lumma | hxxps://github[.]com/bafym21/Seliware-Executor/releases/download/Download/script[.]zip

Analysis

max time kernel
37s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2025, 13:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 560 set thread context of 2124	560	Script.exe	118
PID 2600 set thread context of 2764	2600	Script.exe	125
PID 388 set thread context of 4540	388	Script.exe	131
PID 3448 set thread context of 4356	3448	Script.exe	138
PID 4880 set thread context of 1012	4880	Script.exe	144
PID 1184 set thread context of 1716	1184	Script.exe	149
PID 4612 set thread context of 3696	4612	Script.exe	154

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 7 IoCs

pid	pid_target	Process	procid_target
264	560	WerFault.exe	114
4692	2600	WerFault.exe	123
4464	388	WerFault.exe	129
4500	3448	WerFault.exe	135
4776	4880	WerFault.exe	142
1816	1184	WerFault.exe	147
4776	4612	WerFault.exe	152

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Script.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805561029986671"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 4848	4872	chrome.exe	83
PID 4872 wrote to memory of 4848	4872	chrome.exe	83
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 4380	4872	chrome.exe	84
PID 4872 wrote to memory of 5080	4872	chrome.exe	85
PID 4872 wrote to memory of 5080	4872	chrome.exe	85
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86
PID 4872 wrote to memory of 844	4872	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffd576ecc40,0x7ffd576ecc4c,0x7ffd576ecc58
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4344,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5424,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5580,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5416,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:568

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2284

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:560
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2124
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 796
  2⤵
  - Program crash
  PID:264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 560 -ip 560
1⤵
PID:4284

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2600
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 784
  2⤵
  - Program crash
  PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2600 -ip 2600
1⤵
PID:2852

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:388
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 764
  2⤵
  - Program crash
  PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 388 -ip 388
1⤵
PID:4500

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3448
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  PID:3696
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 772
  2⤵
  - Program crash
  PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3448 -ip 3448
1⤵
PID:3464

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4880
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 780
  2⤵
  - Program crash
  PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4880 -ip 4880
1⤵
PID:4328

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1184
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 156
  2⤵
  - Program crash
  PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1184 -ip 1184
1⤵
PID:1148

C:\Users\Admin\Downloads\script\Script.exe
"C:\Users\Admin\Downloads\script\Script.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4612
- C:\Users\Admin\Downloads\script\Script.exe
  "C:\Users\Admin\Downloads\script\Script.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 156
  2⤵
  - Program crash
  PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4612 -ip 4612
1⤵
PID:4388

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

github.com

chrome.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip

chrome.exe

Remote address:

20.26.156.215:443

Request

GET /bafym21/Seliware-Executor/releases/download/Download/script.zip HTTP/2.0
host: github.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: GitHub.com
date: Sun, 05 Jan 2025 13:08:23 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/912393462/a1fc45f9-1170-4fea-94f7-e6f5c39717de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250105T130823Z&X-Amz-Expires=300&X-Amz-Signature=d6e7b9a2432fe067131ef6a3650237e70d2d5edfb4e959747cce114c4ffb28b8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dscript.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: C465:C583:5E3EB3D:75354D0:677A8447
DNS

objects.githubusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.111.133
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/912393462/a1fc45f9-1170-4fea-94f7-e6f5c39717de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250105T130823Z&X-Amz-Expires=300&X-Amz-Signature=d6e7b9a2432fe067131ef6a3650237e70d2d5edfb4e959747cce114c4ffb28b8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dscript.zip&response-content-type=application%2Foctet-stream

chrome.exe

Remote address:

185.199.108.133:443

Request

GET /github-production-release-asset-2e65be/912393462/a1fc45f9-1170-4fea-94f7-e6f5c39717de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250105T130823Z&X-Amz-Expires=300&X-Amz-Signature=d6e7b9a2432fe067131ef6a3650237e70d2d5edfb4e959747cce114c4ffb28b8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dscript.zip&response-content-type=application%2Foctet-stream HTTP/2.0
host: objects.githubusercontent.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/octet-stream
last-modified: Sun, 05 Jan 2025 13:05:05 GMT
etag: "0x8DD2D8992D2DB44"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bf4cbfca-101e-0054-6572-5fae02000000
x-ms-version: 2024-11-04
x-ms-creation-time: Sun, 05 Jan 2025 13:05:05 GMT
x-ms-blob-content-md5: qPGNBe40mWLi9sTsEsMa3A==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=script.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 0
date: Sun, 05 Jan 2025 13:08:23 GMT
x-served-by: cache-iad-kcgs7200145-IAD, cache-lcy-eglc8600026-LCY
x-cache: HIT, MISS
x-cache-hits: 2, 0
x-timer: S1736082503.324713,VS0,VE75
content-length: 5694190
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

