

IN CNAME

assets.onestore.ms.edgekey.net

assets.onestore.ms.edgekey.net

IN CNAME

e10583.dspg.akamaiedge.net

e10583.dspg.akamaiedge.net

IN A

184.87.176.59
DNS

web.vortex.data.microsoft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

web.vortex.data.microsoft.com

IN A

Response
DNS

mem.gfx.ms

chrome.exe

Remote address:

8.8.8.8:53

Request

mem.gfx.ms

IN A

Response

mem.gfx.ms

IN CNAME

amcdnmsftuswe.azureedge.net

amcdnmsftuswe.azureedge.net

IN CNAME

amcdnmsftuswe.afd.azureedge.net

amcdnmsftuswe.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

microsoftwindows.112.2o7.net

chrome.exe

Remote address:

8.8.8.8:53

Request

microsoftwindows.112.2o7.net

IN A

Response

microsoftwindows.112.2o7.net

IN A

66.235.152.156

microsoftwindows.112.2o7.net

IN A

66.235.152.221

microsoftwindows.112.2o7.net

IN A

66.235.152.225
DNS

233.205.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.205.23.2.in-addr.arpa

IN PTR

Response

233.205.23.2.in-addr.arpa

IN PTR

a2-23-205-233deploystaticakamaitechnologiescom
DNS

18.42.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.42.107.13.in-addr.arpa

IN PTR

Response
DNS

59.176.87.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.176.87.184.in-addr.arpa

IN PTR

Response

59.176.87.184.in-addr.arpa

IN PTR

a184-87-176-59deploystaticakamaitechnologiescom
DNS

153.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

153.117.19.2.in-addr.arpa

IN PTR

Response

153.117.19.2.in-addr.arpa

IN PTR

a2-19-117-153deploystaticakamaitechnologiescom
DNS

156.152.235.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.152.235.66.in-addr.arpa

IN PTR

Response

156.152.235.66.in-addr.arpa

IN PTR

ip-66-235-152-156dataadobedcnet
DNS

github.gallerycdn.vsassets.io

chrome.exe

Remote address:

8.8.8.8:53

Request

github.gallerycdn.vsassets.io

IN A

Response

github.gallerycdn.vsassets.io

IN CNAME

35563.wpc.azureedge.net

35563.wpc.azureedge.net

IN CNAME

cs10.wpc.v0cdn.net

cs10.wpc.v0cdn.net

IN A

68.232.34.200
DNS

vscode.download.prss.microsoft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

vscode.download.prss.microsoft.com

IN A

Response

vscode.download.prss.microsoft.com

IN CNAME

vscode.download.prss.microsoft.com.delivery.microsoft.com

vscode.download.prss.microsoft.com.delivery.microsoft.com

IN CNAME

sundry-f-net.trafficmanager.net

sundry-f-net.trafficmanager.net

IN CNAME

sni1gl.wpc.sigmacdn.net

sni1gl.wpc.sigmacdn.net

IN A

152.199.21.175
GET

https://github.gallerycdn.vsassets.io/extensions/github/copilot/1.235.1137/1727971687571/Microsoft.VisualStudio.Services.Icons.Default

chrome.exe

Remote address:

68.232.34.200:443

Request

GET /extensions/github/copilot/1.235.1137/1727971687571/Microsoft.VisualStudio.Services.Icons.Default HTTP/2.0
host: github.gallerycdn.vsassets.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 101710
cache-control: public, max-age=31536000
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Fri, 04 Oct 2024 20:26:20 GMT
etag: 0x8DCE3C591FC10A6
last-modified: Thu, 03 Oct 2024 16:08:07 GMT
server: ECAcc (frb/671E)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: c2bc7264-501e-0099-0bae-159e58000000
x-ms-version: 2009-09-19
content-length: 7428
GET

https://vscode.download.prss.microsoft.com/dbazure/download/stable/d78a74bcdfad14d5d3b1b782f87255d802b57511/VSCodeUserSetup-x64-1.94.0.exe

chrome.exe

Remote address:

152.199.21.175:443

Request

GET /dbazure/download/stable/d78a74bcdfad14d5d3b1b782f87255d802b57511/VSCodeUserSetup-x64-1.94.0.exe HTTP/2.0
host: vscode.download.prss.microsoft.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ab66c1ff3cbb8525136749292eb4f9ea&HASH=ab66&LV=202410&V=4&LU=1728073575708
cookie: MS0=5ac6f9932116470db8e7f4c04ccf83d0

Response

HTTP/2.0 200

accept-ranges: bytes
age: 12692
cache-control: public, max-age=86400
content-disposition: attachment; filename=VSCodeUserSetup-x64-1.94.0.exe; filename*=UTF-8''VSCodeUserSetup-x64-1.94.0.exe
content-type: application/octet-stream
date: Fri, 04 Oct 2024 20:26:20 GMT
etag: "0xA9E1F3866C81009270188E656E97DB08DF4C8AF81232685E35EAD603306ED583"
last-modified: Wed, 02 Oct 2024 14:50:04 GMT
server: ECAcc (frc/4CE5)
x-cache: HIT
x-ms-apiversion: Distribute 1.2
x-ms-region: prod-weu-z1
content-length: 100464792
DNS

ms-python.gallerycdn.vsassets.io

chrome.exe

Remote address:

8.8.8.8:53

Request

ms-python.gallerycdn.vsassets.io

IN A

Response

ms-python.gallerycdn.vsassets.io

IN CNAME

35563.wpc.azureedge.net

35563.wpc.azureedge.net

IN CNAME

cs10.wpc.v0cdn.net

cs10.wpc.v0cdn.net

IN A

68.232.34.200
DNS

ms-vscode.gallerycdn.vsassets.io

chrome.exe

Remote address:

8.8.8.8:53

Request

ms-vscode.gallerycdn.vsassets.io

IN A

Response

ms-vscode.gallerycdn.vsassets.io

IN CNAME

35563.wpc.azureedge.net

35563.wpc.azureedge.net

IN CNAME

cs10.wpc.v0cdn.net

cs10.wpc.v0cdn.net

IN A

68.232.34.200
DNS

vscjava.gallerycdn.vsassets.io

chrome.exe

Remote address:

8.8.8.8:53

Request

vscjava.gallerycdn.vsassets.io

IN A

Response

vscjava.gallerycdn.vsassets.io

IN CNAME

35563.wpc.azureedge.net

35563.wpc.azureedge.net

IN CNAME

cs10.wpc.v0cdn.net

cs10.wpc.v0cdn.net

IN A

68.232.34.200
GET

https://ms-vscode.gallerycdn.vsassets.io/extensions/ms-vscode/cpptools/1.22.7/1727825672233/Microsoft.VisualStudio.Services.Icons.Default

chrome.exe

Remote address:

68.232.34.200:443

Request

GET /extensions/ms-vscode/cpptools/1.22.7/1727825672233/Microsoft.VisualStudio.Services.Icons.Default HTTP/2.0
host: ms-vscode.gallerycdn.vsassets.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 247530
cache-control: public, max-age=31536000
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Fri, 04 Oct 2024 20:26:20 GMT
etag: 0x8DCE2719A0DE1D2
last-modified: Tue, 01 Oct 2024 23:34:32 GMT
server: ECAcc (frb/67B2)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e965a2f5-201e-0095-665b-14bfcc000000
x-ms-version: 2009-09-19
content-length: 4815
GET

https://vscjava.gallerycdn.vsassets.io/extensions/vscjava/vscode-java-pack/0.29.2024091906/1726729234947/Microsoft.VisualStudio.Services.Icons.Default

chrome.exe

Remote address:

68.232.34.200:443

Request

GET /extensions/vscjava/vscode-java-pack/0.29.2024091906/1726729234947/Microsoft.VisualStudio.Services.Icons.Default HTTP/2.0
host: vscjava.gallerycdn.vsassets.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 279548
cache-control: public, max-age=31536000
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Fri, 04 Oct 2024 20:26:20 GMT
etag: 0x8DCD878C28024D9
last-modified: Thu, 19 Sep 2024 07:00:35 GMT
server: ECAcc (frb/67B3)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 688e14ed-b01e-002d-7f10-14747c000000
x-ms-version: 2009-09-19
content-length: 4189
GET

https://ms-python.gallerycdn.vsassets.io/extensions/ms-python/python/2024.17.2024100401/1728038254474/Microsoft.VisualStudio.Services.Icons.Default

chrome.exe

Remote address:

68.232.34.200:443

Request

GET /extensions/ms-python/python/2024.17.2024100401/1728038254474/Microsoft.VisualStudio.Services.Icons.Default HTTP/2.0
host: ms-python.gallerycdn.vsassets.io
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://code.visualstudio.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 34838
cache-control: public, max-age=31536000
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Fri, 04 Oct 2024 20:26:20 GMT
etag: 0x8DCE4608F02EB63
last-modified: Fri, 04 Oct 2024 10:37:34 GMT
server: ECAcc (frb/671E)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 7dbdb754-f01e-0072-6b4a-16afc1000000
x-ms-version: 2009-09-19
content-length: 45588
DNS

200.34.232.68.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.34.232.68.in-addr.arpa

IN PTR

Response
DNS

175.21.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.21.199.152.in-addr.arpa

IN PTR

Response

104.17.151.117:443

https://www.mediafire.com/cdn-cgi/rum?

tls, http2

msedge.exe

28.0kB
130.1kB
131
181

HTTP Request

GET https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

HTTP Response

302

HTTP Request

GET https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg

HTTP Request

GET https://static.mediafire.com/images/filetype/file-zip-v3.png

HTTP Request

GET https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg

HTTP Request

GET https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png

HTTP Request

GET https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

HTTP Request

GET https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/jsd/r/8cd7df1fbc8e385c

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/rum?

HTTP Response

204

HTTP Request

GET https://www.mediafire.com/favicon.ico

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/rum?

HTTP Response

204
104.17.151.117:443

mediafire.com

tls

msedge.exe

1.1kB
6.2kB
10
9
104.17.151.117:443

mediafire.com

tls

msedge.exe

1.1kB
6.2kB
10
9
172.67.199.186:443

https://the.gatekeeperconsent.com/v2/cmp.js?v=260

tls, http2

msedge.exe

2.8kB
47.1kB
35
54

HTTP Request

GET https://the.gatekeeperconsent.com/cmp.min.js

HTTP Response

200

HTTP Request

GET https://privacy.gatekeeperconsent.com/tcf2_stub.js

HTTP Request

GET https://the.gatekeeperconsent.com/v2/cmp.js?v=260

HTTP Response

200

HTTP Response

200
104.21.42.32:443

https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543

tls, http2

msedge.exe

4.2kB
96.9kB
56
91

HTTP Request

GET https://privacy.gatekeeperconsent.com/consent_modules.json

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/cmp/gvl.json?v=9&lang=en

HTTP Response

200

HTTP Request

OPTIONS https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=260&changeLogId=593543

HTTP Response

200
104.16.80.73:443

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

tls, http2

msedge.exe

1.9kB
10.8kB
17
17

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

HTTP Response

200
172.217.16.238:443

https://fundingchoicesmessages.google.com/i/183096492?ers=3

tls, http2

msedge.exe

4.2kB
115.1kB
65
94

HTTP Request

GET https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

HTTP Request

GET https://fundingchoicesmessages.google.com/i/183096492?ers=3
18.239.18.40:443

https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

tls, http2

msedge.exe

3.5kB
30.2kB
31
30

HTTP Request

GET https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

HTTP Response

200
104.22.74.216:443

https://btloader.com/tag?o=5678961798414336&upapi=true

tls, http2

msedge.exe

2.5kB
24.3kB
31
31

HTTP Request

GET https://btloader.com/tag?o=5678961798414336&upapi=true

HTTP Response

200
172.67.170.144:443

https://www.ezojs.com/ezoic/sa.min.js

tls, http2

msedge.exe

3.3kB
50.7kB
48
48

HTTP Request

GET https://www.ezojs.com/ezoic/sa.min.js

HTTP Response

200
104.18.159.164:443

https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

tls, http2

msedge.exe

10.4kB
81.5kB
71
83

HTTP Request

GET https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=29964&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=609&res=1280x720&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=49401&ver=async&time=0&referrerUrl=&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/Redirect.eng?MediaSegmentId=88101&dcid=1_ctx_6585266d-3046-49fd-9ea8-abae3c58bbf9&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=0&dst=False&v=0kMt6XqlgVzmAVNd90YASe13RBRxDSkeuZPPVCDaE3Vw17a9dG2QqZy-16zjrWFxBFqmDEuBNAGiWKzmZHWmVFFFbwhrV70il8znOxD-1Q-15iAXtsIZoUMqadSH-B7XdVCOmvm4z0mqH-aEq5Xpz7svEcOBc4pOvLvKv9xALPhfptYtd_5NzX3d3nJ8_Z5c1tIMmaCfhN98DfQoRfEQyhi6gmuIt8Dn086hg9oilh3HXsRndtQ1DYpshLOypM5pks8Z4HJoDvk2aUiDzF05j1O0GQt5CfhxrGATa5nis3JQbMxshy_-aoH9JGIXKprFgyfQIzf66dr0d2GS2XQBonpvNrN8cvfbhkEqUGr5OuM8hAccq9tXnWSNBhOj89u7cIdhAF_a_h-N4DetuiHruqq4a0OiCMkRMFKTdHduY3HJ2FCL0vfmS9h3ejcriZ61Co1BTag-Rk_bnlVV-De4ED3LyIimGGRoHeP5mDgBYQxVdyHKGwSYX7W29N_8gQOAjzvR2IVQrnGXT-3csQ4itqE5EQox6CoYaBUhrSI5p2c36fhsg58pRwHnUzDRGCJi0nsoGkuq9Hx3iofwWYn9dlCs7ovTBEdqQVaeFlgvLh1vlgK5pXtT4vHrm1oGWKPjgIDRkch3PO4pV4MArv6rrqku8OuHlkHxe-vH6wATxv7-vO7gWzkLE2Eid96ymLXrOQZHwCuoTiyEKW2JVXljCz9OULZm8hqrgUVaJDNLDspQx2Hd_Pna9A7Jo4xlPTapW0wuMm4Vofe98f3LFnhvBKrHdCHdijrJeVgkYM2R1Uuuw7w7TRDg_RDsQi2FNyfvaNUXPv2r4xB2K_71bvlIYf-shPxoi3N05apzeSLq55nP0BGiotbDTAfFrKRzFZIu9gbHrU-zlUT8h6K3gm4Vwm0r1Ktqs-N5vJ-czduYVzkxZsgpUXhoeWrDUqd5Sd9yXwI-yFJO8Xepc_96viaLVRBEkE1uR-kRdtWY1GAJoDU7SXHWPGUbbzOK9MUmE40vKzj9kogAK4GtGd9MpCgtjGWopsZqaj-PjMTXuvw_fkJ6SZbuEpQqdJom3AeGCWNNqy9Z0DfN3eE9ElwAwswz67uFWavoBWo-h-8BzRCPCsk1&kw=online+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone&mw=1024&mh=768&at=&res=1280x720&spt=1&kw=online+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone

HTTP Response

302

HTTP Request

GET https://otnolatrnup.com/hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d3.45%26totalcpv%3d0.00345%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00345%26s2sParam%3d0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

HTTP Response

302
13.37.187.223:443

https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZF90aW1lIiwidmFsIjoiMTQxMTgifV0sImlzX29yaWciOmZhbHNlfV0=

tls, http2

msedge.exe

49.4kB
38.3kB
110
89

HTTP Request

POST https://g.ezoic.net/saa.go

HTTP Response

200

HTTP Request

POST https://g.ezoic.net/sa.go

HTTP Response

200

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6InN0YXRfc291cmNlX2lkIiwidmFsIjoiNDQifV0sImlzX29yaWciOjB9XQ==

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImFkc2Vuc2V0eXBlIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6MH1d

HTTP Request

POST https://g.ezoic.net/detroitchicago/imp.gif

HTTP Response

204

HTTP Response

204

HTTP Response

200

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImRldmljZV93aWR0aCIsInZhbCI6IjEyODAifSx7Im5hbWUiOiJkZXZpY2VfaGVpZ2h0IiwidmFsIjoiNzIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDI0LTEwLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMjAifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX1d

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InBlcmZfaXNfdHJhY2tlZCIsInZhbCI6IjEifSx7Im5hbWUiOiJwZXJmX25hdl90b19jb25uZWN0IiwidmFsIjoiMTU3NSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTk0NiJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiNzgifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiNTkzIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiNjQ4In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjM3NTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMjM1NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIzNTYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiM2FlYTg3OTAtZmRmYi00MTYyLTRiNWUtZmZkY2VlMjkwOTljIiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfV0=

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMTAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiIzYWVhODc5MC1mZGZiLTQxNjItNGI1ZS1mZmRjZWUyOTA5OWMiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImRhdGEiOlt7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjEifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoidmlld3BvcnRfc2l6ZSIsInZhbCI6IjEyODB4NjA5In0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiI3Nzk1MjAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIyNzcyMjg1In0seyJuYW1lIjoiZG9jX2hlaWdodCIsInZhbCI6IjIxOTUifV19XQ==

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjEifV19XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImxjcF92YWx1ZSIsInZhbCI6IjQwMDAifV19XQ==

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImZpZF92YWx1ZSIsInZhbCI6IjE2In1dfV0=

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6ImFkX2xvYWRfdGltZSIsInZhbCI6IjEzNTY2In1dLCJpc19vcmlnIjowfV0=

