294176c3aa9d41a274b8584579e117ac3946c5026a24aa5092c1dacc9ad80740

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2024, 05:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4ecac9b93f8ed8a59d098e3f7829859_JaffaCakes118.html
Size

72KB
MD5

b4ecac9b93f8ed8a59d098e3f7829859
SHA1

b9f2a8561f0b6392c0fa44483a3432855ef612ad
SHA256

294176c3aa9d41a274b8584579e117ac3946c5026a24aa5092c1dacc9ad80740
SHA512

a40984e78efc97d061565c3cbd0fdefd7cd57034930f4d06d4f31e14a9a8aa85487eed781cf9f936a7e67883d0bb5d28fbeb5d475240c908f4c82bb4a1feaeda
SSDEEP

1536:5dUOBzVvtibR6KY1UCP7b9wrVDZaMkvww26rSFtPY5R+qyJxtlci23:5dUOBq6b7byD02Eoqfik

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
4996	msedge.exe
4996	msedge.exe
4072	identity_helper.exe
4072	identity_helper.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 4236	4996	msedge.exe	82
PID 4996 wrote to memory of 4236	4996	msedge.exe	82
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2764	4996	msedge.exe	83
PID 4996 wrote to memory of 2820	4996	msedge.exe	84
PID 4996 wrote to memory of 2820	4996	msedge.exe	84
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85
PID 4996 wrote to memory of 3984	4996	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\b4ecac9b93f8ed8a59d098e3f7829859_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dfa46f8,0x7ffa6dfa4708,0x7ffa6dfa4718
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13762049616148912954,10367665340004302643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

s6.ucoz.net

Remote address:

8.8.8.8:53

Request

s6.ucoz.net

IN A

Response

s6.ucoz.net

IN A

193.109.246.6
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
GET

http://fonts.googleapis.com/css?family=PT+Sans+Narrow:400,700&subset=latin,cyrillic

msedge.exe

Remote address:

216.58.212.234:80

Request

GET /css?family=PT+Sans+Narrow:400,700&subset=latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 30 Nov 2024 05:09:59 GMT
Date: Sat, 30 Nov 2024 05:09:59 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Sat, 30 Nov 2024 05:09:59 GMT
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

https://www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru

msedge.exe

Remote address:

172.217.16.228:443

Request

GET /recaptcha/api.js?onload=reCallback&render=explicit&hl=ru HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www.kinopoisk.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

www.kinopoisk.ru

IN A

Response

www.kinopoisk.ru

IN A

213.180.199.9
GET

http://www.kinopoisk.ru/rating/501998.gif

msedge.exe

Remote address:

213.180.199.9:80

Request

GET /rating/501998.gif HTTP/1.1
Host: www.kinopoisk.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved permanently

Content-Length: 0
Location: https://www.kinopoisk.ru/rating/501998.gif
Set-Cookie: _yasc=GfsfMnLHG9zaIiSeeUx9rG/VaDdXOdhJ/4cDeuPLj8R4Yi7wMAqhPVCDl7Pm2vEB; domain=.kinopoisk.ru; path=/; expires=Tue, 28 Nov 2034 05:10:00 GMT; secure
Strict-Transport-Security: max-age=31536000
X-Request-Id: 1732943400155100-8997724753149887586
GET

https://www.kinopoisk.ru/rating/501998.gif

msedge.exe

Remote address:

213.180.199.9:443

Request

GET /rating/501998.gif HTTP/2.0
host: www.kinopoisk.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

234.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.212.58.216.in-addr.arpa

IN PTR

Response

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2341e100net

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f10�J

234.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f10�J
DNS

228.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.16.217.172.in-addr.arpa

IN PTR

Response

228.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f41e100net

228.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f4�H
DNS

227.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.16.217.172.in-addr.arpa

IN PTR

Response

227.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f31e100net

227.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f3�H
DNS

9.199.180.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.199.180.213.in-addr.arpa

IN PTR

Response

9.199.180.213.in-addr.arpa

IN PTR

kp-nginx-stable-balancerkpyandexnet
DNS

rating.kinopoisk.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

rating.kinopoisk.ru

IN A

Response

rating.kinopoisk.ru

IN CNAME

kp-nginx-stable-balancer.kp.yandex.net

kp-nginx-stable-balancer.kp.yandex.net

IN A

213.180.199.9
DNS

dr.yandex.net

msedge.exe

Remote address:

8.8.8.8:53

Request

dr.yandex.net

IN A

Response

dr.yandex.net

IN A

93.158.134.242
OPTIONS

https://dr.yandex.net/kinopoisk/nel

msedge.exe

Remote address:

93.158.134.242:443

Request

OPTIONS /kinopoisk/nel HTTP/1.1
Host: dr.yandex.net
Connection: keep-alive
Origin: https://www.kinopoisk.ru
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 Ok