136.11.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.11.19.2.in-addr.arpa

IN PTR

Response

136.11.19.2.in-addr.arpa

IN PTR

a2-19-11-136deploystaticakamaitechnologiescom
DNS

133.108.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.108.199.185.in-addr.arpa

IN PTR

Response

133.108.199.185.in-addr.arpa

IN PTR

cdn-185-199-108-133githubcom
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMuI6rsGIjDfHcxjUvYywn-iUbTv3ekdl5bGF8OYfT9lNuNgwwZoUEbypf52eT1AHQYPL8kbqZAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMuI6rsGIjDfHcxjUvYywn-iUbTv3ekdl5bGF8OYfT9lNuNgwwZoUEbypf52eT1AHQYPL8kbqZAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGMuI6rsGIjBVxY1zIwg5SEIp95B0OVMSUbgjBao-W0fo7RLeT2jteh-7RfW05m22M5r_I83LxTUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGMuI6rsGIjBVxY1zIwg5SEIp95B0OVMSUbgjBao-W0fo7RLeT2jteh-7RfW05m22M5r_I83LxTUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

chrome.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

chrome.google.com

IN A

Response

chrome.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
GET

https://chrome.google.com/webstore?hl=en

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /webstore?hl=en HTTP/2.0
host: chrome.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CPjuygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=nY6-NGaGbVs8_8TwKc3zhv7KWBfjSM9B4BfkLQYTEd9zIzidUW2oxGngfjQhQx5gprhPJsmeDakfvJSvaozuq4QxKI5K0WK32Ym3wjd0AaLEPLIO1DH6kEtmdDVXvv_99h2Y4C1pAIPWqN_uot4zRBhun4OjisIs7pS4R6n1Lpv2xFXYnkWFe50wt5rO-FglAg
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPjuygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=nY6-NGaGbVs8_8TwKc3zhv7KWBfjSM9B4BfkLQYTEd9zIzidUW2oxGngfjQhQx5gprhPJsmeDakfvJSvaozuq4QxKI5K0WK32Ym3wjd0AaLEPLIO1DH6kEtmdDVXvv_99h2Y4C1pAIPWqN_uot4zRBhun4OjisIs7pS4R6n1Lpv2xFXYnkWFe50wt5rO-FglAg
cookie: NID=520=FvsgnQ6sR2PFlgZkoUCmh8wDfDgVqFWGWhxGprqANB2KmtTgeHHrXg9AsDiEWnzcHmBHfKtGlULWkGVIjth2Igt90dp6CLOHIrC0-zVdzvYRLMHkQ9LvpdHlNBMUFrExuy4Q_KQokwHTrk5aEV-UHgtjeWsR1-5egvygwC3cxFN-DOM
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_1

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPjuygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=nY6-NGaGbVs8_8TwKc3zhv7KWBfjSM9B4BfkLQYTEd9zIzidUW2oxGngfjQhQx5gprhPJsmeDakfvJSvaozuq4QxKI5K0WK32Ym3wjd0AaLEPLIO1DH6kEtmdDVXvv_99h2Y4C1pAIPWqN_uot4zRBhun4OjisIs7pS4R6n1Lpv2xFXYnkWFe50wt5rO-FglAg
cookie: NID=520=FvsgnQ6sR2PFlgZkoUCmh8wDfDgVqFWGWhxGprqANB2KmtTgeHHrXg9AsDiEWnzcHmBHfKtGlULWkGVIjth2Igt90dp6CLOHIrC0-zVdzvYRLMHkQ9LvpdHlNBMUFrExuy4Q_KQokwHTrk5aEV-UHgtjeWsR1-5egvygwC3cxFN-DOM
DNS

chromewebstore.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

chromewebstore.google.com

IN A

Response

chromewebstore.google.com

IN A

142.250.187.238
GET

https://chromewebstore.google.com/

chrome.exe

Remote address:

142.250.187.238:443

Request

GET / HTTP/2.0
host: chromewebstore.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CPjuygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=nY6-NGaGbVs8_8TwKc3zhv7KWBfjSM9B4BfkLQYTEd9zIzidUW2oxGngfjQhQx5gprhPJsmeDakfvJSvaozuq4QxKI5K0WK32Ym3wjd0AaLEPLIO1DH6kEtmdDVXvv_99h2Y4C1pAIPWqN_uot4zRBhun4OjisIs7pS4R6n1Lpv2xFXYnkWFe50wt5rO-FglAg
POST

https://chromewebstore.google.com/_/ChromeWebStoreConsumerFeUi/browserinfo?f.sid=1273197494816756361&bl=boq_chrome-webstore-consumerfe-ui_20241218.04_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=47313&rt=j

chrome.exe

Remote address:

142.250.187.238:443

Request

POST /_/ChromeWebStoreConsumerFeUi/browserinfo?f.sid=1273197494816756361&bl=boq_chrome-webstore-consumerfe-ui_20241218.04_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=47313&rt=j HTTP/2.0
host: chromewebstore.google.com
content-length: 117
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-same-domain: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
content-type: application/x-www-form-urlencoded;charset=UTF-8
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://chromewebstore.google.com
x-client-data: CPjuygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _ga_KHZNC1Q6K0=GS1.1.1736082509.1.0.1736082509.0.0.0
cookie: _ga=GA1.1.1867880871.1736082510
cookie: NID=520=luIqU_GD7QQ676WJq_LAY6diO47yT-kyb3Z_1GMsvnBtjsp181McKYxGRwRhxX47WEgAD7vuZiaj8lc5bWq7ITvtcBPB_AmvLdERDqGbjZ_55ApZkuZX6gOQmeYWWqPlZ7e69g9xkAv2cMuL4y-W_dAO9BT661ushBvoVks13wvXI0G_QjtJacI
cookie: OTZ=7896308_56_56__56_
cookie: __Secure-ENID=24.SE=mbwaAufGPfDX7PMtYSyYLrYO8EUfDEAZZinl1NP5wUxqhJSQKilpQoH1ib5V0_iyTGNJfHNolvHUg94fDyufL_AC9M5J5jr_Wd-4kYHkQeFmn9ergidJaH9Nn2WS15TUBLdl9GEHprb52WmtvrZiE0zzXRHdflGR-bdGbHbMisHk54YfEJgRo_Fv-sCCK4DcFWivuGA
DNS

lh3.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
GET

https://lh3.googleusercontent.com/Ywdz5mn9q2Mx76DU45LSH-Pv5OGpqk8QAOY3lT1AWScMTZYQtAhqhVjtY5I2JZK530QIycLZooe2a0k3quGqYUaZ=s80

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /Ywdz5mn9q2Mx76DU45LSH-Pv5OGpqk8QAOY3lT1AWScMTZYQtAhqhVjtY5I2JZK530QIycLZooe2a0k3quGqYUaZ=s80 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=s80

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=s80 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=s80

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=s80 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=s80

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=s80 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/zwVTBpu9Rl4W3wt6U_G2NlF6bx549ZsR8KxiveJrs_BOnkW5Re-gF1VP-B7SGsUUbVPxm6zdPPqSms2XumNdy02YxaI=s80

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /zwVTBpu9Rl4W3wt6U_G2NlF6bx549ZsR8KxiveJrs_BOnkW5Re-gF1VP-B7SGsUUbVPxm6zdPPqSms2XumNdy02YxaI=s80 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/ARAA8if0Lq3o9OkRVNf0wLcwvn9VZYfydKXoAw1jIavuAdtq7MmK1OOzwsq7swf51KRdzYmxQ_e23V4FQ7Nah9op2A=s80

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /ARAA8if0Lq3o9OkRVNf0wLcwvn9VZYfydKXoAw1jIavuAdtq7MmK1OOzwsq7swf51KRdzYmxQ_e23V4FQ7Nah9op2A=s80 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/-HkHnZiEIhFxE7xXRmyKWvihUlevZU9qOM2eqDPoi5KNvqAX6R3OspeJ16raKK5Xyg4GB0_035dJryDS1f9qNNQI=s506-w506-h322