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDAyODY4NDcwNzI2Nzg1NSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImFkX3Bvc2l0aW9uIjoxMTAzLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/bluemonkey.gif?e=W3siYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiIzOTg3M2I1NTA4MmE0OCIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEzMjUsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjAzNDc1NTg1OTMwNjUzNiwicG9zaXRpb25fdHlwZSI6MjEsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiI0MTQ0MDIzM2YxMDM3YiIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEzMjUsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMDB4MjUwLDMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2NzM1MTU5MTI2NjI3MCwicG9zaXRpb25fdHlwZSI6MjIsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tZWRnZS0xLTAiLCJyZXF1ZXN0X2lkIjoiNTI1MWY4MTUyNThhMjQiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzQsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMzI1LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjg1Mjc4MDkyMDMzMTUyMzAsInBvc2l0aW9uX3R5cGUiOjM4LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJpc2UiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMi0wIiwicmVxdWVzdF9pZCI6IjY0NTg0YjJlOWI2MTA0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTMyNSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjE2MHg2MDAiLCJpbXByZXNzaW9uX2lkIjo1NzUwNDI2MjM5MzIwNjExLCJwb3NpdGlvbl90eXBlIjozOSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJyaXNlIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwicmVxdWVzdF9pZCI6IjdkZGUxZjU3YWY1ZWQzIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTMyNSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjQ2NjY3MjU4NjEyOTY5MDQsInBvc2l0aW9uX3R5cGUiOjUsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiI5ZTI4ZDZmNjdmZWI5NSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjMsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjAzNDc1NTg1OTMwNjUzNiwicG9zaXRpb25fdHlwZSI6MjEsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiIxMDExMzI3Y2ZlNTk5NSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNCwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjMsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIzMDB4MjUwLDMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2NzM1MTU5MTI2NjI3MCwicG9zaXRpb25fdHlwZSI6MjIsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoicnViaWNvbiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tZWRnZS0xLTAiLCJyZXF1ZXN0X2lkIjoiMTE0MjEzNjM2MzU4MTI0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM0LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDA2MywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjE2MHg2MDAiLCJpbXByZXNzaW9uX2lkIjo4NTI3ODA5MjAzMzE1MjMwLCJwb3NpdGlvbl90eXBlIjozOCwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJydWJpY29uIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIxMjFiMGI5ZTkwNTU1MTEiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzQsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDYzLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJ1Ymljb24iLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJyZXF1ZXN0X2lkIjoiMTNlZTBiZGQ2ZTI2MTgyIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDA2MywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjQ2NjY3MjU4NjEyOTY5MDQsInBvc2l0aW9uX3R5cGUiOjUsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoidHJpcGxlbGlmdCIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInJlcXVlc3RfaWQiOiIxNWU5YmZjY2VjY2M1MmYiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjk2LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjYwMzQ3NTU4NTkzMDY1MzYsInBvc2l0aW9uX3R5cGUiOjIxLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InRyaXBsZWxpZnQiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMTYwNjA2ZDMzY2Q2NDlhIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5NiwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJyZXF1ZXN0X2lkIjoiMTgyMDc4OWQxYzMzY2I2Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MCwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2MDM0NzU1ODU5MzA2NTM2LCJwb3NpdGlvbl90eXBlIjoyMSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMTk4ODJiMjIwMDY4MGYyIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MCwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJhbXgiLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMS0wIiwicmVxdWVzdF9pZCI6IjIwZTdkYzY4OWYxZjA3MSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTAsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIxNjB4NjAwIiwiaW1wcmVzc2lvbl9pZCI6ODUyNzgwOTIwMzMxNTIzMCwicG9zaXRpb25fdHlwZSI6MzgsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoiYW14IiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIyMWUxMjZhMzFkYTNiYzgiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkwLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6ImFteCIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInJlcXVlc3RfaWQiOiIyMjQyZDUzMDg4NWZmMDkiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkwLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6NDY2NjcyNTg2MTI5NjkwNCwicG9zaXRpb25fdHlwZSI6NSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJyZXF1ZXN0X2lkIjoiMjQyMjY3ZjBjZTdkZmY0Iiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMzNngyODAiLCJpbXByZXNzaW9uX2lkIjo2MDM0NzU1ODU5MzA2NTM2LCJwb3NpdGlvbl90eXBlIjoyMSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJyZXF1ZXN0X2lkIjoiMjVhMzg5N2YwY2M1MDBlIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNDM1LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjMwMHgyNTAsMzM2eDI4MCIsImltcHJlc3Npb25faWQiOjY3MzUxNTkxMjY2MjcwLCJwb3NpdGlvbl90eXBlIjoyMiwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiOGM4MjhlNzItNjIzMy00ZGNkLWI4MTAtZGU0N2MwNzM0YzY0IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWVkZ2UtMS0wIiwicmVxdWVzdF9pZCI6IjI2YjI1NWQ4Njc3NjJlZiIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTEsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiIxNjB4NjAwIiwiaW1wcmVzc2lvbl9pZCI6ODUyNzgwOTIwMzMxNTIzMCwicG9zaXRpb25fdHlwZSI6MzgsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoib25ldGFnIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1lZGdlLTItMCIsInJlcXVlc3RfaWQiOiIyN2ViOTdhOWY0OTYwY2IiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkxLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMTYweDYwMCIsImltcHJlc3Npb25faWQiOjU3NTA0MjYyMzkzMjA2MTEsInBvc2l0aW9uX3R5cGUiOjM5LCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6Im9uZXRhZyIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInJlcXVlc3RfaWQiOiIyOGY0MjU2YjViY2U2YzIiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjkxLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6NDY2NjcyNTg2MTI5NjkwNCwicG9zaXRpb25fdHlwZSI6NSwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJzb3ZybiIsImF1Y3Rpb25faWQiOiI4YzgyOGU3Mi02MjMzLTRkY2QtYjgxMC1kZTQ3YzA3MzRjNjQiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInJlcXVlc3RfaWQiOiIzMDUwN2Y5N2Q0N2JjNjMiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA0MzUsImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDE3LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiMzAweDI1MCwzMzZ4MjgwIiwiaW1wcmVzc2lvbl9pZCI6NjczNTE1OTEyNjYyNzAsInBvc2l0aW9uX3R5cGUiOjIyLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InNvdnJuIiwiYXVjdGlvbl9pZCI6IjhjODI4ZTcyLTYyMzMtNGRjZC1iODEwLWRlNDdjMDczNGM2NCIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwicmVxdWVzdF9pZCI6IjMxZGJkZmRmOGI4ZTBiYyIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDQzNSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTAwMTcsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiI3Mjh4OTAiLCJpbXByZXNzaW9uX2lkIjo0NjY2NzI1ODYxMjk2OTA0LCJwb3NpdGlvbl90eXBlIjo1LCJyZWZyZXNoX2NvdW50IjoxfV0=

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZldGNoZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzM1MTU5MTI2NjI3MCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZldGNoZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmV0Y2hlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=

HTTP Response

200

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/bluemonkey.gif?e=W3siYWRhcHRlcl9jb2RlIjoicmlzZSIsImF1Y3Rpb25faWQiOiIzMjAyZmFmOC1jNjgzLTQ0Y2EtOTFhYi1iNjdlM2E4YzA3ZTYiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYmFubmVyLTEtMCIsInJlcXVlc3RfaWQiOiIzNGUwMjAzMWE3YTZkNGYiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMzI1LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoic292cm4iLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiMzY5Y2E2ODQ2MWRlMmJlIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNzE5LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMDAxNywibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjg1MTEyNTM0OTMzMTE5NTIsInBvc2l0aW9uX3R5cGUiOjMwLCJyZWZyZXNoX2NvdW50IjoxfSx7ImFkYXB0ZXJfY29kZSI6InJ1Ymljb24iLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiMzg5NzcxYzdlMTVlODQiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjEwMDYzLCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoidHJpcGxlbGlmdCIsImF1Y3Rpb25faWQiOiIzMjAyZmFmOC1jNjgzLTQ0Y2EtOTFhYi1iNjdlM2E4YzA3ZTYiLCJhZF91bml0X2NvZGUiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tYmFubmVyLTEtMCIsInJlcXVlc3RfaWQiOiI0MDgyYjBlMDJhMzNiMTgiLCJzb3VyY2UiOiJjbGllbnQiLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImRvbWFpbl9pZCI6NDg0NDcwLCJmb3JtX2ZhY3Rvcl9pZCI6MSwiYWJfdGVzdF9pZCI6Im1vZDI4MS1jIiwiZXBvY2giOjE3MjgwNzMyMzA3MTksImhhc19lemlkcyI6MCwic3RhdF9zb3VyY2VfaWQiOjExMjk2LCJtZWRpYV90eXBlIjoiYmFubmVyIiwicmVxdWVzdF9zaXplIjoiNzI4eDkwIiwiaW1wcmVzc2lvbl9pZCI6ODUxMTI1MzQ5MzMxMTk1MiwicG9zaXRpb25fdHlwZSI6MzAsInJlZnJlc2hfY291bnQiOjF9LHsiYWRhcHRlcl9jb2RlIjoiYW14IiwiYXVjdGlvbl9pZCI6IjMyMDJmYWY4LWM2ODMtNDRjYS05MWFiLWI2N2UzYThjMDdlNiIsImFkX3VuaXRfY29kZSI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1iYW5uZXItMS0wIiwicmVxdWVzdF9pZCI6IjQyMjU4M2U3ZWRlODYzOSIsInNvdXJjZSI6ImNsaWVudCIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjo0ODQ0NzAsImZvcm1fZmFjdG9yX2lkIjoxLCJhYl90ZXN0X2lkIjoibW9kMjgxLWMiLCJlcG9jaCI6MTcyODA3MzIzMDcxOSwiaGFzX2V6aWRzIjowLCJzdGF0X3NvdXJjZV9pZCI6MTEyOTAsIm1lZGlhX3R5cGUiOiJiYW5uZXIiLCJyZXF1ZXN0X3NpemUiOiI3Mjh4OTAiLCJpbXByZXNzaW9uX2lkIjo4NTExMjUzNDkzMzExOTUyLCJwb3NpdGlvbl90eXBlIjozMCwicmVmcmVzaF9jb3VudCI6MX0seyJhZGFwdGVyX2NvZGUiOiJvbmV0YWciLCJhdWN0aW9uX2lkIjoiMzIwMmZhZjgtYzY4My00NGNhLTkxYWItYjY3ZTNhOGMwN2U2IiwiYWRfdW5pdF9jb2RlIjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLWJhbm5lci0xLTAiLCJyZXF1ZXN0X2lkIjoiNDQ1OWU4Mzk2NmNkNmQxIiwic291cmNlIjoiY2xpZW50IiwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJkb21haW5faWQiOjQ4NDQ3MCwiZm9ybV9mYWN0b3JfaWQiOjEsImFiX3Rlc3RfaWQiOiJtb2QyODEtYyIsImVwb2NoIjoxNzI4MDczMjMwNzE5LCJoYXNfZXppZHMiOjAsInN0YXRfc291cmNlX2lkIjoxMTI5MSwibWVkaWFfdHlwZSI6ImJhbm5lciIsInJlcXVlc3Rfc2l6ZSI6IjcyOHg5MCIsImltcHJlc3Npb25faWQiOjg1MTEyNTM0OTMzMTE5NTIsInBvc2l0aW9uX3R5cGUiOjMwLCJyZWZyZXNoX2NvdW50IjoxfV0=

HTTP Response

200

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxNDMwMSJ9XX1d

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJhZF9sb2FkX3RpbWUiLCJ2YWwiOiIxNDMwMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJhZF9sb2FkX3RpbWUiLCJ2YWwiOiIxNDcwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJzdGF0X3NvdXJjZV9pZCI6MCwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiYWRfbG9hZF90aW1lIiwidmFsIjoiMTQ5ODcifV0sImlzX29yaWciOmZhbHNlfV0=

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjAzNDc1NTg1OTMwNjUzNiIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI0In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2MDM0NzU1ODU5MzA2NTM2IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicmV2ZW51ZSI6MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwic3RhdF9zb3VyY2VfaWQiOjAsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MSwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNvbGxhcHNlZCIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfV0=

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjEsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjczNTE1OTEyNjYyNzAiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJzdGF0X3NvdXJjZV9pZCI6MCwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjoxLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiY29sbGFwc2VkIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX2xvYWQiLCJ2YWwiOiIyMDA0OSJ9XX1d

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVzdF9yZXZlbnVlX3VzZCIsInZhbCI6IjAuMDAwMDAyIn1dfV0=

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJyZXZlbnVlIjowLjAwMDAwMiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAwMDIsInN0YXRfc291cmNlX2lkIjozNSwicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NTQ0NjEwNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0ODA5MTQ4MDYyIn1dLCJpc19vcmlnIjpmYWxzZX1d

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyNC0xMC0wNCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjIwIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjUifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjk2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI0NjY2NzI1ODYxMjk2OTA0IiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidW5pdCI6ImRpdi1ncHQtYWQtbWVkaWFmaXJlX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTcyODA3MzIxNywicGFnZXZpZXdfaWQiOiJjMmQ3MGRhYi0yNTZjLTQwMDEtN2E1ZS02NmNjYzM4Y2YwN2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjIsImNyZWF0aXZlX2lkIjoxMzgyNDU0NDYxMDUsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjUxNiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsImF1Y3Rpb25fZXBvY2giOjE3MjgwNzMyMzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjIsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjI5MCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImlzX3JsIjowLCJuZXR3b3JrX2NvZGUiOjIxNzMyMTE4OTE0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MDkxNDgwNjJ9XQ==

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODA5MTQ4MDYyLCJjcmVhdGl2ZV9pZCI6MTM4MjQ1NDQ2MTA1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ2NjY3MjU4NjEyOTY5MDQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZWRpYWZpcmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNzI4MDczMjE3LCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjIifV19XQ==

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyODA3MzI0MTg4NyJ9XX1d

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjMifV19XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMSJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjMwIn1dfV0=

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyODA3MzI1MDkyOSJ9XX1d

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjNhZWE4NzkwLWZkZmItNDE2Mi00YjVlLWZmZGNlZTI5MDk5YyIsInBhZ2V2aWV3X2lkIjoiYzJkNzBkYWItMjU2Yy00MDAxLTdhNWUtNjZjY2MzOGNmMDdhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyODA3MzIxNywiZGF0YSI6W3sibmFtZSI6ImNsc192YWx1ZSIsInZhbCI6IjAuMDAzMDgzMjA1NTk3NzQ0MDUzNCJ9XX1d

HTTP Request

POST https://g.ezoic.net/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNDY2NjcyNTg2MTI5NjkwNCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInVuaXQiOiJkaXYtZ3B0LWFkLW1lZGlhZmlyZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE3MjgwNzMyMTcsInJldmVudWUiOjAsImJpZF9mbG9vcl9maWxsZWQiOjAsInN0YXRfc291cmNlX2lkIjowLCJwYWdldmlld19pZCI6ImMyZDcwZGFiLTI1NmMtNDAwMS03YTVlLTY2Y2NjMzhjZjA3YSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgwOTE0ODA2MiwiY3JlYXRpdmVfaWQiOjEzODI0NTQ0NjEwNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZF90aW1lIiwidmFsIjoiMTQxMTgifV0sImlzX29yaWciOmZhbHNlfV0=

HTTP Response

204

HTTP Response

204

HTTP Response

204
172.67.142.121:443

go.ezodn.com

tls, http2

msedge.exe

943 B
3.1kB
8
6
172.67.142.121:443

go.ezodn.com

tls, http2

msedge.exe

943 B
3.1kB
8
6
172.67.142.121:443

https://go.ezodn.com/porpoiseant/ezidentity.js?gcb=195-12&cb=232

tls, http2

msedge.exe

16.6kB
364.1kB
277
350

HTTP Request

GET https://go.ezodn.com/detroitchicago/boise.js?gcb=195-12&cb=5

HTTP Request

GET https://go.ezodn.com/parsonsmaize/abilene.js?gcb=195-12&cb=38

HTTP Request

GET https://go.ezodn.com/porpoiseant/et.js?gcb=195-12&cb=3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-12&shcb=34

HTTP Request

GET https://go.ezodn.com/detroitchicago/anchorfix.js?cb=27&gcb=195-12

HTTP Request

GET https://go.ezodn.com/detroitchicago/sidebarwall.js?gcb=12&cb=22

HTTP Request

GET https://go.ezodn.com/detroitchicago/tuscon.js?gcb=12&cb=14

HTTP Request

GET https://go.ezodn.com/detroitchicago/kenai.js?gcb=12&cb=17

HTTP Request

GET https://go.ezodn.com/detroitchicago/portland.js?gcb=12&cb=218

HTTP Request

GET https://go.ezodn.com/hb/dall.js?cb=195-12-105

HTTP Request

GET https://go.ezodn.com/detroitchicago/augusta.js?gcb=195-12&cb=45

HTTP Request

GET https://go.ezodn.com/porpoiseant/banger.js?cb=195-12&bv=381&PageSpeed=off

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-12&cb=10

HTTP Request

GET https://go.ezodn.com/detroitchicago/reno.js?gcb=195-12&cb=2

HTTP Request

GET https://go.ezodn.com/detroitchicago/wichita.js?gcb=195-12&cb=12

HTTP Request

GET https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-12&cb=7

HTTP Request

GET https://go.ezodn.com/detroitchicago/vista.js?gcb=195-12&cb=6

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/nmash.js?bv=381

HTTP Request

GET https://go.ezodn.com/parsonsmaize/olathe.js?gcb=195-12&cb=25

HTTP Request

GET https://go.ezodn.com/parsonsmaize/chanute.js?a=a&cb=10&dcb=195-12&shcb=34

HTTP Request

GET https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-12&cb=4

HTTP Request

GET https://g.ezodn.com/cmp/v2/v.js?v=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/ezadloadhb.js?gcb=195-12&cb=232

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/ezjitscroll.js?gcb=195-12&cb=232

HTTP Request

GET https://go.ezodn.com/porpoiseant/ezicsticky.js?gcb=195-12&cb=232

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/ezjitpos.js?gcb=195-12&cb=232

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/ezadfilled.js?gcb=195-12&cb=232

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/porpoiseant/ezidentity.js?gcb=195-12&cb=232

HTTP Response

200
142.250.200.10:443

https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

tls, http2

msedge.exe

4.0kB
87.9kB
56
74

HTTP Request

GET https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.cqeQTTBUutw.O/am=AAAB/d=1/exm=el_conf/ed=1/rs=AN8SPfpqTiIjQutwNX-Uswei4-RXEVD2fw/m=el_main