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,OPTIONS,POST,HEAD
Access-Control-Allow-Origin: *
Content-Length: 0
Keep-Alive: timeout=600
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
POST

https://dr.yandex.net/kinopoisk/nel

msedge.exe

Remote address:

93.158.134.242:443

Request

POST /kinopoisk/nel HTTP/1.1
Host: dr.yandex.net
Connection: keep-alive
Content-Length: 1108
Content-Type: application/reports+json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 Ok

Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
DNS

242.134.158.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

242.134.158.93.in-addr.arpa

IN PTR

Response

242.134.158.93.in-addr.arpa

IN PTR

dryandexnet
DNS

s6.ucoz.net

Remote address:

8.8.8.8:53

Request

s6.ucoz.net

IN A

Response

s6.ucoz.net

IN A

193.109.246.6
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

sys000.ucoz.net

Remote address:

8.8.8.8:53

Request

sys000.ucoz.net

IN A

Response

sys000.ucoz.net

IN A

193.109.247.218
DNS

sys000.ucoz.net

Remote address:

8.8.8.8:53

Request

sys000.ucoz.net

IN A

Response

sys000.ucoz.net

IN A

193.109.247.218
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

planeta-kino.ucoz.net

Remote address:

8.8.8.8:53

Request

planeta-kino.ucoz.net

IN A

Response

planeta-kino.ucoz.net

IN A

193.109.246.6
DNS

planeta-kino.ucoz.net

Remote address:

8.8.8.8:53

Request

planeta-kino.ucoz.net

IN A

Response

planeta-kino.ucoz.net

IN A

193.109.246.6
DNS

vk.com

Remote address:

8.8.8.8:53

Request

vk.com

IN A

Response

vk.com

IN A

87.240.129.133

vk.com

IN A

87.240.132.72

vk.com

IN A

87.240.132.78

vk.com

IN A

93.186.225.194

vk.com

IN A

87.240.137.164

vk.com

IN A

87.240.132.67
DNS

vk.com

Remote address:

8.8.8.8:53

Request

vk.com

IN A

Response

vk.com

IN A

93.186.225.194

vk.com

IN A

87.240.132.78

vk.com

IN A

87.240.132.67

vk.com

IN A

87.240.137.164

vk.com

IN A

87.240.129.133

vk.com

IN A

87.240.132.72
DNS

counter.yadro.ru

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.201.198

counter.yadro.ru

IN A

88.212.202.52

counter.yadro.ru

IN A

88.212.201.204
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

172.217.169.46
DNS

serpens.nl

msedge.exe

Remote address:

8.8.8.8:53

Request

serpens.nl

IN A

Response

serpens.nl

IN A

199.59.243.227
GET

https://www.youtube.com/embed/JWMHad1qcyE?feature=player_embedded

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /embed/JWMHad1qcyE?feature=player_embedded HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/b46bb280/www-player.css

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /s/player/b46bb280/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/embed/JWMHad1qcyE?feature=player_embedded
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12

msedge.exe

Remote address:

199.59.243.227:80

Request

GET /serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12 HTTP/1.1
Host: serpens.nl
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sat, 30 Nov 2024 05:11:25 GMT
content-type: text/html; charset=utf-8
content-length: 1126
x-request-id: 976de548-bdec-476b-ad4b-eaf43d8cc0da
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_u81kykAxiD9AoKNwOWYzQ920w0jkKQiHo0r7GWLOCf6bsX96nsgXtMAr9ZQKnI75LX4ZLIPnxdFSgxJBqOEU+Q==
set-cookie: parking_session=976de548-bdec-476b-ad4b-eaf43d8cc0da; expires=Sat, 30 Nov 2024 05:26:26 GMT; path=/
GET

http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12

msedge.exe

Remote address:

199.59.243.227:80

Request

GET /serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12 HTTP/1.1
Host: serpens.nl
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sat, 30 Nov 2024 05:11:26 GMT
content-type: text/html; charset=utf-8
content-length: 1126
x-request-id: 0c3a6453-8c6f-4c58-8ba8-6ad093e7ca7b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_u81kykAxiD9AoKNwOWYzQ920w0jkKQiHo0r7GWLOCf6bsX96nsgXtMAr9ZQKnI75LX4ZLIPnxdFSgxJBqOEU+Q==
set-cookie: parking_session=0c3a6453-8c6f-4c58-8ba8-6ad093e7ca7b; expires=Sat, 30 Nov 2024 05:26:26 GMT; path=/
GET

http://serpens.nl/bfVQILVCg.js

msedge.exe

Remote address:

199.59.243.227:80

Request

GET /bfVQILVCg.js HTTP/1.1
Host: serpens.nl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sat, 30 Nov 2024 05:11:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 35064
x-request-id: 14715b47-a1c9-466c-885b-07c5b4827b2e
set-cookie: parking_session=14715b47-a1c9-466c-885b-07c5b4827b2e; expires=Sat, 30 Nov 2024 05:26:27 GMT; path=/
GET

http://serpens.nl/bIlsqvQlE.js

msedge.exe

Remote address:

199.59.243.227:80

Request

GET /bIlsqvQlE.js HTTP/1.1
Host: serpens.nl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sat, 30 Nov 2024 05:11:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 35064
x-request-id: d3c9e00b-b859-4e03-bfc7-bd5a353a86d5
set-cookie: parking_session=d3c9e00b-b859-4e03-bfc7-bd5a353a86d5; expires=Sat, 30 Nov 2024 05:26:27 GMT; path=/
POST

http://serpens.nl/_fd?season=12

msedge.exe

Remote address:

199.59.243.227:80

Request

POST /_fd?season=12 HTTP/1.1
Host: serpens.nl
Connection: keep-alive
Content-Length: 0
Accept: application/json
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/json
Origin: http://serpens.nl
Referer: http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sat, 30 Nov 2024 05:11:26 GMT
content-type: application/json; charset=utf-8
content-length: 5629
x-request-id: 0fa43ed0-a798-48c7-bdda-7a70797b9662
set-cookie: parking_session=0fa43ed0-a798-48c7-bdda-7a70797b9662; expires=Sat, 30 Nov 2024 05:26:27 GMT; path=/
DNS

share.pluso.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

share.pluso.ru

IN A

Response
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.169.22
POST

http://serpens.nl/_fd?season=12

msedge.exe

Remote address:

199.59.243.227:80

Request

POST /_fd?season=12 HTTP/1.1
Host: serpens.nl
Connection: keep-alive
Content-Length: 0
Accept: application/json
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: application/json
Origin: http://serpens.nl
Referer: http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Sat, 30 Nov 2024 05:11:27 GMT
content-type: application/json; charset=utf-8
content-length: 5629
x-request-id: 8d637a19-2d0b-440b-80a2-951211003ad6
set-cookie: parking_session=8d637a19-2d0b-440b-80a2-951211003ad6; expires=Sat, 30 Nov 2024 05:26:27 GMT; path=/
DNS

msedge.exe

Remote address:

199.59.243.227:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
DNS

www2.dnfs24.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www2.dnfs24.com

IN A

Response

www2.dnfs24.com

IN A

136.144.173.30
GET

https://www2.dnfs24.com/iframe/serpens.nl

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /iframe/serpens.nl HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://serpens.nl/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 30 Nov 2024 05:11:27 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IjBYblhnRzBScTZ3ZG8wN0JMaGxDMkE9PSIsInZhbHVlIjoiZWF2VjdIVGQvNitZczFYWVRoektWUXdOeDVoWVNCeWJ4Q0JkUVh2dXpSeG1hMDVPT0JVM0xPRUlrc0taSlB2bHdld3U3UUh4WTBaQ2hsTzB1cEhMemo2c1I1c2pqek5NaWtlKzMwdFBkOEo3Y253YVlFSVZYMzRXTmdPM0p0VkoiLCJtYWMiOiJjZTc4N2EwNzExOGRmYzdkM2RlMTViYmVmYWNjZjQxZWZmYzk4YTkzMWIzN2JkMTc1NGRhYWU2NTZlZWUzOGIwIiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; samesite=lax
set-cookie: dnfs_session=eyJpdiI6IjF3ZTYvR3RBNGszVC8vRnlyaXYxcmc9PSIsInZhbHVlIjoiRWRtdjQybkhhS1UyQ29FY3lyZDBkVHRCZGJNQ0hBczZsdVJBY1hzdWVxSlBmaW5xZmx6cmFWWVp5blBYS01ySjlYazBWMmd6bUhybHcrTjhqbFEyMk9pWmJvOU82QkNnVjdBY2swUVBJRlVyOXptY0FWVXo2cUUwZldJdHUxTkoiLCJtYWMiOiJmNDM5MTg3MGU2MTc0YmIxN2Q4Yjk2YWY2NDVlZTc2NzBiM2ExNmZiYjkyMzc5Y2I0NDUxY2QwNzhiYWVmMDc0IiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
GET