HTTP Request

GET https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=1&e=0.04533270277765844

tls, http2

msedge.exe

2.9kB
4.8kB
16
13

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.04533270277765844

HTTP Response

200

HTTP Response

200
104.26.2.70:443

ad-delivery.net

tls, http2

msedge.exe

2.0kB
3.1kB
9
6
172.67.73.78:443

https://www.mediafiredls.com/completed/1

tls, http2

msedge.exe

2.5kB
12.1kB
26
30

HTTP Request

GET https://www.mediafiredls.com/adsupply/0

HTTP Response

403

HTTP Request

GET https://www.mediafiredls.com/onclick/0

HTTP Response

403

HTTP Request

GET https://www.mediafiredls.com/clicked/1

HTTP Response

403

HTTP Request

GET https://www.mediafiredls.com/completed/1

HTTP Response

403
52.36.87.142:443

https://api.amplitude.com/

tls, http2

msedge.exe

3.9kB
6.2kB
15
14

HTTP Request

POST https://api.amplitude.com/

HTTP Response

200
172.217.16.226:443

https://securepubads.g.doubleclick.net/tag/js/gpt.js

tls, http2

msedge.exe

2.7kB
41.7kB
34
37

HTTP Request

GET https://securepubads.g.doubleclick.net/tag/js/gpt.js
130.211.23.194:443

https://api.btloader.com/pv?tid=35yLXO2F&w=5115845767331840&o=5678961798414336&cv=2.1.59-1-g78ed83d&widget=false&r=false&vr=1280x609&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&sid=pnXasxa41H&pm=false&upapi=true

tls, http2

msedge.exe

2.0kB
6.1kB
15
15

HTTP Request

GET https://api.btloader.com/country?o=5678961798414336

HTTP Request

GET https://api.btloader.com/pv?tid=35yLXO2F&w=5115845767331840&o=5678961798414336&cv=2.1.59-1-g78ed83d&widget=false&r=false&vr=1280x609&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&sid=pnXasxa41H&pm=false&upapi=true
130.211.23.194:443

api.btloader.com

tls

msedge.exe

977 B
4.8kB
10
8
18.239.18.118:443

https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

tls, http2

msedge.exe

2.2kB
19.9kB
22
28

HTTP Request

GET https://tags.crwdcntrl.net/c/4545/cc_af.js

HTTP Response

403

HTTP Request

GET https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

HTTP Response

200
52.48.114.218:443

https://id.crwdcntrl.net/id?gdpr_applies=true&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

tls, http2

msedge.exe

3.4kB
6.8kB
19
20

HTTP Request

GET https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=f82c71c27cc841a2b1449f9a7e99a3cf

HTTP Response

404

HTTP Request

POST https://bcp.crwdcntrl.net/6/map

HTTP Request

GET https://id.crwdcntrl.net/id?gdpr_applies=true&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

HTTP Response

200

HTTP Response

200
52.48.114.218:443

https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?12385206

tls, http2

msedge.exe

1.8kB
5.6kB
13
14

HTTP Request

GET https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?12385206

HTTP Response

404
104.21.87.79:443

https://go.ezodn.com/dac/4809148062

tls, http2

msedge.exe

2.2kB
9.8kB
19
20

HTTP Request

OPTIONS https://bshr.ezodn.com/?bf=30000&dc=21732118914%7C1254144

HTTP Response

200

HTTP Request

GET https://bshr.ezodn.com/?bf=30000&dc=21732118914%7C1254144

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/dac/4809148062

HTTP Response

200
18.239.83.98:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

msedge.exe

590 B
3.7kB
7
6

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
18.239.83.98:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

msedge.exe

367 B
1.9kB
5
4

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
13.37.187.223:443

https://g.ezoic.net/cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&pageview_id=c2d70dab-256c-4001-7a5e-66ccc38cf07a

tls, http2

msedge.exe

2.2kB
3.7kB
14
13

HTTP Request

GET https://g.ezoic.net/cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&pageview_id=c2d70dab-256c-4001-7a5e-66ccc38cf07a

HTTP Response

200
178.250.1.11:443

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=3&topUrl=www.mediafire.com&bundle=PwNleF9iZ3pFU1ZoYXQ5b1JmUE84TTZvaFNFR2djcDIlMkZkZWtjdXZ3dURFUXltbzU3RkdVQ1lMQ1plcnRiTEM4JTJGbzZ5TkZOeUtPamUzNW5WcTd0ckpVV21adWRzUHhmMGolMkZYbmNqWTElMkZ2JTJGNWRBT3h3bmRKRWtqUWl0dUJ6R0FEbXZBSlU&info=JqO2e183NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6TlplVSUyRlF4WGRvaGkwZEFvaXhQUHhtaEElM0QlM0Q&idsd=-556611640,-1143725137&cw=1&lsw=1

tls, http2

msedge.exe

4.7kB
12.2kB
20
17

HTTP Request

OPTIONS https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=3&topUrl=www.mediafire.com&bundle=PwNleF9iZ3pFU1ZoYXQ5b1JmUE84TTZvaFNFR2djcDIlMkZkZWtjdXZ3dURFUXltbzU3RkdVQ1lMQ1plcnRiTEM4JTJGbzZ5TkZOeUtPamUzNW5WcTd0ckpVV21adWRzUHhmMGolMkZYbmNqWTElMkZ2JTJGNWRBT3h3bmRKRWtqUWl0dUJ6R0FEbXZBSlU&info=JqO2e183NW9NM2xlckFaeGcxWEM2d2tDN050ZXN5QXJteGd1MlQxYXZvRHozYktkeHhRSHA3OXAlMkZSZmh3SjVYNzR6TlplVSUyRlF4WGRvaGkwZEFvaXhQUHhtaEElM0QlM0Q&idsd=-556611640,-1143725137&cw=1&lsw=1

HTTP Response

200
79.127.216.47:443

https://id.a-mx.com/set?oid=807c1844-fff1-489f-bf20-065da249a41e&uid=807c1844-fff1-489f-bf20-065da249a41e&?gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

tls, http

msedge.exe

4.8kB
8.6kB
15
15

HTTP Request

GET https://id.a-mx.com/sync/?tagId=&ref=null&u=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&tl=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&nf=0&rt=true&v=9.14.0&av=2.0&vg=epbjs&us_privacy=null&am=null&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

HTTP Response

302

HTTP Request

GET https://id.a-mx.com/set?oid=807c1844-fff1-489f-bf20-065da249a41e&uid=807c1844-fff1-489f-bf20-065da249a41e&?gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

HTTP Response

200
3.75.62.37:443

https://ups.analytics.yahoo.com/ups/58713/fed?v=1&1p=0&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=&url=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&pixelId=58713

tls, http2

msedge.exe

2.2kB
5.7kB
13
12

HTTP Request

GET https://ups.analytics.yahoo.com/ups/58713/fed?v=1&1p=0&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=&url=https://www.mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file&pixelId=58713
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a20v887485693z86304663za200zb6304663&_p=1728073215959&_gaz=1&gcs=G111&gcd=13r3r3r3r5l1&npa=0&dma=0&tcfd=10000&tag_exp=101671035~101747727&cid=864837303.1728073217&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728073216&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&dt=Ui-Dropped&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tfd=15624

tls, http2

msedge.exe

2.2kB
7.1kB
15
14

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a20v887485693z86304663za200zb6304663&_p=1728073215959&_gaz=1&gcs=G111&gcd=13r3r3r3r5l1&npa=0&dma=0&tcfd=10000&tag_exp=101671035~101747727&cid=864837303.1728073217&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728073216&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&dt=Ui-Dropped&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tfd=15624
162.19.138.119:443

https://id5-sync.com/g/v2/457.json

tls, http2

msedge.exe

3.7kB
4.7kB
18
19

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200

HTTP Request

POST https://id5-sync.com/g/v2/457.json

HTTP Response

200
172.67.23.234:443

https://id.hadron.ad.gt/api/v1/pbhid?partner_id=524&_it=prebid&t=1&src=id&domain=www.mediafire.com&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

tls, http2

msedge.exe

3.1kB
3.7kB
13
12

HTTP Request

GET https://id.hadron.ad.gt/api/v1/pbhid?partner_id=524&_it=prebid&t=1&src=id&domain=www.mediafire.com&gdprString=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

HTTP Response

200
108.177.15.154:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727

tls, http2

msedge.exe

1.9kB
6.7kB
14
14

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727
34.120.133.55:443

https://api.rlcdn.com/api/identity/envelope?pid=14067&ct=4&cv=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA

tls, http2

msedge.exe

2.2kB
7.6kB
14
14

HTTP Request

GET https://api.rlcdn.com/api/identity/envelope?pid=14067&ct=4&cv=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA
34.102.146.192:443

https://oa.openxcdn.net/esp.js

tls, http2

msedge.exe

1.9kB
14.5kB
19
19

HTTP Request

GET https://oa.openxcdn.net/esp.js
142.250.200.35:443

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1758293139

tls, http2

msedge.exe

2.0kB
6.4kB
16
16

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=864837303.1728073217&gtm=45je4a20v887485693z86304663za200zb6304663&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1758293139
216.58.201.97:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

msedge.exe

1.9kB
13.2kB
18
19

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
104.18.35.167:443

https://cdn-ima.33across.com/ob.js

tls, http2

msedge.exe

1.8kB
12.7kB
17
17

HTTP Request

GET https://cdn-ima.33across.com/ob.js

HTTP Response

200
3.33.220.150:443

https://match.adsrvr.org/track/rid?ttd_pid=muno13d&fmt=json

tls, http2

msedge.exe

2.8kB
5.5kB
14
16

HTTP Request

GET https://match.adsrvr.org/track/rid?ttd_pid=muno13d&fmt=json

HTTP Response

200
34.96.70.87:443

https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js

tls, http2

msedge.exe

1.8kB
7.3kB
15
16

HTTP Request

GET https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
178.250.1.3:443

https://static.criteo.net/js/ld/publishertag.ids.js

tls, http2

msedge.exe

2.1kB
18.5kB
22
22

HTTP Request

GET https://static.criteo.net/js/ld/publishertag.ids.js

HTTP Response

200
162.19.138.116:443

https://lb.eu-1-id5-sync.com/lb/v1

tls, http2

msedge.exe

1.7kB
4.4kB
13
15

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200
79.127.227.46:443

https://c3.a-mo.net/b?uid=807c1844-fff1-489f-bf20-065da249a41e&sh=id.a-mx.com&?us_privacy=null&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

tls, http

msedge.exe

3.3kB
8.2kB
13
13

HTTP Request

GET https://c3.a-mo.net/b?uid=807c1844-fff1-489f-bf20-065da249a41e&sh=id.a-mx.com&?us_privacy=null&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&gdpr=1

HTTP Response

302
34.120.107.143:443

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&rid=esp

tls, http2

msedge.exe

1.8kB
4.8kB
14
12

HTTP Request

GET https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&rid=esp
178.250.1.11:443

https://dnacdn.net/dna

tls, http2

msedge.exe

2.0kB
5.7kB
15
13

HTTP Request

GET https://dnacdn.net/dna

HTTP Response

200

HTTP Request

GET https://dnacdn.net/dna

HTTP Response

200
216.58.204.68:443

https://www.google.com/recaptcha/api2/aframe

tls, http2

msedge.exe

1.9kB
7.5kB
16
17

HTTP Request

GET https://www.google.com/recaptcha/api2/aframe
18.239.50.10:443

https://hb.yellowblue.io/hb-multi

tls, http2

msedge.exe

11.0kB
8.5kB
23
23

HTTP Request

POST https://hb.yellowblue.io/hb-multi

HTTP Response

200

HTTP Request

POST https://hb.yellowblue.io/hb-multi

HTTP Response

200
163.5.194.33:443

https://prebid.a-mo.net/a/c

tls, http2

msedge.exe

13.1kB
4.6kB
24
19

HTTP Request

POST https://prebid.a-mo.net/a/c

HTTP Response

204

HTTP Request

POST https://prebid.a-mo.net/a/c

HTTP Response

204
69.173.156.139:443

fastlane.rubiconproject.com

tls

msedge.exe

1.2kB
4.7kB
13
14
69.173.156.139:443

fastlane.rubiconproject.com

tls

msedge.exe

1.2kB
4.7kB
13
14
69.173.156.139:443

https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_amxdt.net=amx*r*5725bd11-6562-4924-80db-9e9f53cb3bfb%5E1&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-banner-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=3202faf8-c683-44ca-91ab-b67e3a8c07e6&l_pb_bid_id=389771c7e15e84&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=904bc2b6-cb74-4628-9fff-35b5835a712d&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-banner-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.012989275456984695

tls, http2

msedge.exe

12.2kB
13.3kB
34
40

HTTP Request

GET https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=16&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-3-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=9e28d6f67feb95&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=cdd0fbcd-b720-43a9-884b-bd2ea358abb1&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-3-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.9465178819063118

HTTP Request

GET https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=15&alt_size_ids=16&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-4-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=1011327cfe5995&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=353eb9ff-1e23-425e-acdc-7e115ea1e1e9&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-4-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.8619651744239318

HTTP Request

GET https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=9&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-edge-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=114213636358124&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=88948cc7-eca0-4513-b0e8-300381ab5c59&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-edge-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.8011712897548022

HTTP Request

GET https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=9&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-edge-2-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=121b0b9e9055511&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=d589d19d-f22a-45ee-8d1c-1c8ba397a0e1&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-edge-2-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.6642710844709234

HTTP Request

GET https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-medrectangle-2-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=8c828e72-6233-4dcd-b810-de47c0734c64&l_pb_bid_id=13ee0bdd6e26182&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=f629d9b7-9d6d-484c-ae76-9f763f846309&rp_hard_floor=0.4456&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-medrectangle-2-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.2971904478049172

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21150&site_id=269072&zone_id=3326304&size_id=2&gdpr=1&gdpr_consent=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---&rp_schain=1.0,1!ezoic.ai,8907ccb0baf12fbaae7b225e96c9e525,1,,,www.mediafire.com&eid_amxdt.net=amx*r*5725bd11-6562-4924-80db-9e9f53cb3bfb%5E1&eid_criteo.com=O2b3xl9SOVRxRURHUyUyQm5kSVAwVHY1RmlBWFNLcXF0MXNjeW50SzFhJTJCRk52MDlDbjFhVURtMDROJTJGMjg1VVJSVlpqekFpMWRRVjhjUkM4U0lYMzRacVpBQTRLdyUzRCUzRA%5E1&eid_audigent.com=0001yum0eac8lb68k66d9kgc6dhjcfjhda7fgb6ibbabackkc2jl%5E1&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&kw=onlinestorage%2Cfreestorage%2CcloudStorage%2Ccollaboration%2CbackupfileSharing%2CshareFiles%2Cphotobackup%2Cphotosharing%2Cftpreplacement%2Ccrossplatform%2Cremoteaccess%2Cmobileaccess%2Csendlargefiles%2Crecoverfiles%2Cfileversioning%2Cundelete%2CWindows%2CPC%2CMac%2COSX%2CLinux%2CiPhone%2CiPad%2CAndroid&tg_i.domain=mediafire.com&tg_i.page=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tg_i.pbadslot=div-gpt-ad-mediafire_com-banner-1-0&tk_flint=pbjs_lite_v9.14.0&x_source.tid=3202faf8-c683-44ca-91ab-b67e3a8c07e6&l_pb_bid_id=389771c7e15e84&p_screen_res=1280x720&rp_secure=1&x_imp.ext.tid=904bc2b6-cb74-4628-9fff-35b5835a712d&rp_hard_floor=0.1177&rp_maxbids=1&p_gpid=div-gpt-ad-mediafire_com-banner-1-0&m_ch_ua=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_full_ver=%22Chromium%22%7Cv%3D%2292%22%2C%22%20Not%20A%3BBrand%22%7Cv%3D%2299%22%2C%22Microsoft%20Edge%22%7Cv%3D%2292%22&m_ch_mobile=%3F0&slots=1&rand=0.012989275456984695

HTTP Response

200
69.173.156.139:443

fastlane.rubiconproject.com

tls

msedge.exe

1.2kB
4.7kB
13
14
69.173.156.139:443

fastlane.rubiconproject.com

tls

msedge.exe

1.2kB
4.7kB
13
14
3.78.168.176:443

https://tlx.3lift.com/header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---

tls, http2

msedge.exe

12.4kB
8.1kB
27
25

HTTP Request

POST https://tlx.3lift.com/header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---

HTTP Request

POST https://tlx.3lift.com/header/auction?lib=prebid&v=9.14.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F3nfa6p4pxkve92c%2FUi-Dropped.jar%2Ffile&tmax=3000&gdpr=true&cmp_cs=CQF9-AAQF9-AAErAJJENBJFsAP_gAEPgACiQKftV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlGJDUTVCgaogVryDMaE2coTNKJ6BkiFMRM2dYCF5vm4tj-QKY5vr991dx2B-t7dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_x8v4v8_F_rE2_eT1l_tWvp7D9-cts7_XW89_fff_9Ln_-uB_-_3_gp4ASYaFRAGWRISEGgYQQIAVBWEBFAgAAABIGiAgBMGBTsDAJdYSIAQAoABggBAACDIAEAAAkACEQAQAFAgAAgECgADAAgGAgAYGAAMAFgIBAACA6BimBBAoFgAkZkRCmBCEAkEBLZUIJAECCuEIRZ4FEAiJgoAAASACsAAQFgsDiSQErEggS4g2gAAIAEAggAKEUnZgCCAM2WovFk2jK0wLR8wXPaYBkgQAAA.YAAAAAAAAAAA&us_privacy=1---

HTTP Response

200

HTTP Response

200
51.89.9.253:443

https://onetag-sys.com/prebid-request

tls, http2

msedge.exe

13.7kB
5.2kB
25
22

HTTP Request

POST https://onetag-sys.com/prebid-request

HTTP Response

200

HTTP Request

POST https://onetag-sys.com/prebid-request

HTTP Response

200
52.19.188.138:443

https://ap.lijit.com/rtb/bid?src=prebid_prebid_9.14.0

tls, http2

msedge.exe

7.6kB
8.7kB
20
17

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_9.14.0

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_9.14.0

HTTP Response

200

HTTP Response

200
34.98.64.218:443

https://google-bidout-d.openx.net/w/1.0/pd?plm=5

tls, http2

msedge.exe

1.8kB
4.9kB
14
14

HTTP Request

GET https://google-bidout-d.openx.net/w/1.0/pd?plm=5
142.250.200.33:443

https://10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

tls, http2

msedge.exe

2.0kB
9.5kB
16
16

HTTP Request

GET https://10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
185.235.86.180:443

https://gem.gbc.criteo.com/newidsd

tls, http2

msedge.exe

1.7kB
4.9kB
14
13

HTTP Request

GET https://gem.gbc.criteo.com/newidsd

HTTP Response

200
185.235.86.89:443

https://ag.gbc.criteo.com/newidsd

tls, http2

msedge.exe

1.7kB
4.9kB
13
12

HTTP Request

GET https://ag.gbc.criteo.com/newidsd

HTTP Response

200
13.227.219.17:443

https://check.analytics.rlcdn.com/check/14067

tls, http2

msedge.exe

1.8kB
7.7kB
15
16

HTTP Request

GET https://check.analytics.rlcdn.com/check/14067

HTTP Response

200

HTTP Request

GET https://check.analytics.rlcdn.com/check/14067

HTTP Response

200
216.58.204.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
216.58.204.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
216.58.204.65:443

https://cdn.ampproject.org/rtv/032406252034000/v0/amp-form-0.1.js

tls, http2

msedge.exe

6.8kB
140.3kB
97
109

HTTP Request

GET https://cdn.ampproject.org/rtv/032406252034000/amp4ads-v0.js

HTTP Request

GET https://cdn.ampproject.org/rtv/032406252034000/v0/amp-ad-exit-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/032406252034000/v0/amp-analytics-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/032406252034000/v0/amp-fit-text-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/032406252034000/v0/amp-form-0.1.js
216.58.204.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
216.58.204.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
199.91.155.7:443

download2266.mediafire.com

tls

msedge.exe

1.0kB
4.7kB
10
10
199.91.155.7:443

https://download2266.mediafire.com/otj85vo3pi8gpEebtMY2G9IRUv3bvX3pR6BWsu1dtsVpxOnOsRL4Fc4JD6PpERr5C4Mk9YOGjnSlgNzd3apQrEeApaw5jEqvBXftu_QiFek127MKgvT8TF0SITnN7Gucrl_kFJ4glRAj3iaOBH-8DG80YUwsWJVOhHURYj8_fwze/3nfa6p4pxkve92c/Ui-Dropped.jar

tls, http

msedge.exe

5.9kB
78.4kB
36
64

HTTP Request

GET https://download2266.mediafire.com/otj85vo3pi8gpEebtMY2G9IRUv3bvX3pR6BWsu1dtsVpxOnOsRL4Fc4JD6PpERr5C4Mk9YOGjnSlgNzd3apQrEeApaw5jEqvBXftu_QiFek127MKgvT8TF0SITnN7Gucrl_kFJ4glRAj3iaOBH-8DG80YUwsWJVOhHURYj8_fwze/3nfa6p4pxkve92c/Ui-Dropped.jar

HTTP Response

200
104.19.208.227:80

http://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

http

msedge.exe

1.8kB
1.4kB
7
4

HTTP Request

GET http://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D3.45%26totalcpv%3D0.00345%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00345%26s2sParam%3D0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

HTTP Response

302
104.19.208.227:80

otnolatrnup.com

msedge.exe

190 B
92 B
4
2
65.9.95.107:443

https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=3.45&totalcpv=0.00345&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00345&s2sParam=0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

tls, http2

msedge.exe

2.4kB
7.1kB
13
13

HTTP Request

GET https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=3.45&totalcpv=0.00345&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00345&s2sParam=0c648c0e-9e2c-403e-bd98-f7dbbb7491a9

HTTP Response

302
172.67.141.135:443

https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=wl2hr43qpps4d4l43ein16fo

tls, http2

msedge.exe

1.8kB
4.6kB
13
11

HTTP Request

GET https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=wl2hr43qpps4d4l43ein16fo

HTTP Response

302
18.195.77.204:443

www.opera.com

tls, http2

msedge.exe

1.0kB
3.7kB
8
9
163.70.151.21:443

connect.facebook.net

tls

msedge.exe

3.9kB
82.4kB
48
70
163.70.147.35:443

www.facebook.com

tls

msedge.exe

2.0kB
3.5kB
12
12
142.250.187.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

5.5kB
10.9kB
30
32

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D63%2526e%253D1

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Response

200
216.58.204.68:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

3.4kB
46.3kB
48
52

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
142.250.178.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0

tls, http2

chrome.exe

3.2kB
51.0kB
41
44

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0
142.250.200.10:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

chrome.exe

2.5kB
7.5kB
20
23

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.187.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

3.6kB
8.9kB
19
18

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

5.2kB
106.1kB
61
105

HTTP Request

CONNECT

HTTP Response

200
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

6.4kB
176.4kB
88
143

HTTP Request

CONNECT

HTTP Response

200
142.250.179.238:443

https://consent.google.com/save?continue=https://www.google.com/search?q%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26oq%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTE3NTY5ajBqN6gCALACAQ%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241003-0_RC1&uxe=none&cm=2&set_eom=true

tls, http2

chrome.exe

2.3kB
10.1kB
14
17

HTTP Request

POST https://consent.google.com/save?continue=https://www.google.com/search?q%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26oq%3Dgeometry%2Bdash%2Bwallpaper%2Bbefore:2015%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCTE3NTY5ajBqN6gCALACAQ%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241003-0_RC1&uxe=none&cm=2&set_eom=true
142.250.187.206:443

encrypted-tbn0.gstatic.com

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
142.250.187.206:443

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS0Ywiouz8VnrtqIO-L2YvW9DUdv95Ux9gCZg&s

tls, http2

chrome.exe

3.9kB
46.4kB
46
53

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT76n8ejT5QNYPHLIz0z5L14KFgMXlhXJGRJG8gAsKvdHHhOlJSMOg2BKyI&s

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ2US0PCu7C6B7L3g9Nz5VKjt-zvlTSh29UJoYXCqu6PZr5mcHNZ2919bWx&s

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQXjwqT_biMnI8x3RUdIRPhLhBM7WXzWfXX0kwPpKElErnH9242L62tRdem&s

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS3r4WLvxbGZPehCDAu2MRH4faqoRt-KNKVIsYBMJu_vwm2l7A8ndUmCzT7&s

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRs62G4wkbYVTHjEoSeZ9bksW-j9Di4lFqasg&s

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS0Ywiouz8VnrtqIO-L2YvW9DUdv95Ux9gCZg&s
142.250.187.206:443

encrypted-tbn0.gstatic.com

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
142.250.187.206:443

encrypted-tbn0.gstatic.com

tls

chrome.exe

841 B
4.6kB
7
6
172.67.219.75:443

https://get.activated.win/

tls, http

powershell.exe

911 B
7.4kB
10
12

HTTP Request

GET https://get.activated.win/

HTTP Response

200
185.199.109.133:443

https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/52d4c52dba8e29a3c1fb295c8946dbe6cf2f0239/MAS/All-In-One-Version-KL/MAS_AIO.cmd

tls, http

powershell.exe

8.7kB
455.4kB
176
332

HTTP Request

GET https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/52d4c52dba8e29a3c1fb295c8946dbe6cf2f0239/MAS/All-In-One-Version-KL/MAS_AIO.cmd

HTTP Response

200
95.100.104.23:443

https://purchase.mp.microsoft.com/v7.0/users/me/orders

tls, http2

8.1kB
8.5kB
18
20

HTTP Request

POST https://purchase.mp.microsoft.com/v7.0/users/me/orders

HTTP Response

201
172.217.16.238:443

clients2.google.com

tls, http2

chrome.exe

1.5kB
1.6kB
9
6
216.58.204.68:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

3.5kB
46.4kB
49
51

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
172.217.16.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

4.4kB
10.4kB
24
27

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
142.250.200.42:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

chrome.exe

1.9kB
6.8kB
16
15

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

4.3kB
10.8kB
23
28

HTTP Request

CONNECT

HTTP Response

200
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

4.4kB
25.3kB
29
38

HTTP Request

CONNECT

HTTP Response

200
142.250.200.42:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto

tls, http2

chrome.exe

2.0kB
6.7kB
16
15

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto
13.107.246.64:443

https://code.visualstudio.com/assets/icons/v2/cloud-download.svg

tls, http2

chrome.exe

86.9kB
3.5MB
1598
2567

HTTP Request

GET https://code.visualstudio.com/vendor/bootstrap/css/bootstrap.min.css

HTTP Request

GET https://code.visualstudio.com/dist/v2/style.css

HTTP Request

GET https://code.visualstudio.com/assets/icons/theme-light.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/theme-dark.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/assets/icons/search.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/search-dark.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/assets/home/home-screenshot-copilot.png

HTTP Request

GET https://code.visualstudio.com/dist/index.js

HTTP Request

GET https://code.visualstudio.com/assets/icons/download.svg

HTTP Request

GET https://code.visualstudio.com/assets/home/home-screenshot-copilot-light.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-js.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-ts.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-python.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-cs.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-cpp.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-html.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-java.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-json.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-php.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-markdown.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-powershell.png

HTTP Request

GET https://code.visualstudio.com/assets/home/language-yaml.png

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-terminal.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-debug.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-version-control.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-build-tasks.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-local-history.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-themes.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-accessibility.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/codicon-web.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/x-icon.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/github-icon.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/youtube-icon.svg

HTTP Request

GET https://code.visualstudio.com/assets/icons/microsoft.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/assets/home/swimlane-copilot-light.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/assets/images/python-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/copilot-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/c-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/jupyter-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/gitlens-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/cs-dev-kit-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/github-pull-requests-extension.png

HTTP Request

GET https://code.visualstudio.com/assets/images/remote-extension.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/docs/?dv=win64user

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/dist/v2/style.css

HTTP Request

GET https://code.visualstudio.com/dist/index.js

HTTP Response

304

HTTP Response

304

HTTP Request

GET https://code.visualstudio.com/assets/community/sidebar/rss.svg

HTTP Request

GET https://code.visualstudio.com/assets/community/sidebar/stackoverflow.svg

HTTP Request

GET https://code.visualstudio.com/assets/community/sidebar/twitter.svg

HTTP Request

GET https://code.visualstudio.com/assets/community/sidebar/github.svg

HTTP Request

GET https://code.visualstudio.com/assets/community/sidebar/issue.svg

HTTP Request

GET https://code.visualstudio.com/assets/community/sidebar/youtube.svg

HTTP Request

GET https://code.visualstudio.com/assets/loading.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://code.visualstudio.com/sha/download?build=stable&os=win32-x64-user

HTTP Response

302

HTTP Request

GET https://code.visualstudio.com/assets/icons/v2/cloud-download.svg

HTTP Response

200
13.107.246.64:443

code.visualstudio.com

tls, http2

chrome.exe

1.7kB
8.3kB
12
14
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

4.6kB
83.6kB
48
79

HTTP Request

CONNECT

HTTP Response

200
13.107.246.64:443

https://consentdeliveryfd.azurefd.net/mscc/lib/v2/wcp-consent.js

tls, http2

chrome.exe

4.9kB
94.1kB
58
77

HTTP Request

GET https://consentdeliveryfd.azurefd.net/mscc/lib/v2/wcp-consent.js

HTTP Response

200
13.107.246.64:443

https://js.monitor.azure.com/scripts/c/ms.analytics-web-4.min.js

tls, http2

chrome.exe

4.7kB
83.2kB
63
70

HTTP Request

GET https://js.monitor.azure.com/scripts/c/ms.analytics-web-4.min.js

HTTP Response

200
142.250.200.42:443

content-autofill.googleapis.com

tls, http2

chrome.exe

1.5kB
1.6kB
9
6
142.250.200.42:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllOkqJ-rLQJhIFDT0fUzwhbx_LEwt2_C4=?alt=proto

tls, http2

chrome.exe

1.9kB
6.8kB
16
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllOkqJ-rLQJhIFDT0fUzwhbx_LEwt2_C4=?alt=proto
52.182.143.208:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

tls, http2

chrome.exe

3.5kB
7.8kB
17
17

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

HTTP Response

200
52.182.143.208:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

tls, http2

chrome.exe

20.8kB
9.2kB
40
26

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578250&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578352&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0&NoResponseBody=true

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073578250&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

HTTP Response

200

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073579214&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-4.3.2&apikey=1a3eb3104447440391ad5f2a6ee06a0a-62879566-bc58-4741-9650-302bf2af703f-7103&upload-time=1728073579214&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

HTTP Response

204

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dab66c1ff3cbb8525136749292eb4f9ea%26HASH%3Dab66%26LV%3D202410%26V%3D4%26LU%3D1728073575708&w=0

HTTP Response

200
52.182.143.208:443

browser.events.data.microsoft.com

tls

chrome.exe

815 B
231 B
5
3
2.23.205.233:443

https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfjquery-3.5.1.js

tls, http2

chrome.exe

11.3kB
424.0kB
184
323

HTTP Request

GET https://www.microsoft.com/en-us/videoplayer/embed/RE4M6Vx

HTTP Response

200

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/mwf/mwfmdl2-v3.54.woff2

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/mwf/slider.css

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/onerfstatics/default-theme.css

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/css/index.css

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/index.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/page-bi-tags.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/load-script.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/require.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/mscc/wcp-consent.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfcomponentfactory.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfonedsconfig.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/mwf/slider.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/require-config.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/lazy-sizes.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/vp-attributes.js

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/js/auto-play.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.microsoft.com/videoplayer/lib/onerfstatics/onerfjquery-3.5.1.js
52.182.143.208:443

browser.events.data.microsoft.com

chrome.exe

98 B
52 B
2
1
13.107.42.18:443

marketplace.visualstudio.com

tls

chrome.exe

1.7kB
8.8kB
10
14
13.107.42.18:443

https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

tls, http2

chrome.exe

6.7kB
173.7kB
86
152

HTTP Request

OPTIONS https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

HTTP Request

OPTIONS https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

HTTP Response

200

HTTP Request

POST https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

HTTP Response

200

HTTP Request

POST https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery

HTTP Response

200

HTTP Response

200
184.87.176.59:443

assets.onestore.ms

tls, http2

chrome.exe

1.2kB
6.8kB
11
14
13.107.246.64:443

mem.gfx.ms

tls, http2

chrome.exe

1.9kB
8.7kB
16
18
66.235.152.156:443

microsoftwindows.112.2o7.net

tls

chrome.exe

1.1kB
5.0kB
9
11
68.232.34.200:443

https://github.gallerycdn.vsassets.io/extensions/github/copilot/1.235.1137/1727971687571/Microsoft.VisualStudio.Services.Icons.Default

tls, http2

chrome.exe

2.8kB
16.1kB
21
22

HTTP Request

GET https://github.gallerycdn.vsassets.io/extensions/github/copilot/1.235.1137/1727971687571/Microsoft.VisualStudio.Services.Icons.Default

HTTP Response

200
152.199.21.175:443

https://vscode.download.prss.microsoft.com/dbazure/download/stable/d78a74bcdfad14d5d3b1b782f87255d802b57511/VSCodeUserSetup-x64-1.94.0.exe

tls, http2

chrome.exe

1.9MB
103.9MB
40952
74403

HTTP Request

GET https://vscode.download.prss.microsoft.com/dbazure/download/stable/d78a74bcdfad14d5d3b1b782f87255d802b57511/VSCodeUserSetup-x64-1.94.0.exe

HTTP Response

200
68.232.34.200:443

https://ms-vscode.gallerycdn.vsassets.io/extensions/ms-vscode/cpptools/1.22.7/1727825672233/Microsoft.VisualStudio.Services.Icons.Default

tls, http2

chrome.exe

2.9kB
13.3kB
20
18

HTTP Request

GET https://ms-vscode.gallerycdn.vsassets.io/extensions/ms-vscode/cpptools/1.22.7/1727825672233/Microsoft.VisualStudio.Services.Icons.Default

HTTP Response

200
68.232.34.200:443

https://vscjava.gallerycdn.vsassets.io/extensions/vscjava/vscode-java-pack/0.29.2024091906/1726729234947/Microsoft.VisualStudio.Services.Icons.Default

tls, http2

chrome.exe

2.8kB
12.7kB
18
20

HTTP Request

GET https://vscjava.gallerycdn.vsassets.io/extensions/vscjava/vscode-java-pack/0.29.2024091906/1726729234947/Microsoft.VisualStudio.Services.Icons.Default

HTTP Response

200
68.232.34.200:443

https://ms-python.gallerycdn.vsassets.io/extensions/ms-python/python/2024.17.2024100401/1728038254474/Microsoft.VisualStudio.Services.Icons.Default

tls, http2

chrome.exe

3.4kB
55.6kB
33
52

HTTP Request

GET https://ms-python.gallerycdn.vsassets.io/extensions/ms-python/python/2024.17.2024100401/1728038254474/Microsoft.VisualStudio.Services.Icons.Default

HTTP Response

200

8.8.8.8:53

mediafire.com

dns

msedge.exe

118 B
91 B
2
1

DNS Request

mediafire.com

DNS Request

mediafire.com

DNS Response

104.17.151.117

104.17.150.117
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

117.151.17.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

117.151.17.104.in-addr.arpa
8.8.8.8:53

www.mediafire.com

dns

msedge.exe

63 B
95 B
1
1

DNS Request

www.mediafire.com

DNS Response

104.17.151.117

104.17.150.117
8.8.8.8:53

the.gatekeeperconsent.com

dns

msedge.exe

71 B
103 B
1
1

DNS Request

the.gatekeeperconsent.com

DNS Response

172.67.199.186

104.21.42.32
8.8.8.8:53

static.mediafire.com

dns

msedge.exe

66 B
98 B
1
1

DNS Request

static.mediafire.com

DNS Response

104.17.150.117

104.17.151.117
8.8.8.8:53

btloader.com

dns

msedge.exe

58 B
106 B
1
1

DNS Request

btloader.com

DNS Response

104.22.74.216

172.67.41.60

104.22.75.216
8.8.8.8:53

privacy.gatekeeperconsent.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

privacy.gatekeeperconsent.com

DNS Response

104.21.42.32

172.67.199.186
8.8.8.8:53

www.ezojs.com

dns

msedge.exe

59 B
137 B
1
1

DNS Request

www.ezojs.com

DNS Response

172.67.170.144

104.21.63.106
8.8.8.8:53

translate.google.com

dns

msedge.exe

66 B
103 B
1
1

DNS Request

translate.google.com

DNS Response

172.217.16.238
8.8.8.8:53

cdn.amplitude.com

dns

msedge.exe

63 B
127 B
1
1

DNS Request

cdn.amplitude.com

DNS Response

18.239.18.40

18.239.18.117

18.239.18.31

18.239.18.99
8.8.8.8:53

static.cloudflareinsights.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
8.8.8.8:53