https://www2.dnfs24.com/iframe/serpens.nl

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /iframe/serpens.nl HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://serpens.nl/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 30 Nov 2024 05:11:27 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6ImdvUmYraEJURkJmQXdJTHhBdVExZFE9PSIsInZhbHVlIjoiQlZzc2REeEc5Z1AwZnFrTkltdkJHcEVKcmE5NENJZzFscjVHR2RoQlRvUDcwbHo5dElvNGVFbnc3dzIyK3BXeFJmTElVUEgrUU42SHFCVVpmSFVDY0JrWEFEQkFpNW4vUFg0SWF2TThML05KWU1ZUGRxeWNSbHJQWlkybVdjdVIiLCJtYWMiOiIzMTRmZjJjZDc2ZGQwYjQ3MTk1ZTg0NThjNWUxMDNkYTc2NGFkNWQ5NGEwMmU2NTczNDI4NjBkMzc5Y2FhMjhiIiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; samesite=lax
set-cookie: dnfs_session=eyJpdiI6IjhFWWpnT2p6TW9xTy9QMTBBU2NnTVE9PSIsInZhbHVlIjoibGtVNXJtU0ZJK0Vyc2hhWCtqUldFNXY5c3lldUE5RHBlNGhDV3BKU0puUkdjMkFGS3pYdVhxaUdLL3N1R0QrMWt6ZHJhcHBaZVI3eThObytNdm5xbHdXUFU4U3BNU0tEWVllNzBld2h6dEhtbEt0NFVSbFFLWm95ejdQdkRmQ3AiLCJtYWMiOiJmYWFmMTExNzk1NmMxMjFlMDU5OWExZjkwZGE2MmRlNGNmYmQyMTc5YWYxYjlkZDRkZDFmZjg3YTFhNzM4YTM2IiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
GET

https://www2.dnfs24.com/lang/de.png

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /lang/de.png HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sat, 30 Nov 2024 05:11:27 GMT
content-type: image/png
content-length: 111
last-modified: Mon, 07 Feb 2022 10:55:40 GMT
etag: "6200faac-6f"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
GET

https://www2.dnfs24.com/lang/en.png

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /lang/en.png HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sat, 30 Nov 2024 05:11:27 GMT
content-type: image/png
content-length: 210
last-modified: Mon, 07 Feb 2022 10:55:40 GMT
etag: "6200faac-d2"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
GET

https://www2.dnfs24.com/lang/fr.png

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /lang/fr.png HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sat, 30 Nov 2024 05:11:27 GMT
content-type: image/png
content-length: 116
last-modified: Mon, 07 Feb 2022 10:55:40 GMT
etag: "6200faac-74"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
GET

https://www2.dnfs24.com/lang/it.png

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /lang/it.png HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sat, 30 Nov 2024 05:11:27 GMT
content-type: image/png
content-length: 116
last-modified: Mon, 07 Feb 2022 10:55:40 GMT
etag: "6200faac-74"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
GET

https://www2.dnfs24.com/lang/nl.png

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /lang/nl.png HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sat, 30 Nov 2024 05:11:27 GMT
content-type: image/png
content-length: 121
last-modified: Mon, 07 Feb 2022 10:55:40 GMT
etag: "6200faac-79"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
GET

https://www2.dnfs24.com/stats/serpens.nl

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /stats/serpens.nl HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 30 Nov 2024 05:11:27 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IjJMRDdSMUNlZkg5eUJkMFFpUEhGY3c9PSIsInZhbHVlIjoiaXNLcXFncXRKSzZ2dC9MRk9zOWpZV3V1dko5cnZtWlVVaWx3UVRQc3hJa0J1VUVaeWtLQ200RmtseVJLenI3YjB4eUtuUnpuM0lHWTZTbjQxY2JQNzZ3SnFkNFZxMW5VNnU5dy9HRWtSNmdMNVhaZ3RqbEc2SnRjYmIySW5qQ2YiLCJtYWMiOiI3Yzk0ODQ2YTJiMWQyMmFiYzE1OWEyNGRiNmJiZjNlZDY4MjY4NDI0YWRiZWRmZjI2NTg2ODI0M2Y5NzY2ZDg2IiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; samesite=lax
set-cookie: dnfs_session=eyJpdiI6IjNWNDdRREF3blh5QlhXL3pUOHltamc9PSIsInZhbHVlIjoia1hXL3didk1CemVGVTBrcVRIYi9SYzJZMkR6WkNaSEpMS09va1hSaUdDOXFoUlRQRkQvOWRtMCs1REM5bCs2YUJDZzhXd00xU2hJUGRaMU5CY29PZ0tBY2c4WDFVVzZOeEZGcWhhRW5HdDduTERhSEZCYlFrTWxUMnF4QzUzZjUiLCJtYWMiOiIxM2FjOTBmZWM1MjAwY2RjOWE0YjU2ZjdiODg1Nzg3YzJlMWZhYTVjNDM3MTE4N2I0OGIzMjc1ZjQxNDZmYTA5IiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://www2.dnfs24.com/stats/serpens.nl

msedge.exe

Remote address:

136.144.173.30:443

Request

GET /stats/serpens.nl HTTP/2.0
host: www2.dnfs24.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www2.dnfs24.com/iframe/serpens.nl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 30 Nov 2024 05:11:27 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IlJtbXNLLzFrZjdSWm5mY2lZdExwa2c9PSIsInZhbHVlIjoiV1NGdytFTTJLT0lNczVRc0dWUW9pQm4vQ3luRVNHOW1tMHZ5cWY0TUlpVXFQeGcySmNPVXY5WjdmQXVwR05RYWhGeDZzRkZXR0xPS0YxbmNjNlJnWVV0N0Iza2RMa2ZCcTh4MG5tK1pMbXRIaS9zY05jL1BYaElQZkMxS21TTS8iLCJtYWMiOiIzNTMzZGVjOWM3NWJmM2FkNmMwNjIzYzUyZDk4MDcwYWJjOWUyMjQ5ZGU0NDljZTBjNmI1ZWJlYjRjNDFhNGFlIiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; samesite=lax
set-cookie: dnfs_session=eyJpdiI6Ii9Sa1ZheWNrQXVHaFFkL0REZEtzZUE9PSIsInZhbHVlIjoiZDgvSVhETlVuMUhpWXg3NGp4QURYd0x6cjNvV3FrNS8rbE43QjlqcXpPZk5OVzhiazBmeXdjdmVEQlV4NzFUcCt2cE5aaHdJcDJ5OU41NWFtdDMzRjY0NUh0RTRVeFVBZSsyVXlWRW1XWmoxbEZjM01qb3lnMkUwSFlwYW9LZDMiLCJtYWMiOiIxNDNjYmEzMGY4ZDQ0NjRmNWM1NDliYTQwOTIwYmM0MDYwMmZmZjM1ZTFmNWJiNmZkMDQ5MWRhN2EyNTFjNGU3IiwidGFnIjoiIn0%3D; expires=Sat, 30 Nov 2024 07:11:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
DNS

syndicatedsearch.goog

msedge.exe

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

216.58.201.110
GET

https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r3&nocache=4161732943486539&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486541&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r3&nocache=4161732943486539&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486541&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://serpens.nl/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717108%2C49280903%2C72771953&format=r3&nocache=7021732943486577&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486577&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717108%2C49280903%2C72771953&format=r3&nocache=7021732943486577&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486577&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://serpens.nl/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

14.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

227.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.243.59.199.in-addr.arpa

IN PTR

Response
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

214.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

214.212.58.216.in-addr.arpa

IN PTR

Response

214.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f221e100net

214.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f214�I

214.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f22�I
DNS

30.173.144.136.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.173.144.136.in-addr.arpa

IN PTR

Response

30.173.144.136.in-addr.arpa

IN PTR

www2dovendicom
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.179.226
GET

https://googleads.g.doubleclick.net/pagead/id

msedge.exe

Remote address:

142.250.179.226:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.178.6
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.178.6
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

142.250.178.10
GET

https://static.doubleclick.net/instream/ad_status.js

msedge.exe

Remote address:

142.250.178.6:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.212.202:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

226.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.179.250.142.in-addr.arpa

IN PTR

Response

226.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f21e100net
DNS

202.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.212.58.216.in-addr.arpa

IN PTR

Response

202.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f101e100net

202.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f202�I

202.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f10�I
DNS

6.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.178.250.142.in-addr.arpa

IN PTR

Response

6.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f61e100net
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

counter.yadro.ru

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.202.52

counter.yadro.ru

IN A

88.212.201.198

counter.yadro.ru

IN A

88.212.201.204
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response

216.58.212.234:80

http://fonts.googleapis.com/css?family=PT+Sans+Narrow:400,700&subset=latin,cyrillic

http

msedge.exe

693 B
1.6kB
7
7

HTTP Request

GET http://fonts.googleapis.com/css?family=PT+Sans+Narrow:400,700&subset=latin,cyrillic

HTTP Response

200
193.109.246.6:445

s6.ucoz.net

260 B
5
172.217.16.228:443

https://www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru

tls, http2

msedge.exe

1.9kB
7.7kB
17
21

HTTP Request

GET https://www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
172.217.16.227:80