232.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

232.212.58.216.in-addr.arpa
8.8.8.8:53

186.199.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

186.199.67.172.in-addr.arpa
8.8.8.8:53

cdn.otnolatrnup.com

dns

msedge.exe

65 B
97 B
1
1

DNS Request

cdn.otnolatrnup.com

DNS Response

104.18.159.164

104.19.208.227
8.8.8.8:53

g.ezoic.net

dns

msedge.exe

57 B
73 B
1
1

DNS Request

g.ezoic.net

DNS Response

13.37.187.223
8.8.8.8:53

ad-delivery.net

dns

msedge.exe

61 B
109 B
1
1

DNS Request

ad-delivery.net

DNS Response

104.26.2.70

104.26.3.70

172.67.69.19
8.8.8.8:53

go.ezodn.com

dns

msedge.exe

58 B
90 B
1
1

DNS Request

go.ezodn.com

DNS Response

172.67.142.121

104.21.87.79
8.8.8.8:53

www.mediafiredls.com

dns

msedge.exe

66 B
114 B
1
1

DNS Request

www.mediafiredls.com

DNS Response

172.67.73.78

104.26.3.173

104.26.2.173
8.8.8.8:53

translate.googleapis.com

dns

msedge.exe

70 B
86 B
1
1

DNS Request

translate.googleapis.com

DNS Response

142.250.200.10
8.8.8.8:53

api.amplitude.com

dns

msedge.exe

63 B
191 B
1
1

DNS Request

api.amplitude.com

DNS Response

52.36.87.142

52.37.122.183

52.27.213.114

34.209.161.251

52.43.168.152

44.237.230.81

34.211.96.32

52.41.33.45
8.8.8.8:53

otnolatrnup.com

dns

msedge.exe

61 B
93 B
1
1

DNS Request

otnolatrnup.com

DNS Response

104.19.208.227

104.18.159.164
8.8.8.8:53

securepubads.g.doubleclick.net

dns

msedge.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

172.217.16.226
8.8.8.8:53

32.42.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

32.42.21.104.in-addr.arpa
8.8.8.8:53

73.80.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.80.16.104.in-addr.arpa
8.8.8.8:53

216.74.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

216.74.22.104.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

144.170.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

144.170.67.172.in-addr.arpa
8.8.8.8:53

113.39.65.18.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

113.39.65.18.in-addr.arpa
8.8.8.8:53

40.18.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

40.18.239.18.in-addr.arpa
8.8.8.8:53

g.ezodn.com

dns

msedge.exe

57 B
89 B
1
1

DNS Request

g.ezodn.com

DNS Response

172.67.142.121

104.21.87.79
8.8.8.8:53

api.btloader.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

api.btloader.com

DNS Response

130.211.23.194
8.8.8.8:53

78.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.169.217.172.in-addr.arpa
8.8.8.8:53

223.187.37.13.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

223.187.37.13.in-addr.arpa
8.8.8.8:53

198.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

198.187.250.142.in-addr.arpa
8.8.8.8:53

227.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.179.250.142.in-addr.arpa
8.8.8.8:53

tags.crwdcntrl.net

dns

msedge.exe

64 B
128 B
1
1

DNS Request

tags.crwdcntrl.net

DNS Response

18.239.18.118

18.239.18.33

18.239.18.12

18.239.18.78
8.8.8.8:53

164.159.18.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

164.159.18.104.in-addr.arpa
8.8.8.8:53

121.142.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

121.142.67.172.in-addr.arpa
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

70.2.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

70.2.26.104.in-addr.arpa
8.8.8.8:53

78.73.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

78.73.67.172.in-addr.arpa
8.8.8.8:53

142.87.36.52.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

142.87.36.52.in-addr.arpa
8.8.8.8:53

translate-pa.googleapis.com

dns

msedge.exe

73 B
297 B
1
1

DNS Request

translate-pa.googleapis.com

DNS Response

142.250.200.42

142.250.178.10

172.217.169.42

142.250.200.10

216.58.213.10

172.217.169.74

172.217.16.234

142.250.187.234

216.58.212.234

142.250.180.10

216.58.204.74

216.58.201.106

142.250.179.234

142.250.187.202
8.8.8.8:53

bcp.crwdcntrl.net

dns

msedge.exe

63 B
191 B
1
1

DNS Request

bcp.crwdcntrl.net

DNS Response

52.48.114.218

54.74.215.235

54.216.230.172

54.78.53.108

54.76.113.237

52.211.255.159

34.251.185.45

54.76.166.236
8.8.8.8:53

ad.crwdcntrl.net

dns

msedge.exe

62 B
190 B
1
1

DNS Request

ad.crwdcntrl.net

DNS Response

52.48.114.218

52.211.255.159

54.76.113.237

54.78.53.108

54.76.166.236

34.251.185.45

54.216.230.172

54.74.215.235
8.8.8.8:53

bshr.ezodn.com

dns

msedge.exe

60 B
92 B
1
1

DNS Request

bshr.ezodn.com

DNS Response

104.21.87.79

172.67.142.121
8.8.8.8:53

crt.rootg2.amazontrust.com

dns

msedge.exe

72 B
136 B
1
1

DNS Request

crt.rootg2.amazontrust.com

DNS Response

18.239.83.98

18.239.83.27

18.239.83.86

18.239.83.100
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.169.34
172.217.16.226:443

securepubads.g.doubleclick.net

https

msedge.exe

58.7kB
190.3kB
155
201
8.8.8.8:53

226.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

226.16.217.172.in-addr.arpa
8.8.8.8:53

194.23.211.130.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

194.23.211.130.in-addr.arpa
8.8.8.8:53

34.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

34.169.217.172.in-addr.arpa
8.8.8.8:53

118.18.239.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

118.18.239.18.in-addr.arpa
8.8.8.8:53

79.87.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

79.87.21.104.in-addr.arpa
8.8.8.8:53

98.83.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

98.83.239.18.in-addr.arpa
8.8.8.8:53

218.114.48.52.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

218.114.48.52.in-addr.arpa
8.8.8.8:53

fundingchoicesmessages.google.com

dns

msedge.exe

79 B
116 B
1
1

DNS Request

fundingchoicesmessages.google.com

DNS Response

172.217.16.238
172.217.16.238:443

fundingchoicesmessages.google.com

https

msedge.exe

5.6kB
74.5kB
36
58
224.0.0.251:5353

chrome.exe

661 B
10
142.250.200.10:443

translate-pa.googleapis.com

https

msedge.exe

3.0kB
7.5kB
10
13
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

region1.analytics.google.com

dns

msedge.exe

74 B
106 B
1
1

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

stats.g.doubleclick.net

dns

msedge.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

108.177.15.154

108.177.15.156

108.177.15.155

108.177.15.157
8.8.8.8:53

gum.criteo.com

dns

msedge.exe

60 B
107 B
1
1

DNS Request

gum.criteo.com

DNS Response

178.250.1.11
8.8.8.8:53

id.a-mx.com

dns

msedge.exe

57 B
89 B
1
1

DNS Request

id.a-mx.com

DNS Response

79.127.216.47

79.127.227.46
8.8.8.8:53

ups.analytics.yahoo.com

dns

msedge.exe

144 B
506 B
2
2

DNS Request

ups.analytics.yahoo.com

DNS Response

3.75.62.37

3.71.149.231

DNS Request

consentdeliveryfd.azurefd.net

DNS Response

13.107.246.64
8.8.8.8:53

id.hadron.ad.gt

dns

msedge.exe

61 B
157 B
1
1

DNS Request

id.hadron.ad.gt

DNS Response

172.67.23.234

104.22.5.69

104.22.4.69
8.8.8.8:53

id5-sync.com

dns

msedge.exe

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

162.19.138.119

141.95.98.64

162.19.138.118

141.95.33.120

162.19.138.83

141.95.98.65

162.19.138.117

162.19.138.116

162.19.138.120

162.19.138.82
8.8.8.8:53

api.rlcdn.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

api.rlcdn.com

DNS Response

34.120.133.55
8.8.8.8:53

id.crwdcntrl.net

dns

msedge.exe

62 B
190 B
1
1

DNS Request

id.crwdcntrl.net

DNS Response

54.76.113.237

34.251.185.45

54.76.166.236

54.78.53.108

54.216.230.172

52.211.255.159

54.74.215.235

52.48.114.218
8.8.8.8:53

match.adsrvr.org

dns

msedge.exe

62 B
126 B
1
1

DNS Request

match.adsrvr.org

DNS Response

3.33.220.150

15.197.193.217

35.71.131.137

52.223.40.198
8.8.8.8:53

www.google.co.uk

dns

msedge.exe

62 B
78 B
1
1

DNS Request

www.google.co.uk

DNS Response

142.250.200.35
8.8.8.8:53

cdn-ima.33across.com

dns

msedge.exe

66 B
151 B
1
1

DNS Request

cdn-ima.33across.com

DNS Response

104.18.35.167

172.64.152.89
8.8.8.8:53

invstatic101.creativecdn.com

dns

msedge.exe

74 B
90 B
1
1

DNS Request

invstatic101.creativecdn.com

DNS Response

34.96.70.87
8.8.8.8:53

static.criteo.net

dns

msedge.exe

63 B
113 B
1
1

DNS Request

static.criteo.net

DNS Response

178.250.1.3
8.8.8.8:53

oa.openxcdn.net

dns

msedge.exe

61 B
77 B
1
1

DNS Request

oa.openxcdn.net

DNS Response

34.102.146.192
8.8.8.8:53

tpc.googlesyndication.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

216.58.201.97
8.8.8.8:53

c3.a-mo.net

dns

msedge.exe

57 B
114 B
1
1

DNS Request

c3.a-mo.net

DNS Response

79.127.227.46

79.127.216.47
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

msedge.exe

66 B
226 B
1
1

DNS Request

lb.eu-1-id5-sync.com

DNS Response

162.19.138.116

141.95.98.65

141.95.98.64

162.19.138.83

141.95.33.120

162.19.138.117

162.19.138.118

162.19.138.82

162.19.138.120

162.19.138.119
8.8.8.8:53

oajs.openx.net

dns

msedge.exe

60 B
92 B
1
1

DNS Request

oajs.openx.net

DNS Response

34.120.107.143

34.120.135.53
8.8.8.8:53

dnacdn.net

dns

msedge.exe

56 B
72 B
1
1

DNS Request

dnacdn.net

DNS Response

178.250.1.11
216.58.201.97:443

tpc.googlesyndication.com

https

msedge.exe

7.3kB
84.7kB
52
79
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.204.68
8.8.8.8:53

hb.yellowblue.io

dns

msedge.exe

62 B
126 B
1
1

DNS Request

hb.yellowblue.io

DNS Response

18.239.50.10

18.239.50.87

18.239.50.3

18.239.50.124
8.8.8.8:53

tlx.3lift.com

dns

msedge.exe

59 B
128 B
1
1

DNS Request

tlx.3lift.com

DNS Response

3.78.168.176

18.157.230.4

3.124.64.248
8.8.8.8:53

prebid.a-mo.net

dns

msedge.exe

61 B
219 B
1
1

DNS Request

prebid.a-mo.net

DNS Response

163.5.194.33

163.5.194.36

163.5.194.30

163.5.194.35

163.5.194.32

163.5.194.31

163.5.194.37

163.5.194.34
8.8.8.8:53

onetag-sys.com

dns

msedge.exe

60 B
156 B
1
1

DNS Request

onetag-sys.com

DNS Response

51.89.9.253

51.89.9.251

51.75.86.98

51.89.9.254

51.38.120.206

51.89.9.252
8.8.8.8:53

ap.lijit.com

dns

msedge.exe

58 B
310 B
1
1

DNS Request

ap.lijit.com

DNS Response

52.19.188.138

52.210.21.58

54.229.25.175

34.242.65.112

34.253.139.138

54.155.119.8

54.216.33.27

54.76.222.75
8.8.8.8:53

fastlane.rubiconproject.com

dns

msedge.exe

73 B
142 B
1
1

DNS Request

fastlane.rubiconproject.com

DNS Response

69.173.156.139
34.120.107.143:443

oajs.openx.net

https

msedge.exe

2.4kB
4.1kB
8
8
51.89.9.253:443

onetag-sys.com

https

msedge.exe

6.9kB
5
216.58.204.68:443

www.google.com

https

msedge.exe

4.1kB
7.8kB
13
13
8.8.8.8:53

234.23.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

234.23.67.172.in-addr.arpa
8.8.8.8:53

11.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

11.1.250.178.in-addr.arpa
8.8.8.8:53

154.15.177.108.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

154.15.177.108.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

47.216.127.79.in-addr.arpa

dns

72 B
118 B
1
1

DNS Request

47.216.127.79.in-addr.arpa
8.8.8.8:53

37.62.75.3.in-addr.arpa

dns

69 B
132 B
1
1

DNS Request

37.62.75.3.in-addr.arpa
8.8.8.8:53

119.138.19.162.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

119.138.19.162.in-addr.arpa
8.8.8.8:53

55.133.120.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

55.133.120.34.in-addr.arpa
8.8.8.8:53

192.146.102.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

192.146.102.34.in-addr.arpa
8.8.8.8:53

35.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.200.250.142.in-addr.arpa
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

167.35.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

167.35.18.104.in-addr.arpa
8.8.8.8:53

87.70.96.34.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

87.70.96.34.in-addr.arpa
8.8.8.8:53

3.1.250.178.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

3.1.250.178.in-addr.arpa
8.8.8.8:53

150.220.33.3.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

150.220.33.3.in-addr.arpa
8.8.8.8:53

46.227.127.79.in-addr.arpa

dns

72 B
118 B
1
1

DNS Request

46.227.127.79.in-addr.arpa
8.8.8.8:53

143.107.120.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

143.107.120.34.in-addr.arpa
8.8.8.8:53

116.138.19.162.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

116.138.19.162.in-addr.arpa
8.8.8.8:53

10.50.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

10.50.239.18.in-addr.arpa
8.8.8.8:53

68.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

68.204.58.216.in-addr.arpa
8.8.8.8:53

33.194.5.163.in-addr.arpa

dns

71 B
159 B
1
1

DNS Request

33.194.5.163.in-addr.arpa
8.8.8.8:53

139.156.173.69.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

139.156.173.69.in-addr.arpa
8.8.8.8:53

176.168.78.3.in-addr.arpa

dns

71 B
136 B
1
1

DNS Request

176.168.78.3.in-addr.arpa
8.8.8.8:53

253.9.89.51.in-addr.arpa

dns

70 B
103 B
1
1

DNS Request

253.9.89.51.in-addr.arpa
8.8.8.8:53

138.188.19.52.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

138.188.19.52.in-addr.arpa
8.8.8.8:53

google-bidout-d.openx.net

dns

msedge.exe

71 B
103 B
1
1

DNS Request

google-bidout-d.openx.net

DNS Response

34.98.64.218

35.244.159.8
8.8.8.8:53

10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com

dns

msedge.exe

110 B
169 B
1
1

DNS Request

10a18794c2f78312d5b8f618f41153db.safeframe.googlesyndication.com

DNS Response

142.250.200.33
8.8.8.8:53

ag.gbc.criteo.com

dns

msedge.exe

63 B
537 B
1
1

DNS Request

ag.gbc.criteo.com

DNS Response

185.235.86.89

185.235.86.94

185.235.86.108

185.235.86.91

185.235.86.92

185.235.86.111

185.235.86.107

185.235.86.87

185.235.86.86

185.235.86.88

185.235.86.103

185.235.86.109

185.235.86.105

185.235.86.102

185.235.86.95

185.235.86.84

185.235.86.90

185.235.86.110

185.235.86.101

185.235.86.93

185.235.86.85

185.235.86.106

185.235.86.100

185.235.86.97

185.235.86.104

185.235.86.99

185.235.86.98

185.235.86.96
8.8.8.8:53

gem.gbc.criteo.com

dns

msedge.exe

64 B
538 B
1
1

DNS Request

gem.gbc.criteo.com

DNS Response

185.235.86.180

185.235.86.192

185.235.86.168

185.235.86.193

185.235.86.188

185.235.86.173

185.235.86.179

185.235.86.175

185.235.86.189

185.235.86.177

185.235.86.182

185.235.86.194

185.235.86.170

185.235.86.190

185.235.86.191

185.235.86.187

185.235.86.178

185.235.86.185

185.235.86.172

185.235.86.195

185.235.86.174

185.235.86.184

185.235.86.181

185.235.86.171

185.235.86.186

185.235.86.176

185.235.86.183

185.235.86.169
8.8.8.8:53

194.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

194.212.58.216.in-addr.arpa
8.8.8.8:53

218.64.98.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

218.64.98.34.in-addr.arpa
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

180.86.235.185.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

180.86.235.185.in-addr.arpa
8.8.8.8:53

89.86.235.185.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

89.86.235.185.in-addr.arpa
8.8.8.8:53

check.analytics.rlcdn.com

dns

msedge.exe

71 B
135 B
1
1

DNS Request

check.analytics.rlcdn.com

DNS Response

13.227.219.17

13.227.219.97

13.227.219.49

13.227.219.68
8.8.8.8:53

17.219.227.13.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

17.219.227.13.in-addr.arpa
216.239.34.36:443

region1.analytics.google.com

https

msedge.exe

5.4kB
7.7kB
18
16
8.8.8.8:53

cdn.ampproject.org

dns

msedge.exe

64 B
106 B
1
1

DNS Request

cdn.ampproject.org

DNS Response

216.58.204.65
216.58.201.97:443

tpc.googlesyndication.com

https

msedge.exe

3.2kB
6.5kB
6
7
8.8.8.8:53

65.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

65.204.58.216.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

download2266.mediafire.com

dns

msedge.exe

72 B
88 B
1
1

DNS Request

download2266.mediafire.com

DNS Response

199.91.155.7
8.8.8.8:53

woreppercomming.com

dns

msedge.exe

65 B
129 B
1
1

DNS Request

woreppercomming.com

DNS Response

65.9.95.107

65.9.95.72

65.9.95.126

65.9.95.51
8.8.8.8:53

7.155.91.199.in-addr.arpa

dns

71 B
71 B
1
1

DNS Request

7.155.91.199.in-addr.arpa
8.8.8.8:53

227.208.19.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

227.208.19.104.in-addr.arpa
8.8.8.8:53

www.chancial.com

dns

msedge.exe

62 B
94 B
1
1

DNS Request

www.chancial.com

DNS Response

172.67.141.135

104.21.79.34
8.8.8.8:53

www.opera.com

dns

msedge.exe

59 B
244 B
1
1

DNS Request

www.opera.com

DNS Response

18.195.77.204

18.194.121.65

18.156.151.221

3.120.77.189

18.185.202.20

52.58.109.22

3.127.99.168

3.66.40.186
8.8.8.8:53

107.95.9.65.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

107.95.9.65.in-addr.arpa
8.8.8.8:53

200.163.202.172.in-addr.arpa

dns

74 B
160 B
1
1

DNS Request

200.163.202.172.in-addr.arpa
8.8.8.8:53

135.141.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

135.141.67.172.in-addr.arpa
8.8.8.8:53

204.77.195.18.in-addr.arpa

dns

72 B
138 B
1
1

DNS Request

204.77.195.18.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

connect.facebook.net

dns

msedge.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.147.35
8.8.8.8:53

21.151.70.163.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

21.151.70.163.in-addr.arpa
8.8.8.8:53

68.209.201.84.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

68.209.201.84.in-addr.arpa
8.8.8.8:53

35.147.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.147.70.163.in-addr.arpa
142.250.200.10:443

translate-pa.googleapis.com

https

msedge.exe

2.9kB
5.4kB
4
4
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.187.238
216.58.204.68:443

www.google.com

https

chrome.exe

59.9kB
2.2MB
376
1841
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
261 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

142.250.200.10

172.217.16.234

142.250.187.202

216.58.204.74

142.250.180.10

142.250.179.234

142.250.200.42

142.250.187.234

172.217.169.10

216.58.212.202

142.250.178.10

216.58.201.106
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.178.14
142.250.200.10:443

ogads-pa.googleapis.com

https

chrome.exe

2.9kB
6.5kB
5
8
8.8.8.8:53

14.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.178.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.187.238
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

dns-tunnel-check.googlezip.net

dns

chrome.exe

76 B
92 B
1
1

DNS Request

dns-tunnel-check.googlezip.net

DNS Response

216.239.34.159
8.8.8.8:53

tunnel.googlezip.net

dns

chrome.exe

66 B
82 B
1
1

DNS Request

tunnel.googlezip.net

DNS Response

216.239.34.157
8.8.8.8:53

157.34.239.216.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

157.34.239.216.in-addr.arpa
8.8.8.8:53

consent.google.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

consent.google.com

DNS Response

142.250.179.238
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

encrypted-tbn0.gstatic.com

dns

chrome.exe

72 B
88 B
1
1

DNS Request

encrypted-tbn0.gstatic.com

DNS Response

142.250.187.206
142.250.187.238:443

play.google.com

https

chrome.exe

2.9kB
6.7kB
5
8
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
142.250.187.206:443

encrypted-tbn0.gstatic.com

https

chrome.exe

2.9kB
6.3kB
5
7
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

get.activated.win

dns

powershell.exe

63 B
95 B
1
1

DNS Request

get.activated.win

DNS Response

172.67.219.75

104.21.24.156
8.8.8.8:53

raw.githubusercontent.com

dns

powershell.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.109.133

185.199.111.133

185.199.110.133

185.199.108.133
8.8.8.8:53

133.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.109.199.185.in-addr.arpa
8.8.8.8:53

75.219.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

75.219.67.172.in-addr.arpa
8.8.8.8:53

updatecheck.massgrave.dev

dns

PING.EXE

142 B
174 B
2
2

DNS Request

updatecheck.massgrave.dev

DNS Request

updatecheck.massgrave.dev

DNS Response

127.69.2.7

DNS Response

127.69.2.7
8.8.8.8:53

l.root-servers.net

dns

PING.EXE

64 B
80 B
1
1

DNS Request

l.root-servers.net

DNS Response

199.7.83.42
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

purchase.mp.microsoft.com

dns

142 B
646 B
2
2

DNS Request

purchase.mp.microsoft.com

DNS Request

purchase.mp.microsoft.com

DNS Response

95.100.104.23

95.100.104.27

DNS Response

95.100.104.23

95.100.104.27
8.8.8.8:53

206.221.208.4.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

206.221.208.4.in-addr.arpa
8.8.8.8:53

23.104.100.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

23.104.100.95.in-addr.arpa
8.8.8.8:53

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

dns

118 B
182 B
1
1

DNS Request

c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
8.8.8.8:53

246.197.219.23.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

246.197.219.23.in-addr.arpa
8.8.8.8:53

4.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.173.189.20.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.16.238
8.8.8.8:53

www.google.com

dns

chrome.exe

120 B
76 B
2
1

DNS Request

www.google.com

DNS Request

www.google.com

DNS Response

216.58.204.68
216.58.204.68:443

www.google.com

https

chrome.exe

22.7kB
564.7kB
161
504
8.8.8.8:53

67.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

67.204.58.216.in-addr.arpa
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
293 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

142.250.200.42

142.250.180.10

216.58.212.234

172.217.16.234

172.217.169.10

142.250.187.202

142.250.178.10

142.250.187.234

142.250.200.10

142.250.179.234

172.217.169.42

216.58.201.106

216.58.204.74

216.58.213.10
142.250.200.42:443

ogads-pa.googleapis.com

https

chrome.exe

4.4kB
7.1kB
10
13
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

183 B
77 B
3
1

DNS Request

play.google.com

DNS Request

play.google.com

DNS Request

play.google.com

DNS Response

172.217.16.238
8.8.8.8:53

dns-tunnel-check.googlezip.net

dns

chrome.exe

152 B
92 B
2
1

DNS Request

dns-tunnel-check.googlezip.net

DNS Request

dns-tunnel-check.googlezip.net

DNS Response

216.239.34.159
172.217.16.238:443

play.google.com

https

chrome.exe

3.1kB
8.1kB
10
10
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

154 B
317 B
2
1

DNS Request

content-autofill.googleapis.com

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.200.42

142.250.179.234

142.250.180.10

172.217.169.10

172.217.169.74

216.58.212.202

216.58.201.106

142.250.178.10

142.250.200.10

142.250.187.202

216.58.204.74

172.217.16.234

172.217.169.42

142.250.187.234

216.58.213.10
8.8.8.8:53

226.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.187.250.142.in-addr.arpa
8.8.8.8:53

code.visualstudio.com

dns

chrome.exe

67 B
270 B
1
1

DNS Request

code.visualstudio.com

DNS Response

13.107.246.64
172.217.16.238:443

play.google.com

https

chrome.exe

1.6kB
6.7kB
4
8
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

js.monitor.azure.com

dns

chrome.exe

66 B
254 B
1
1

DNS Request

js.monitor.azure.com

DNS Response

13.107.246.64
8.8.8.8:53

browser.events.data.microsoft.com

dns

chrome.exe

79 B
203 B
1
1

DNS Request

browser.events.data.microsoft.com

DNS Response

52.182.143.208
8.8.8.8:53

208.143.182.52.in-addr.arpa

dns

146 B
294 B
2
2

DNS Request

208.143.182.52.in-addr.arpa

DNS Request

208.143.182.52.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

chrome.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.23.205.233
8.8.8.8:53

marketplace.visualstudio.com

dns

chrome.exe

74 B
90 B
1
1

DNS Request

marketplace.visualstudio.com

DNS Response

13.107.42.18
8.8.8.8:53

assets.onestore.ms

dns

chrome.exe

64 B
201 B
1
1

DNS Request

assets.onestore.ms

DNS Response

184.87.176.59
8.8.8.8:53

web.vortex.data.microsoft.com

dns

chrome.exe

75 B
148 B
1
1

DNS Request

web.vortex.data.microsoft.com
8.8.8.8:53

mem.gfx.ms

dns

chrome.exe

56 B
268 B
1
1

DNS Request

mem.gfx.ms

DNS Response

13.107.246.64
8.8.8.8:53

microsoftwindows.112.2o7.net

dns

chrome.exe

74 B
122 B
1
1

DNS Request

microsoftwindows.112.2o7.net

DNS Response

66.235.152.156

66.235.152.221

66.235.152.225
8.8.8.8:53

233.205.23.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

233.205.23.2.in-addr.arpa
8.8.8.8:53

18.42.107.13.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

18.42.107.13.in-addr.arpa
8.8.8.8:53

59.176.87.184.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

59.176.87.184.in-addr.arpa
8.8.8.8:53

153.117.19.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

153.117.19.2.in-addr.arpa
8.8.8.8:53

156.152.235.66.in-addr.arpa

dns

73 B
121 B
1
1

DNS Request

156.152.235.66.in-addr.arpa
8.8.8.8:53

github.gallerycdn.vsassets.io

dns

chrome.exe

75 B
157 B
1
1

DNS Request

github.gallerycdn.vsassets.io

DNS Response

68.232.34.200
8.8.8.8:53

vscode.download.prss.microsoft.com

dns

chrome.exe

80 B
233 B
1
1

DNS Request

vscode.download.prss.microsoft.com

DNS Response

152.199.21.175
8.8.8.8:53

ms-python.gallerycdn.vsassets.io

dns

chrome.exe

78 B
160 B
1
1

DNS Request

ms-python.gallerycdn.vsassets.io

DNS Response

68.232.34.200
8.8.8.8:53

ms-vscode.gallerycdn.vsassets.io

dns

chrome.exe

78 B
160 B
1
1

DNS Request

ms-vscode.gallerycdn.vsassets.io

DNS Response

68.232.34.200
8.8.8.8:53

vscjava.gallerycdn.vsassets.io

dns

chrome.exe

76 B
158 B
1
1

DNS Request

vscjava.gallerycdn.vsassets.io

DNS Response

68.232.34.200
8.8.8.8:53

200.34.232.68.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

200.34.232.68.in-addr.arpa
8.8.8.8:53

175.21.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

175.21.199.152.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\GenuineTicket

Filesize
1KB

MD5
67a8abe602fd21c5683962fa75f8c9fd

SHA1
e296942da1d2b56452e05ae7f753cd176d488ea8

SHA256
1d19fed36f7d678ae2b2254a5eef240e6b6b9630e5696d0f9efb8b744c60e411

SHA512
70b0b27a2b89f5f771467ac24e92b6cc927f3fdc10d8cb381528b2e08f2a5a3e8c25183f20233b44b71b54ce910349c279013c6a404a1a95b3cc6b8922ab9fc6

Download Submit
C:\Users\Admin\.vscode\argv.json

Filesize
798B

MD5
fbc69c9655f06c0e570091b9aaa17507

SHA1
7cfbdfdcb731bd7ec1ae3bc916585543099da76a

SHA256
2928f6dbbecb0e8dfb968adb55cffe70e8655b9052f71f72d33d5bd8f1ad3390

SHA512
3f1b410523f2f66a51c7aee846e33eea54aff0758394b125d79701aea6efe76e8e7f5f7b739d06cc66c78141a4cfd446dcc1ad60e75f7b54dd0cecbe67284e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f10307a4e87f78ad0b6081cd8e23f6

SHA1
a26e92f89231b60cbd742d0a259d63eebe2388d0

SHA256
dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9

SHA512
5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ca7ee84661fb4de0558516ca47a8a1f0

SHA1
04a6e2ed41c7a677d407e1f8b6734f4c18ab7776

SHA256
225ab467872211ac5afc67536a64689427a5cac67aa47d6872e20728b51f0667

SHA512
7521764dcf6a42192ee62152bfe97b69f547bccb8dace7ce46feacab0534e8c6d71e2eb0bc2ecd6608f0a4227d60da3018bf844781ceca27449238084aae6cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0cf9ace08130ed8f9f492e0365050767

SHA1
fd6066ecd8f3d6063089b03d30004a461e51859a

SHA256
8dc19c7430504d0b423163ce517d6d5cd016e6ddbe140ba8f9d9756645a03c35

SHA512
644fa1a7e43a1703e00aacffd194fc378856cec2a11f667d1008479a5c2a5bababc8df5738b7164ded7c1d49794131cf4ff2a79f645099a30aea45cc26460583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
a4350586fd00d8bfa3142bbc5ab3bf04

SHA1
7dfaf26986d8859bc06952c49175c12af1a1b8d3

SHA256
eab5ed14e05d32d8f34d87dfdefbb4769ce0f2b57a5e0de85d4cd193bde704fb

SHA512
0a011d8ebe31c25996553c8df1399e678572148dcf022863b3ff002a4c881f3de94014b47cdd64828656c5dc914cf1dd199c756b1c3bcad620dde731b68b780c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9062b95aaf7fa8feecd2ebcc13390dae

SHA1
bf17eb063cae63fe6186d5fc55ee23b4537661f9

SHA256
3f66b66bae32c544d68d20b9145ed78a5908ca8a6a8b78c179091627e5ea5a0a

SHA512
a0b6277ded96cba3eceb032224889c5a1c4dfa647f3619a92f807c7698cee686a5c6fd9f9ea2aa26f5a0e7ae2d62183a822f2922158db2d8366b0b4be07df35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
413497c0b2fbbac9696c3c540df7828d

SHA1
91f414e459fac814332c974f41d41eeb7414cb7f

SHA256
af815502e513d7de13db6e683861726d1ec01a3f0204aa5c65a3f682f240dded

SHA512
a4862b0f8e4ba67462d8ed1ad5a4ffbcb59fb29f88168125c9ee4b6fdca4a0eba3374da8031a65715dcbbcb8463df5a85385a3fa26d0e91ae45c6af1427ff812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e72372a77e7660cc4e34071c4c180784

SHA1
dc3741b99ec61d822a76f0518b2e7001569e7b15

SHA256
8db50e19d5b2699eef45c17fc7dae03348700db4da95829f75b9748e19aee0b6

SHA512
14b35ccaf65d82bd79114676b33a99c836aa8a325b1833224fb05e0226ca9f1284f2a1c9b67d2b033aef7d89ccfa1a946e92ad5c0caf83da692082ce78d811a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
86d2b4afed5b5582075f445f35c636f2

SHA1
f3a4bb26bcfe0d05c738423317ffcf3c5ba16019

SHA256
f2bbb6fbf064ee4a2d6acd6948ff65d5d2300fb9e87adb7c7021f7c10f19786c

SHA512
ab31d3e8bfef850a94cde2ce241fe06577a04f0c961dfbad11c0480660afa39344537fd536c7c29411a4938b643a7813237a819dcc31400b4134f156d7b3a0ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b46ef6b8c0d362560b0c4cd4226db5d8

SHA1
7a7a27873e1fe047c9da1ae55642f20e47e0c7f4

SHA256
fb1db5cb01e881a691e494b1df72009cec5748d2b2ae78e96a443014623e301d

SHA512
348b63fcc127dec885aa3545ca81890fa302269845d4cd3b47264eb1f27d9fdb60eba61c5e84f0b819facf292130dc8bee0bb2b14a6e28f3a1203973b24b6481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d6e4e4d090d25d0fb3b093deae52e74

SHA1
d0caf6ba22472041aa1db6353485045751df9b60

SHA256
45eb80e6ca014b851c862440059aecee31a85eb3eb81cb9612be5f2a51fbaec2

SHA512
bf3884005920b7e64b71c5b86824bcf1368bf1c321a2b905c713e58ed26bb93b9650c415cbbd1a202a193daffd9a0804bb330fa4f0f0d6bb10b0f82c24b022a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c4c34d66fb6b9da700b17f5f0706b5e

SHA1
c03a6d71264575e11d97558067fd923adb2bffc8

SHA256
2c8bf608526ac80c975c08c3b8b9b07da34d784f330c0c0c41025858dd5bcfb1

SHA512
0ccb66527960204ad81e855d71a2fc8433096cfe5c3ae2ebccd50119ab82aadb86f6f23de21edeea7980e70aa4aac3ca193d0423460798135f69aed535546365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ff524e8fdc77bd8bcbd87b13f7aa071

SHA1
a79152f3cd4f7395424d875c5f9670d6f06d09c3

SHA256
15d0cdeea5aa55005a3e07100e7accea316f2f3c64787b3e55b1dd5fa2cc7bf9

SHA512
fb711bf3e11402293a40daec5ad948704eb32ffaec4b25846a850f433de8124538ae2d901d2f95a97106c5369d1545d730dae513acffd4dc1ccf74b9027d0fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ca752cd4bba38b6ca2a518b680fe9e4

SHA1
fdba51baeadd28643c77d0a0444f8adab7df07b5

SHA256
a2504a1c7163cff697f970770069c9dc58fe9ac27898a113a9813891803083ea

SHA512
fdcffc53eb869fd6fd1a382a1749ad8b46a03dc8d0fbf2b18b00b68c813e562b8999a0b0d14a3f5d5db2bd6a7357a3300a898bcc02b61aee17cce3093e5ce05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6f2caafdc1624bae45202bb39644508

SHA1
e3a5fc6b7b04674c9e68c368c5306a0227fde460

SHA256
a5bfe45c30489184f0a3c804c4dd6cb6d275091dcda319b0f9d0ccbd5c4697a5

SHA512
f49be87fd7abde83828f1570343aae9c8b5ffef9c9d394a70dab7c18a4df9741ca235eadc2029f09e83205d411b0b3e66759550526aa955c63f96a32ae8bcf91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba0077680428c6b7b40f2f5710dac004

SHA1
3b2b6eadb6f661cf6814e4a6bb34d0a6b4bd2cd0

SHA256
9966e6b63c4e3db76226c286cc949e7302712c25c48b3ebb921562e1cdf35fce

SHA512
763471d6bba17df5beab3f3406e579bc58eee4d39fabf68b39deadb6f32d094e7bcb760f39028f6961b4958aa92c720c6cbd6f09ffbfe0ece74380fa4cc4355f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adbe462dd2cd44089980d75a5743953c

SHA1
1b3474967372aff12a92fbffc598322ee280a9c3

SHA256
389309bbbaf840a5fc1c3a214fbd8478a3ff54e87bcb6b1e7ca7fb80f4db9ff0

SHA512
fa6ea4ae9b06b49e76a2b3581d5ce4e251caa981c0b6ffc4c26421723970f62e7e5c13a6f2669657e824d22b60ada82969977f14dfef7020cf79f5975a98aa89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5babee5990b223477d55703147cafae6