fonts.gstatic.com

msedge.exe

236 B
144 B
5
3
213.180.199.9:80

http://www.kinopoisk.ru/rating/501998.gif

http

msedge.exe

686 B
653 B
7
6

HTTP Request

GET http://www.kinopoisk.ru/rating/501998.gif

HTTP Response

301
213.180.199.9:443

https://www.kinopoisk.ru/rating/501998.gif

tls, http2

msedge.exe

2.7kB
22.1kB
22
28

HTTP Request

GET https://www.kinopoisk.ru/rating/501998.gif
93.158.134.242:443

https://dr.yandex.net/kinopoisk/nel

tls, http

msedge.exe

3.1kB
5.7kB
13
14

HTTP Request

OPTIONS https://dr.yandex.net/kinopoisk/nel

HTTP Response

200

HTTP Request

POST https://dr.yandex.net/kinopoisk/nel

HTTP Response

200
193.109.247.218:445

sys000.ucoz.net

260 B
5
193.109.246.6:445

planeta-kino.ucoz.net

260 B
5
193.109.246.6:139

planeta-kino.ucoz.net

260 B
5
87.240.129.133:445

vk.com

260 B
5
87.240.132.72:445

vk.com

260 B
5
87.240.132.78:445

vk.com

260 B
5
93.186.225.194:445

vk.com

260 B
5
87.240.137.164:445

vk.com

260 B
5
87.240.132.67:445

vk.com

260 B
5
88.212.201.198:445

counter.yadro.ru

260 B
200 B
5
5
142.250.180.14:443

https://www.youtube.com/s/player/b46bb280/www-player.css

tls, http2

msedge.exe

3.7kB
104.9kB
50
87

HTTP Request

GET https://www.youtube.com/embed/JWMHad1qcyE?feature=player_embedded

HTTP Request

GET https://www.youtube.com/s/player/b46bb280/www-player.css
199.59.243.227:80

http://serpens.nl/_fd?season=12

http

msedge.exe

4.3kB
84.0kB
44
72

HTTP Request

GET http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12

HTTP Response

200

HTTP Request

GET http://serpens.nl/serial/bd1f50a721eedfbd0a8bb8c6049a6d87/iframe?season=12

HTTP Response

200

HTTP Request

GET http://serpens.nl/bfVQILVCg.js

HTTP Response

200

HTTP Request

GET http://serpens.nl/bIlsqvQlE.js

HTTP Response

200

HTTP Request

POST http://serpens.nl/_fd?season=12

HTTP Response

200
216.58.212.214:443

i.ytimg.com

tls, http2

msedge.exe

953 B
6.0kB
8
8
199.59.243.227:80

http://serpens.nl/_fd?season=12

http

msedge.exe

855 B
6.8kB
8
10

HTTP Request

POST http://serpens.nl/_fd?season=12

HTTP Response

200
199.59.243.227:80

serpens.nl

http

msedge.exe

236 B
445 B
5
5

HTTP Response

408
136.144.173.30:443

https://www2.dnfs24.com/stats/serpens.nl

tls, http2

msedge.exe

3.0kB
11.4kB
27
27

HTTP Request

GET https://www2.dnfs24.com/iframe/serpens.nl

HTTP Response

200

HTTP Request

GET https://www2.dnfs24.com/iframe/serpens.nl

HTTP Request

GET https://www2.dnfs24.com/lang/de.png

HTTP Request

GET https://www2.dnfs24.com/lang/en.png

HTTP Request

GET https://www2.dnfs24.com/lang/fr.png

HTTP Request

GET https://www2.dnfs24.com/lang/it.png

HTTP Request

GET https://www2.dnfs24.com/lang/nl.png

HTTP Request

GET https://www2.dnfs24.com/stats/serpens.nl

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www2.dnfs24.com/stats/serpens.nl

HTTP Response

200
216.58.201.110:443

https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717108%2C49280903%2C72771953&format=r3&nocache=7021732943486577&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486577&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F

tls, http2

msedge.exe

3.3kB
12.2kB
18
22

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r3&nocache=4161732943486539&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486541&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol420%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&sc_status=0&hl=en&ivt=0&rpbu=http%3A%2F%2Fserpens.nl%2F%3Fcaf%3D1%26bpt%3D345%26season%3D12&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2888950977399418&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717108%2C49280903%2C72771953&format=r3&nocache=7021732943486577&num=0&output=afd_ads&domain_name=serpens.nl&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1732943486577&u_w=1280&u_h=720&biw=-12245933&bih=-12245933&isw=650&ish=350&psw=650&psh=315&frm=2&uio=-&cont=rs&drt=0&jsid=caf&jsv=697661440&rurl=http%3A%2F%2Fserpens.nl%2Fserial%2Fbd1f50a721eedfbd0a8bb8c6049a6d87%2Fiframe%3Fseason%3D12&lao=file%3A%2F%2F
216.58.201.110:443

syndicatedsearch.goog

msedge.exe

98 B
52 B
2
1
88.212.202.52:445

counter.yadro.ru

260 B
200 B
5
5
88.212.201.204:445

counter.yadro.ru

260 B
200 B
5
5
142.250.179.226:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

msedge.exe

1.7kB
6.7kB
13
15

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
142.250.178.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

msedge.exe

1.7kB
6.6kB
13
13

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
216.58.212.202:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