SHA1
1d5e668b009f2657181beed0aac34d7c88c89b12

SHA256
6999f01e4fa2922fcc4a1bf5976835ffc6e11803a4b35d3925a24ef458689e14

SHA512
ce16f11808db9f849c93f96375f5be3e40f129b1c941c784ee95addf4c63380da742610f5d2c420c672af3aecb4fc016b7f13d3853a33211be04343225d6c45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e158829148bf9aa4589c41b15dbdaf71

SHA1
5ddd723b3b94929ce7956e43fd34cb91529e387b

SHA256
8eb78d64b87e192effef96621c6cfe6503e5e875fd1a77b45efd727821bd644c

SHA512
44f60d0026e28ddaf521d168804f35ca31a414520c4ffb5f4e9ea89e49f3beee11312dedaaee67a1af5a7a0d4eb15fa88b81e53a384a777b67f85425435a6b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc5f5beae2c86d465ca270bfe5df2162

SHA1
80b9f9c8773832c7c50a94b573f1b8210725edbc

SHA256
0c556a7e4e19bf84b1dd3a819249908fc37158d61610bf40456623c0bd397dbd

SHA512
bff0bb2ff74223fed6607c97c72d1621894cb1cbc83cbccb93332142272f0e7dc00553737230611060519eff3166cc93beaf52327fa93757e746955c545f8394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdec0d84cea0e5a211e79ff275d56106

SHA1
c79330cf68ef56e0d76cdb91ffe27a03aced58e4

SHA256
06124ecfb5e30f2116942b6db7c6a2a3db347d7b1b761430037bf9e4136b5f31

SHA512
3465ae8f7c8bd36c3995311d03b3f853e5b63990f21079d90284c0f2980a43213ec7fddff046f5bb4ef654d66a3981a293e5289578703b9bac6de2601dcd399a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
48d5290e2893f61f3f50818476030c62

SHA1
379f6c7178f7bb807dfee41fbadbfda760f8697b

SHA256
ff70bc97f051eca8db6f463d0b2f00e38c332c0959fe8d144d5af4167dfd66f9

SHA512
6a76417d29c3d2fa75735dc0f6a06ca04f87ec0bc31423fe8ec138b38310333fa6e460096dd122596ddef37480e00c7c3ef8c82235f41f40ad3423c0938419ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
b4a6b5e3253457993eb863412061e8b5

SHA1
fed33dfeadfd61c2b4465f4c4b5f17bd598f60ef

SHA256
42a9b080edad0c52ecbba39b0d7e79c996b80a57769381a693d96d0a085e7375

SHA512
db8fa9412084cb9ee112d3c3a47b1b828a833bdde855d5f5a38319f4935c01d7c668e1d82c46a0d1352fe087961c9dfba552a078c50c0ef5a2e05008ba03f37a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b6396b77-1c9e-4395-b676-bb509c9560d7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d9c0024a61fd27b6401a589a4f9e5778

SHA1
c7f109426d703437a0dd722a28fa43ceb8789f11

SHA256
fbad02405f1ca49e1707ce469b4334753404466c60645bf250f531e827cb04ff

SHA512
74fea08b278630f79cc39e4a26c33b1c9a03745242bc7478b6320534bd5d0024adf1ed1c33c3d0c6a068de83464d3f0e39010f47459149cc87b0126db66e897e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
25cbe74b4cc75e565f4db4ddbec16fa2

SHA1
cec5553588a3dfb713c97428ae7ad5f67bab5cde

SHA256
1e52c42b4a0c93ed428c37f626cb96c080d8e8cc5cce6aeb59243155706f18f9

SHA512
c48b101a1ea3754d175f27f252c8c08a66fad8a81ff9a005c3f48a0eea2d704df3b1259f3082bc9e1c54ebc0e2a306f02199f2f9c89fd17198b0ccda74670ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
4a7cdb24b7699c1a5ab5be771867073d

SHA1
36028593c823cd334f366cdd60944c520560f174

SHA256
786f7d29b9d3134002ad67df5ca36f84f73268d7f967b92e76b4017c6b1a83d8

SHA512
6ae65eea82c79c3e7826a5a232cf18d7395d500a19c68b65e5c7bc35c12b0c2ba79ef68b4390a7d4b0dee2e2be6bccf9fb5e1ff964841d3cce68b06e59de15fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
5317fb4cb3c2a18c9b7757060a99f2a7

SHA1
f88f8dd33421c8641dc7b10b8d186d4dab313c91

SHA256
a0f0d4573657aee7b95eba7f7c2a458ab09e2adbf658c0339653d1c00d80a46b

SHA512
0dcf8dedc1a0c296eed3c5b79db3d229572292c9669c1c8446c8073ee50e4be7926a232da10b10f539e434f1ee8d334cb279daf0c38d351cb9c287b392f2ab68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
71e4ff35781ace8075439f164279d74e

SHA1
c9842c24e4ff7ee84db2267cd7be82499a6b97fb

SHA256
17db03fad18e7b127f2d0642a81ba939387e50802d625a88f4646267d6d32922

SHA512
b0562390851231996b8da511c8afad0c1c62b4fdac13adb3b8627ad006cecf615698ef9d1d9c9621b7e6de6f589bbcf48f5d1eb992d5dcd6e4323b2f913c8a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
d0b4630b2109e298af76773b673fe76a

SHA1
817e92914395de047fc99db0d7fc70b4420fefb2

SHA256
bf7c1fa2cd3d020b450c09e29d5f5715da589fef561efa755f1face9f4b7c4f9

SHA512
e070be68ba37b479d41b2bb112c20c79eb50788da28fdd88f0adb1eb27bba9946b26f9aa1b9eca7687c57d7b6d732655bb0642e8144b4ec6fa80d5667dd11f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
15c56977a2287b7092381145da1a2fc5

SHA1
37112afdba67eef4687f38914bff39cbdcdba782

SHA256
8523d5fdc57e8965258f1a65801e439d7216b331cb73c7bc61909e3da9367ac3

SHA512
24798b261f845401316ae93c9cd16694f855bcbc9fb84485e8333a9137b99dcfce1dd1e3fbb468af2224911e9bdba4d840a8f45f636b8a68df2d8fcaa0174ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
54e9cd26cacd1b08d00de4f9eebe2489

SHA1
e6d61c0e169540dff5b68d5135f8010bc93bf5e3

SHA256
98c2e3320e6f5d680e78113067481a507db4fe40efb6468cc9a0666d0c389bea

SHA512
7188dce7d4de548034da5810c82854bd3d0cb605bdb06816c838a30c3122f8c8c7d02a7d22aa2821ac8fdda910d9cb9e3f51bc4ebd3baa7adfa39d483c0cf9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d3266c7753df925962932aae74570f8

SHA1
cf94175f6b39e96cf99456f7ea3e913a607ade0d

SHA256
a259f9faaf262fc761aec53ee1861bf01d7932fac5245613002d94238ba0db23

SHA512
a506bfc75d903fae127b53cf6c52bb59373df4e91da593947833c8d9b7d0b09ccf258701505ecccb5f0ffb64fe6e7006081c1ea6b5bb7a327a36bfc1425c6522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
66abb690b59034485fded6b9495e7bbf

SHA1
482223c6d1d25d1ac28d7e3e2efa5dd1eb0a1032

SHA256
886f5064f4286107d3525f56521d8c969f7093af46382b1b6529575c30ffc2fc

SHA512
33a6eed5615d9a9833a3c7994ff7959dae5018e182880cabca5e5023d56e8d6fe78f1fd0666e3a54f1128a1fc7f68341d7cd6adcf0053c962713c23b67f058c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8936480bc06a57804111115b5d558a2a

SHA1
74eeeabd426075ee74556576cfc8b70c383c069f

SHA256
da782f9590de59e90f5d2f27c6a41b49e0790eba7026e38e15ec943dafe8af2f

SHA512
b2d50fa4495efb2135b505eea0af046afbfa58b9e3f932c0521e71df97550dd0d4ecde7e7019fc2b7f43814549568bd8fb8dce6909ffe0824919796ce2a50715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e25cd44ad550374eca1c1d654bf044f1

SHA1
37e4a5099be676ee72b4c387e91b262abbde76d0

SHA256
ca495d220ddd12322638af2f7cf2c7a69f5b402ba382a82aab1a2007bdc81623

SHA512
67482c734e6f94b4fbc7e5bc7167ebf7a3f94f647bfb30cfa28b21d01abd9397612fdd1fdedcf0af14eda11802a82579764a7d61f490c863bf126ec1083b0fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
065d001a0a842f90c055a2a3964ca9f2

SHA1
5297bd79dde7afd813b0cfb1b98df64415713027

SHA256
bba74031df8dee922f8a01efa0a9fe40f12471bd47aac1bd01b4780975a12522

SHA512
b8985e07207e13f4271969b85115e27a73fc8894b9b9384e609dc7feb9824d61315afe6e12974a65f8943a7a27510a81a38d81a38f7e7581e6fb893927e55230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9c832ac4fb48b40f84e7596c5d437f91

SHA1
e8c74f7df5cb7958ebd3464aab1fef5da6532280

SHA256
d95fcb0d2c197af85c873b845ab7347038f26041fa7ca5440829e21a7487887a

SHA512
aaac9f5a6b477ef06f3da42abd45c94235a14d94698786b1172e88545d640cede8ea9ecf9e82b3ad7f1171c350cb355c3f42937b9d51e56fe8af490137f2930c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d448.TMP

Filesize
538B

MD5
20e81300d7647847f7b436d3df7bd2ce

SHA1
2faea5d01b26b2b7b4c30cf4239f1ba27497e19f

SHA256
7a8abadcc42df7527699a91fe39295fca133edd0eae59a1c5ae6acc013f044a4

SHA512
8025d34bd197ee87407ac39bc3204b27e504829409b941b45bdee9b9320a13fa7a501931145692b2e2b9f721f26b662246bb93ef4c5a5521f5301c9404bd91fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
360de78bae1aa7070bb73182569aa050

SHA1
25154d79079081dd6454a8969108974f07b8d4c4

SHA256
73ebd7a4583506e8675573ec6708b2ea25b790f8d256fd60dd9fa528f27e95ad

SHA512
8f0bd7cff74fb13be0ea6418a5b3da6db9143751cac59ac1893dfd4e36841eb94ec47277fcb6ddcb098187ac9eb67f728d0d3d30f7d5054d51ff5a5055fb3863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f7a76b10-aab1-44e9-ac09-31f49beb6d4c.tmp

Filesize
10KB

MD5
ce534d63859039c4e549604069e034e6

SHA1
6c885b8adee1f0db228b5d8f9b1455f5861c8d19

SHA256
e6bf5ecc3832598e44e287d4529718c392b384cc76e22358b17c6031e2f4c135

SHA512
7e128c10ee1efce3410ccce93baf1622611c29df13db9da5e53cc3935ec423ce6a0180e8723075ec45ea63ac34371fb763bca90cb673393e05ea19d9b6d7d8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
a26df49623eff12a70a93f649776dab7

SHA1
efb53bd0df3ac34bd119adf8788127ad57e53803

SHA256
4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

SHA512
e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ab90e26f718006666c796e2a61aa1bd3

SHA1
fa442089c98e7f98385847cffb7be5734d2aaccc

SHA256
013bc7fff3a9aee164d1176ce9e60c27fa5b2d5d7f8d84f3d60fd03a4b0b1516

SHA512
d602de9be0d442dd94ed6435b1acae08a26b7fdf3769169f669a4c5ef69c8cfd8395e56c50f7046111c901e9f86c73cf08ba8c942146e9ae58ef98e1760c1f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9f7521bc176ca929d03cdd743f0f5955

SHA1
e8bd86b02f72151f653cb93aa7383e818093c398

SHA256
eebf614880e6bfa4893758ffe8773d412352cc2f4b7f0b9ed6d55f8405c61fb5

SHA512
262947431ca6955058978dab1121a85b17797d382a7dc9d35c049cff9e5f25908a69338e70d53650d3605fb990b603bdeaf249cd3f5988d3defe9939a7a4c4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
81fe0b7aaf139708d571723664a8b73e

SHA1
9f4a5f648a9588cbcca9efd1d148292fa56b284d

SHA256
08fdfe899b88bdd83cdc4b709995e79a2ccea1975e09576b3f5ca759e859a5c8

SHA512
ff3bcd707d035db0002f7424b3be7a6f23b6b4709e6a2651e00ee395a732a7b003e86443f8cb9f75b1c50e18b975d03ac944775166e1ea352e42cc928a45166c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e89c193840c8fb53fc3de104b1c4b092

SHA1
8b41b6a392780e48cc33e673cf4412080c42981e

SHA256
920b0533da0c372d9d48d36e09d752c369aec8f67c334e98940909bfcb6c0e6c

SHA512
865667a22e741c738c62582f0f06ea4559bb63a1f0410065c6fb3da80667582697aba2e233e91068c02d9ab4fb5db282a681fe8234f4c77a5309b689a37ac3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
54efceea0478f048e871bc1da03427e0

SHA1
1cc48c7e517df4043c928230dafbb018ab9b30bb

SHA256
04586b683709303039c003e374c053b4b86b6e375333e598948a440479becf5e

SHA512
724665400a3c3a9fce135bbc7ed0821dc91b29d80836636a68d05e4b8956d871585f92ea8a0d1cd103f1bbdf5ab31500f9d2fe6febf99c9cbd9142f7da8b764a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
11a4be5f9e5fdf4a714849b63ea2f086

SHA1
97ec6e61a365b04d572e100699c37ebbbda9c5d2

SHA256
7854010dfa1f008ac8f26493dfbbc378bafb67e4e3dc9d1a13ce408668f2fac4

SHA512
807ea1222e227985901057c3337d80b587174b3e8b9e50d4d8b4bd67ce500e3e891057f318b74c401196612dcb969862bb6edda2f938f573a54ac53ff88efea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
b98cf4ca327d4a7848b0799f796835ef

SHA1
f080fc252eea740cb720c769452fe099fc2480a6

SHA256
439a8a1aa5c09ab478a25226f008670a71b1d2215a8ba71317df380f56b72a3c

SHA512
44c76b5cf2116e7dcfb8adc0b2ef83c4cd5609a2cd9412717f6ba9d9585c6e33c18b64ba9e9efe085eaa8067805b5c48d9fd94651e06efa5e0be4d62f262fc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ff36240565e31228e0ac3db37fc65b2d

SHA1
0d807e0adfb392f8c3e024dafd45132d48e85a06

SHA256
b75e2944e2b3cbc2bfcc7bccfe94acc3d67e176badd6909733ba8d462bb4f0c5

SHA512
0eefe5759e74b873473b16f387deb0264f5ea4e8addc08129f12306c7d630e63310db5376f82cdf602cffac69e3dccea986053b5511061d3f1157a8451b98ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
5e501e76f0d3bd7ffa9f595092f83929

SHA1
a87c914797467e47a0a36b36c95b2e981c63c1a8

SHA256
a043892f055dc60639c8d0e9aee4de67284c259efa076e31ae59b2737d0a7344

SHA512
96ed28002d011103e1991f4ec87c6daf5d0ce9cf90588be98795e28d9f5972ee3e72d2482a2c3035cdfbfea735f8a37f2a7d025c48f820942b42176b008a70a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
18e48f314337577479eac9ee6474000b

SHA1
f5eeb23b2997ee11584d2763679b11d4127e8719

SHA256
3095cd32fbeb20bee77f813347308009b62990c0a025204d0159ca8b01cbc33a

SHA512
92b1dfaef72bc1839291a1e68703647b37f733ab85ffafec74a61e72fae292ed40cc4bdc05f046f012b242462ee477c2eb300a83ea5d3b9d4c9ca31f06866005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2f996b44e71bcf8e9d9bd5ef2a96a963

SHA1
61a10fcfb7bad1271f7132c7491982a916489af0

SHA256
78d612ffa268c2871faf8e656889f9ec6475890ff2763410dbf434a343ad9a0d

SHA512
84815d678a672aa99d4834fa4c0a42089bec36da593caabc337dc66180a8ebd0131e65fb68ba645d3d68e80a5e7808e0dcf5b0ff1cb2a46786d532b088b44515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
a316ebd4efa11d6b6daf6af0cc1aebce

SHA1
ab338dd719969c70590dbc039b90e2758c741762

SHA256
f7308f111e3910da5c34c4d06d78d692f44419f848f5bf886fd466d5a96ad014

SHA512
67a9b94b704222a1bbe02fa8780c6b9bd364c8581b693ca28c6a444fde160df216304426bacf6b01909b80540cf0add79669b7a88ca260a6fbc93c4742f36c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
102406b0a9fd64f67b953e5acf0e3315

SHA1
f732473b214e87aba5c361d9b8dfac133911924e

SHA256
9504bfd6f7fb5db168a210a72ea150b9125e38b44396ae4915931e81f14cf06c

SHA512
94240a0cd429009266dd14ca88bb7c6b10691dbb78e8814de86aaa112ea533f65fd01dc81ee21c184c52d77185d96964d66425e5e86749c60383dd5a520b0c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3a00ec25f0db3cac9a41584c93e59b38

SHA1
c4e4894ce8f10c46075897fda3998922447c6eb3

SHA256
7af342d80936aeb1d003c7b0d40a508519361d33f6a297a350adfac0dad66fc9

SHA512
f702e318cf18dd2eca7a032e1d550488e918b534210aa6e0d72a26c60d33405fb7f6ebd478500b85325eba14edad8d9b8a32163dce94f3317c9faba98c94db88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b610494cba200f3157d244b80405cf76

SHA1
feedb38f76e3870c6debf4b14cc1831e0e6214ce

SHA256
28fe44db2e33232d4ee4c743dd772a01f79413eeef83ef39b85dd95d3b9f4f1e

SHA512
8c1faf4704a7afe41261b8ef50d8c1ce2a67bfd00ad51a4caf7034e04e54f138294245a1ae47616e12a2005ce28a01d4ca89af6c2500425483c29fdee48207bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0475b0bab05e42145d46dc97457cbb51

SHA1
fe5098f9bf796bd8076fc1c0afa6cc68c83ab85c

SHA256
148bbf44f219c85ba9dc7afc6a9e5cefa05393ac95999bbcfdaea7dfb5652308

SHA512
37c80315e9be9e058a978e88db32ce45ad513ed05f552d43fa9c1f475281326dc71721c1dc5d94d10ff570cc36d83a808e36873bb3dae4f595a101c6e76bd67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fe9597d51694b753f34244f96b9aca9c

SHA1
24110f273127feaa55f18fcbcdcd88f346f9798b

SHA256
04072a7c51c11ad6b0d2ac69ad434eed6a763fd25a14d431bdaa06d5ce887327

SHA512
53f4a094a93173f7f62066ee66c4ffa1e5e083948c3dcdb3139f4085795d4d6141e0fe2f4e740adab31b0310818c2bd92bbd5052dc0792365c1bce6ed5276ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
217d9191dfd67252cef23229676c9eda

SHA1
80d940b01c28e3933b9d68b3e567adc2bac1289f

SHA256
e64811c3e57476bb644539824034cabe2cabcb88941122193e2af328f5eb2133

SHA512
86767aa3c0eec425b7c6dbfd70a4a334fb5b1227c05fb06fbb3845e7b6974008386276f441c8e66e2bf9b0ae0a76133c4e5602211788cd702eaeadd12c5ff757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9e9351615563aeb5751461d8a567e689

SHA1
656c0f61698f43e244c967f035dcf9a257326044

SHA256
421a3a6068a7a21782422c12153eed2d6b269b056c8e01ca7949c10232d456ce

SHA512
c733d21eef5fac739cf7083c6a3c1fd672281eafe63b2d3f98c9dafdcb4e4d8327d0def5aaa39cc95eb6a005fd8e8bc3bc12627d0ec76dfd32a7dcbbf107fb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
b4592495c2bbbac47e64292cc78b6b45

SHA1
4a8dfb8f2d3fbfb14bd67035d7dd22039601f186

SHA256
44d41ba84ea23885698016185c472cb1f1650c2bfb98fee085fb6dd033d0f517

SHA512
2c241c7793cdfd4c2a329ff0a373c2d505f9cd46e3a74617cc0e0a82b43be1e0428bf649a4ff8454851a43643c1ea419985a5f7f3be19137c011d7b16c518578

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\licenses\is-HN8O9.tmp

Filesize
179KB

MD5
575506a8774d119bc036fc34a0a3b08a

SHA1
87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf

SHA256
a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79

SHA512
39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-0AON6.tmp

Filesize
854B

MD5
5d483bc2a4edb9b663c253e975b0c404

SHA1
18c5a5d1fe7e1190f527e8a0cab5a6bbeea92b5d

SHA256
667450844c99658ea65acb29a73f60504a599cfa40138471e943ed3e5e5bdf41

SHA512
61d86762e9dca8e330e9a05bfef364a013d45878a353247a0fe656b132e74ee86cd1d562a541e5a7859418a48009565d12b8245a8cb336c01317005c23cc511a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-JU7G7.tmp

Filesize
631B

MD5
d6bd36f686fd435d25f2fc093c70d2ba

SHA1
9cd1dfde85276609358cf9b08865b801647d1bc5

SHA256
88c7bfe272ff8a305c79644131fceb45e09faa1b9cdabd196b4f50b477f0dd20

SHA512
eb758b22aaab89c125074251f1320a4a6a0404d45f8ad64d68aed354a03ca7c073b04b4d45c23fa8d01d90d627d422e74ad60c106f03f0e4a510fb7b60c2377a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-7F2IC.tmp

Filesize
1KB

MD5
7f571235285d97bbfd3df146c554c260

SHA1
aede5ad1228cf790788df06dd052f91e0d1b8391

SHA256
904dc4d8749877f1dba1cda48200d2462dccbeb7c134d5e4ef6fa75e0198c8fe

SHA512
f32e03ca8847c2f16226377644cfd561bed53fe608484a755dd39909265834918c25f8b600b735617fd15caeab41781176c5b17d0fedfa906a3df5b15eb3a922

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-A457K.tmp

Filesize
2KB

MD5
558a3afce83d0e53014d19717f654349

SHA1
0e8972dc842e81d5f3cf73a5d7c7bfda53fa5ab5

SHA256
dd0376320839eaab4124f03d94447b20e324d9eb19a7ec400dfbd01bc24bab47

SHA512
7a34a2edcf3a44525a304611ac0230b0b2ce0bfa19dd85d47c74a46e879f2ef21bcab647285c656164292f161454eed9d8239cb63fb16ca2348f11db5d3034ac

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\is-VR63O.tmp

Filesize
1KB

MD5
d4a904ca135bb7bc912156fee12726f0

SHA1
689ec0681815ecc32bee639c68e7740add7bd301

SHA256
c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383

SHA512
1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\fs-minipass\node_modules\yallist\is-0DG7R.tmp

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\is-docker\is-S0UOP.tmp

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\is-number\is-FN3V1.tmp

Filesize
1KB

MD5
0f64900f8f30e53054962c9f1fc3205b

SHA1
6210a5e4e9224b4fc8ef250fe227311daa2bc5ac

SHA256
35bdd8a44339719441900fb50fbefc5e2dca1ca662cbaed7a687de842c8b70f2

SHA512
72392bccd8964c88ec8aa3d815746a2b6a4466d9c7ca8f428d7d0f3e2bb11674ef494ca335c8b255eee5825c087a77bb45a5d60025f318b78a64e19beccd23c7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\socks-proxy-agent\is-J8Q27.tmp

Filesize
1KB

MD5
e0788eaca177f42808ee36bc32bb522f

SHA1
06000e5076e6e4b51294a87d836817a74c8af65c

SHA256
8d8c55319c7729d57be811c747452636688d54f19701ee0752b6b15ad3771d9a

SHA512
dc037410a930a54ee25a8fdaaa9bcd3c310b9abd81ffd2dc8a75205da44dbe7a1ad1d058d85271e73b7ec5ccf07ccd7109fc6ebbbfc2e2499695515f34392dea

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\tar\node_modules\yallist\is-4I8Q6.tmp

Filesize
207B

MD5
815f2c408219f81bfc71cf9e216480e0

SHA1
357867d11a5f3f9a52d44300e107ef4b8ceb9830

SHA256
d02451fa396de7f9ec93cc6fb3b07aaa7be637acb3409a9ddebd1c2de9279c1a

SHA512
81d1017d8a57daaf0be2d1d9c28295dfd1a1436aa79a96f0beef8afbccbc7e9ee554685d5cfa5a710b651a7d97a3f928a06a884d12d8ebd780db6c2ee8d7835b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\tar\node_modules\yallist\is-7CJB3.tmp

Filesize
8KB

MD5
f0730c76a34cefcb8ac8b20fdd3d1044

SHA1
2b9d967d60fadfc9f15b946dfea21e05b41eb6d3

SHA256
69a10f726d26f8d804a3deaeac89f0106ddfa03d576d13971002fffc8f0e8a56

SHA512
314e2e5eea8678119100acdab251fdb723040d562b34ff373debfdbdad7107399d33c61545d03190207e5c32e5bd85897d526c7582fb2ce4363ec49abf71bb36

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\tar\node_modules\yallist\is-9I58M.tmp

Filesize
652B

MD5
b15d27bf2cf04083fef9389ce68aa620

SHA1
d6a16b480cbd582f969b3d0ed89a157316268d10

SHA256
c56b604bce814520105739e9559142ea9d4417454ebb933fd5687ca1d8d89bd5

SHA512
bc85712c39269457748b985b9956a6a4c0742976e8e57da32e12f9e3b05c1fc3a916f56d83194376cecaa2b41e0e27cad3725a68e0793e891a0022710f51ced4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\tas-client-umd\is-GFPUC.tmp

Filesize
1KB

MD5
b98fddd052bb2f5ddbcdbd417ffb26a8

SHA1
03e1fe6fd0bc6d73c3cd3370d5f0a73c4fcb60d6

SHA256
27ebda9d51f0a56b7e281ccd8230a27236dcb51c05f64b07869ecf6e965d68b0

SHA512
7d79aae4c9beb85811a3e122a2b12aad231f519dd12a461ac49d52864a735a6b05a263d433c11ede1406d2e49b6dc62dd38487eb7bd8c079d7198a20cf85fc4d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\vscode-oniguruma\is-4H5VH.tmp

Filesize
2KB

MD5
5061208d6c3443a6e0d7d587a04b4fc3

SHA1
e1e38d82e592ca62732bc6d6fbdbea3e9cf25d28

SHA256
81ed58e26769508df9a2f761dad55b52c6c9de62fff06195b2702fcb7a97e883

SHA512
a27a1bd86fbbcf0d2baba12ff8857abfe08a73563a36493845f45c83d5ab3997a2d28ff61cc6f1a2a289cec90884e4cbbaf9e8405d060971531441acb7d77740

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\yazl\is-2A0OE.tmp

Filesize
1KB

MD5
e62df7ee79458f947161db54ea09ad4d

SHA1
05f44660099e9e996cc01c6b1c276dd4e9a10f5f

SHA256
b303783d5eb7ca50b853ffa5f145e4e7998fab339831d848f507ca6cd970577a

SHA512
8fe80ba23a121b3374d93e164bb80ed47759b39d5a863aa6df32ee294aa95d3d22a4a365636c7603375919e449ef8a1587e354a9d2c2fbf33dd01a33a6ae53bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d0xwty4f.s4z.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\temCA37.tmp

Filesize
582B

MD5
a8c5060b8c9a76af36b82c02fdfcb721

SHA1
7bc6aa6e908d9899a903d69248f07ae187d558b3

SHA256
121b2ab46bdcdefb382153132224f6b29a52b0dc2f7db650a89a7b91c90889c1

SHA512
8b749d1c6d56dfe33452b98fa60fbf28d4112eadd47a3b4470bdf5f6bc62a12180775fd6266d6feeb6a59a20ee357749279ec86c4b7223a226cb6568d1c65e1c

Download Submit
C:\Users\Admin\AppData\Roaming\Code\DawnGraphiteCache\index

Filesize
256KB

MD5
538f77cc5c852350a60507c3c644d4ce

SHA1
388212a237c8a3ac24aeb6ec28e5fd54a8c74d8a

SHA256
947c5d37bfa8c27fe4412ace07aaa5656849398cf7c0af601465b7737b2a0153

SHA512
5157ef2bd394f1cd463c61d035ae2edc60645104eb0b3966f322b66f3d22466e0de0c0e69c70badad1ded497a76c7253620e4177709a6e8aa38868b3a1569a63

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\state.vscdb.backup

Filesize
12KB

MD5
603a95df81315e24b91fa7233ef120b5

SHA1
6ddd7279d99586d54081e80fbfff9c4a9f0a1177

SHA256
a09c07a0bf78ee31e2ad6dd48ba177c89d31df91a829863fe3fbc19f8b2086af

SHA512
af37fd2176bf11f97b61370d65083abcced4008b587de663a2c53aafa91df63b2b0ebe1bf133e3de2fa24a1ccc5cca89f59126c628c6e00b2f494bfcc556ea3f

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
1KB

MD5
c03613cd3c14d896182a45ddb088c8f9

SHA1
0ba04e36c5ea7056ea3c6c31a0623f647fef35be

SHA256
f33c7d5933704f04540e413f9b8a1b899ba225ec314c231babf5e4f3c116afb6

SHA512
930697e92f5b367b27c46548b5c759ee4772e727e05e0eb2f50fc6275f9a6d0b5bff359a28f51e7b48959322085bd780d68e14a34637691d7ec277966fab9a34

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
687B

MD5
b1d67f347ed2e6c554622327eb735e91

SHA1
07bb5649ee4d5c9005955b01174d50f4bd76035b

SHA256
a1ce45ec7ef1112b3c8ab4c28d7a3e337803f9f7570ac4f6dc4ab9bbd8951c4e

SHA512
cb2c5dee2314b21cfda4ba225d2159741a07d107f205058b48c567e8d30dfff8c0ca77f2de768a313fc6d79415959dce2a8a248a7fb490ce801efb7404123d3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

Filesize
7KB

MD5
a215937c4d76d23181013df8c36b9a02

SHA1
e79b0591356136b0581401731f9209d9e17b2be4

SHA256
cd2c2ad94d0ab928b83892d963260f4e9ca6053e5a7411557c36fa47265ce122

SHA512
e02aad15a57fa42525c7c0098ab5ef2d05b937bdf84eefcc55936ad81f537034c71c000605f761f1771447150f9a8e63de9463d9e60c60da67f1fbd0f0b967cd

Download Submit
C:\Users\Admin\Downloads\Ui-Dropped.jar

Filesize
69KB

MD5
a8df94a5dae64eb14cd833b9c541c362

SHA1
4795789b8ca19541269fb0acbf16bd3626e375ea

SHA256
1bdf69cfadced6c07c2f7df57d5344efb1cde656f5e4a62017423faa6c961620

SHA512
822d43fa6165cfa92444c6b171b87e8460ae6be6e05f0ff19574a60eb0d9ae58e1188d2500444870b078818feaf63fcb7323496cc58dc13db6b4e907a6349209

Download Submit
C:\Windows\TEMP\temC94C.tmp

Filesize
206B

MD5
b13af738aa8be55154b2752979d76827

SHA1
64a5f927720af02a367c105c65c1f5da639b7a93

SHA256
663ef05eb1c17b68e752a2d1e2dcd0eaa024e4c2ec88a7bc99a59e0aeabdf79b

SHA512
cb774f2729ce6b5cda325417fbad93e952b447fa2e9285375c26eb0fbdb7f4f8b644b1007038caafd6d8ba4efb3cc8c5da307c14e12be3454103d52848a029a4

Download Submit
C:\Windows\Temp\MAS_0fe11537-5b40-4987-b9bd-1215373c9854.cmd

Filesize
426KB

MD5
d8c894d89b222d071dcdf8dd02fe7c90

SHA1
e3cd34eee752ebc8a83545fa3ede90bf00a3c28d

SHA256
caa25c1a482d34729df9928b32dcaad4d1a31edf26cbabc54fbc043670512778

SHA512
b5b3f3dcf9e8d5b036634580da7dd551678aa7c5461f7a0bfd0eefbdd0788acfbe6139f52e9a784f19b624d32368ea610068923c06435931b9370ff91f72a248

Download Submit
memory/1580-955-0x0000028A8EC60000-0x0000028A8EC70000-memory.dmp

Filesize
64KB

Download
memory/1580-954-0x0000028A8EC60000-0x0000028A8EC70000-memory.dmp

Filesize
64KB

Download
memory/1580-959-0x0000028A8EC60000-0x0000028A8EC70000-memory.dmp

Filesize
64KB

Download
memory/2148-1344-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/2148-1572-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/2148-5584-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/2148-5503-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3560-5675-0x00000123FC740000-0x00000123FC741000-memory.dmp

Filesize
4KB

Download
memory/3568-1364-0x0000000006960000-0x0000000006982000-memory.dmp

Filesize
136KB

Download
memory/3568-1346-0x00000000055B0000-0x0000000005BD8000-memory.dmp

Filesize
6.2MB

Download
memory/3568-1366-0x0000000008870000-0x0000000008EEA000-memory.dmp

Filesize
6.5MB

Download
memory/3568-1365-0x0000000007C40000-0x00000000081E4000-memory.dmp

Filesize
5.6MB

Download
memory/3568-1348-0x0000000005CE0000-0x0000000005D46000-memory.dmp

Filesize
408KB

Download
memory/3568-1349-0x0000000005D50000-0x0000000005DB6000-memory.dmp

Filesize
408KB

Download
memory/3568-1361-0x0000000006460000-0x00000000064AC000-memory.dmp

Filesize
304KB

Download
memory/3568-1359-0x0000000005E00000-0x0000000006154000-memory.dmp

Filesize
3.3MB

Download
memory/3568-1363-0x0000000006910000-0x000000000692A000-memory.dmp

Filesize
104KB

Download
memory/3568-1362-0x00000000075F0000-0x0000000007686000-memory.dmp

Filesize
600KB

Download
memory/3568-1345-0x0000000002A70000-0x0000000002AA6000-memory.dmp

Filesize
216KB

Download
memory/3568-1360-0x0000000006420000-0x000000000643E000-memory.dmp

Filesize
120KB

Download
memory/3568-1347-0x00000000053F0000-0x0000000005412000-memory.dmp

Filesize
136KB

Download
memory/4344-961-0x0000022BFFC60000-0x0000022BFFC70000-memory.dmp

Filesize
64KB

Download
memory/4344-952-0x0000022BFFC60000-0x0000022BFFC70000-memory.dmp

Filesize
64KB

Download
memory/4344-953-0x0000022BFFC60000-0x0000022BFFC70000-memory.dmp

Filesize
64KB

Download
memory/4848-5571-0x00007FFA049C0000-0x00007FFA049C1000-memory.dmp

Filesize
4KB

Download
memory/4848-5570-0x00007FFA04C70000-0x00007FFA04C71000-memory.dmp

Filesize
4KB

Download
memory/5000-1329-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5000-5587-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5000-1343-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5412-975-0x000001C072400000-0x000001C072410000-memory.dmp

Filesize
64KB

Download
memory/5412-971-0x000001C072400000-0x000001C072410000-memory.dmp

Filesize
64KB

Download
memory/5412-970-0x000001C072400000-0x000001C072410000-memory.dmp

Filesize
64KB

Download
memory/5412-5686-0x0000020F20D70000-0x0000020F20D71000-memory.dmp

Filesize
4KB

Download
memory/5436-827-0x000001B96A820000-0x000001B96AA2A000-memory.dmp

Filesize
2.0MB

Download
memory/5436-826-0x000001B96A490000-0x000001B96A606000-memory.dmp

Filesize
1.5MB

Download
memory/5764-725-0x00000227501F0000-0x00000227503B2000-memory.dmp

Filesize
1.8MB

Download
memory/5764-722-0x000002274FFA0000-0x0000022750016000-memory.dmp

Filesize
472KB

Download
memory/5764-721-0x000002274FED0000-0x000002274FF14000-memory.dmp

Filesize
272KB

Download
memory/5764-716-0x000002274FA10000-0x000002274FA32000-memory.dmp

Filesize
136KB

Download
memory/5872-977-0x0000012FCB270000-0x0000012FCB280000-memory.dmp

Filesize
64KB

Download
memory/5872-969-0x0000012FCB270000-0x0000012FCB280000-memory.dmp

Filesize
64KB

Download
memory/5872-968-0x0000012FCB270000-0x0000012FCB280000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request