1.8kB
6.7kB
14
15

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.187.206:443

play.google.com

tls, http2

msedge.exe

989 B
7.6kB
9
9
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.9kB
8.5kB
16
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

s6.ucoz.net

dns

57 B
73 B
1
1

DNS Request

s6.ucoz.net

DNS Response

193.109.246.6
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

www.kinopoisk.ru

dns

msedge.exe

62 B
78 B
1
1

DNS Request

www.kinopoisk.ru

DNS Response

213.180.199.9
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

234.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

234.212.58.216.in-addr.arpa
8.8.8.8:53

228.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

228.16.217.172.in-addr.arpa
8.8.8.8:53

227.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

227.16.217.172.in-addr.arpa
8.8.8.8:53

9.199.180.213.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

9.199.180.213.in-addr.arpa
8.8.8.8:53

rating.kinopoisk.ru

dns

msedge.exe

65 B
133 B
1
1

DNS Request

rating.kinopoisk.ru

DNS Response

213.180.199.9
8.8.8.8:53

dr.yandex.net

dns

msedge.exe

59 B
75 B
1
1

DNS Request

dr.yandex.net

DNS Response

93.158.134.242
8.8.8.8:53

242.134.158.93.in-addr.arpa

dns

73 B
100 B
1
1

DNS Request

242.134.158.93.in-addr.arpa
8.8.8.8:53

s6.ucoz.net

dns

57 B
73 B
1
1

DNS Request

s6.ucoz.net

DNS Response

193.109.246.6
224.0.0.251:5353

msedge.exe

586 B
9
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

sys000.ucoz.net

dns

61 B
77 B
1
1

DNS Request

sys000.ucoz.net

DNS Response

193.109.247.218
8.8.8.8:53

sys000.ucoz.net

dns

61 B
77 B
1
1

DNS Request

sys000.ucoz.net

DNS Response

193.109.247.218
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

planeta-kino.ucoz.net

dns

67 B
83 B
1
1

DNS Request

planeta-kino.ucoz.net

DNS Response

193.109.246.6
8.8.8.8:53

planeta-kino.ucoz.net

dns

67 B
83 B
1
1

DNS Request

planeta-kino.ucoz.net

DNS Response

193.109.246.6
8.8.8.8:53

vk.com

dns

52 B
148 B
1
1

DNS Request

vk.com

DNS Response

87.240.129.133

87.240.132.72

87.240.132.78

93.186.225.194

87.240.137.164

87.240.132.67
8.8.8.8:53

vk.com

dns

52 B
148 B
1
1

DNS Request

vk.com

DNS Response

93.186.225.194

87.240.132.78

87.240.132.67

87.240.137.164

87.240.129.133

87.240.132.72
8.8.8.8:53

counter.yadro.ru

dns

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.201.198

88.212.202.52

88.212.201.204
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
351 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.180.14

172.217.169.78

142.250.200.46

142.250.187.206

142.250.187.238

142.250.178.14

216.58.212.206

216.58.201.110

142.250.179.238

216.58.212.238

216.58.204.78

172.217.169.14

172.217.16.238

216.58.213.14

142.250.200.14

172.217.169.46
8.8.8.8:53

serpens.nl

dns

msedge.exe

56 B
72 B
1
1

DNS Request

serpens.nl

DNS Response

199.59.243.227
172.217.16.228:443

www.google.com

https

msedge.exe

8.3kB
87.1kB
45
74
8.8.8.8:53

share.pluso.ru

dns

msedge.exe

60 B
124 B
1
1

DNS Request

share.pluso.ru
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
297 B
1
1

DNS Request

i.ytimg.com

DNS Response

216.58.212.214

142.250.200.22

142.250.187.214

216.58.213.22

142.250.200.54

142.250.178.22

216.58.212.246

216.58.201.118

142.250.180.22

142.250.179.246

142.250.187.246

216.58.204.86

172.217.16.246

172.217.169.86

172.217.169.22
142.250.180.14:443

www.youtube.com

https

msedge.exe

22.8kB
792.5kB
120
591
8.8.8.8:53

www2.dnfs24.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

www2.dnfs24.com

DNS Response

136.144.173.30
8.8.8.8:53

syndicatedsearch.goog

dns

msedge.exe

67 B
83 B
1
1

DNS Request

syndicatedsearch.goog

DNS Response

216.58.201.110
8.8.8.8:53

14.180.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.180.250.142.in-addr.arpa
8.8.8.8:53

227.243.59.199.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

227.243.59.199.in-addr.arpa
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.178.250.142.in-addr.arpa
8.8.8.8:53

214.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

214.212.58.216.in-addr.arpa
8.8.8.8:53

30.173.144.136.in-addr.arpa

dns

73 B
103 B
1
1

DNS Request

30.173.144.136.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
172.217.16.228:443

www.google.com

https

msedge.exe

9.3kB
76.6kB
46
75
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.179.226
8.8.8.8:53

static.doubleclick.net

dns

msedge.exe

136 B
168 B
2
2

DNS Request

static.doubleclick.net

DNS Request

static.doubleclick.net

DNS Response

142.250.178.6

DNS Response

142.250.178.6
142.250.179.226:443

googleads.g.doubleclick.net

https

msedge.exe

3.6kB
7.4kB
8
10
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
291 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.212.202

216.58.201.106

142.250.179.234

142.250.200.42

172.217.169.74

172.217.169.10

172.217.16.234

142.250.180.10

142.250.187.202

142.250.200.10

216.58.204.74

142.250.187.234

216.58.213.10

142.250.178.10
216.58.212.202:443

jnn-pa.googleapis.com

https

msedge.exe

6.1kB
53.3kB
29
48
8.8.8.8:53

226.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.179.250.142.in-addr.arpa
8.8.8.8:53

202.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

202.212.58.216.in-addr.arpa
8.8.8.8:53

6.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

6.178.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

122 B
154 B
2
2

DNS Request

play.google.com

DNS Request

play.google.com

DNS Response

142.250.187.206

DNS Response

142.250.187.206
142.250.187.206:443

play.google.com

https

msedge.exe

5.7kB
7.7kB
12
14
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
8.8.8.8:53

counter.yadro.ru

dns

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.202.52

88.212.201.198

88.212.201.204
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
142.250.187.206:443

play.google.com

https

msedge.exe

4.7kB
3.1kB
9
9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9a74a9e86c690d319daa3f575155ca99

SHA1
4e56e1e4bfbd7d867f4c19a24cdca4610ab9af2b

SHA256
c07873cb25b5ba641198e0f0e798b4496b853ea8481d00306b9f1f9e6cf07682

SHA512
92806482473a1baeb5b131c31228b61714bc2028d98d85f6544cd43b89ece874f3bdda190a8851575c10bf51a3302b9895e4afc58776b9e78ac5e95eda7fd2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
377B

MD5
8f9cdfedc927db4704d8065582bd5831

SHA1
14d8702db61b768b3ade92abb2d744e64f71b7ab

SHA256
51eed2c7c7a2f4257b6e42bbae64dfe8a6c6b9e95eb124d85b7d14144e05fbf5

SHA512
f0be4b9c2c4f6b83692a39685c21c26d05e7bd366befedf20595afd45cc9098ef16c03a89b1a53ad0a424c92e32a563ce4ccf1808474fa4381f9934e17b3d1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e194369e76f6345cc5dc1795203705d

SHA1
e4e551354c8cc7b31984fcb161fae7010bcee3c7

SHA256
aa5d7aa556178f3db0e1db1ed74aa081e4ed07b262e3365207067cadd45bba97

SHA512
ae3781e3a29410772d829f7286dafa77242f29375dcfd88b0ff744df82e792251d6bc1cfae39d1a2648e53f0b60566f26b460198dc3fe3f7efe0455ce83179a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e1937858259d9800d063ba42afe4a61

SHA1
2b19ddb77933a2e80ae34a41b65e87c643e90d1f

SHA256
5436f9fda051563f2ed4dd11111fca3e41bd0c8118487a0c0339a806dca15109

SHA512
cdf0a6ecf2da033d675fe92727ad6093e67f40947a28f027b784e9baf100d73ab9b13b376a0643d415f89fec9c777b878fb5bf85189fe4403689600d3413c425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5eea396ea66a078d32f6a09a6790d9c3

SHA1
82d6b4a29456ad23100c68e7f0e987742f52795a

SHA256
cd0869d67e43e0d80a217c73708a9a41a979eef57589209a500b1c87499af1fb

SHA512
4b71965402539d546e488f594c47fa4e44c687b0dc6dfb0eed6f3aaca7d990d55a33f176e2431d4d5952dc6bf7e33a637c986f96221ecf0ffbf1093b0fcd348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
609d391ab7497bcdcfd04a5d24edc9f3

SHA1
57b1f4eed3ff3fa14e87e9993c014ad0983d30e3

SHA256
0e4e79096cd1b62336a18aa582f9bfc012ed22c1ab2efbfb3a45cf1be8087da2

SHA512
6057a0b62cc244304cce9c7facb030e1d1dd022fa68acb3f6a9be2439a02728b7fd6b45343ed003044fce0c43e35425c979a102b5789a624b493e42b605640e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59578c.TMP

Filesize
372B

MD5
7d298fe3a77b5a6773c4d7ed8df88ea7

SHA1
0dd7b0fa218b887749fde0bb859703f17e097fb9

SHA256
4607c753818925188fd7a4ef48b215015ae27149a9e703eaeb19659e9d6195fd

SHA512
1ac00045b1298ddc587e1d042d1e365e2c5ce6153a3ccf23454f05e56020643738c8ef6c79080088d59dc0084f157c8861e4245c1af00b4a9b1e101e0a0a244e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
317be461b9e201367c5ecf710ffbd3b5

SHA1
c33895f752f773b7d61b641cdf4995b529db57f2

SHA256
2248c592bb8d5484567eb80a7fc7ce2659efb261a4fd8b82339ed6877df1f496

SHA512
86a8cf25d43e46af33cb01f942a2a19c24a9db923df8757526322c50a2b232866d8f57a0720cb751d6f03582ccd3581d222bed5a50785ec31b25dc108b884ea1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request