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /-HkHnZiEIhFxE7xXRmyKWvihUlevZU9qOM2eqDPoi5KNvqAX6R3OspeJ16raKK5Xyg4GB0_035dJryDS1f9qNNQI=s506-w506-h322 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/gzp44EpvZoFe-IysPbd42kpzcevZsq7VHQrL9RPCz-cMWauxtjtMho_DOUflBuYirenmK81e6b-GjDcEQEcV-kAOjg=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /gzp44EpvZoFe-IysPbd42kpzcevZsq7VHQrL9RPCz-cMWauxtjtMho_DOUflBuYirenmK81e6b-GjDcEQEcV-kAOjg=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/aYtRs4dw-pZbZMZWSR4XmlRoKH84G3FLkqm0AgsTJHebj-xU_WzSK5yEWEb5_MhHEPwtiKhTNrhI3Yv26kYvLoHU_eI=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /aYtRs4dw-pZbZMZWSR4XmlRoKH84G3FLkqm0AgsTJHebj-xU_WzSK5yEWEb5_MhHEPwtiKhTNrhI3Yv26kYvLoHU_eI=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/4-gNWTHBLMsX85Aq5gP4gWaKV3kUqvQ7ggHPPkqMpxxmvt0aqcVzWQ2g4I4q5natgfwrOmyAO9gbYsR9enrLkqhc2V8=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /4-gNWTHBLMsX85Aq5gP4gWaKV3kUqvQ7ggHPPkqMpxxmvt0aqcVzWQ2g4I4q5natgfwrOmyAO9gbYsR9enrLkqhc2V8=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/7bzB7r3hq4iuhk8YbeFLYjQyqlsRZxssEBQR0daAEmwEeCUlIdVs7AwcxDn6ap1ybIpXokw368nc_DKxQjL2va9XUT4=s60

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /7bzB7r3hq4iuhk8YbeFLYjQyqlsRZxssEBQR0daAEmwEeCUlIdVs7AwcxDn6ap1ybIpXokw368nc_DKxQjL2va9XUT4=s60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/AeVf1S-J4BzWM3CJH_ehajYLZQlDdGGpNjJCKSicmZQZDW6ip3Yj1rs6F9DCdrlx8oySHjRw3TxkvDuoD8QfFFBn0g=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /AeVf1S-J4BzWM3CJH_ehajYLZQlDdGGpNjJCKSicmZQZDW6ip3Yj1rs6F9DCdrlx8oySHjRw3TxkvDuoD8QfFFBn0g=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/eokZouSQJm_wp51JNpTrrndoXtS05FxglPBfH-OV9AZpqzDY0P95h6miMWEKuP7bE7eh2qe4etiiNWA65sdX-eI3iQ=s60

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /eokZouSQJm_wp51JNpTrrndoXtS05FxglPBfH-OV9AZpqzDY0P95h6miMWEKuP7bE7eh2qe4etiiNWA65sdX-eI3iQ=s60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/Nqr6IxiVpBPvS435vFQqesFbDzKceaGn-kTU41Y2fvQoxg-yhGmg4YbAmk32nNFXxrmhsfYUlAUzEGwQDXaktMMdfb8=s385-w385-h245

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /Nqr6IxiVpBPvS435vFQqesFbDzKceaGn-kTU41Y2fvQoxg-yhGmg4YbAmk32nNFXxrmhsfYUlAUzEGwQDXaktMMdfb8=s385-w385-h245 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/d7JGzmH9YVYHYQ4nTgETLuNsL-b5LKqFj7jMhnaBrxtCKudlZvqpsPggOUY0CzjGtB44fepcKyur_HPWq93zr_cxZg=s60

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /d7JGzmH9YVYHYQ4nTgETLuNsL-b5LKqFj7jMhnaBrxtCKudlZvqpsPggOUY0CzjGtB44fepcKyur_HPWq93zr_cxZg=s60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/01Jb8XCP9zmCMMNXzhH98nRv_S3ci4daFvOQHvXSI486rouL2CFlJl3rK2FgYsgZnp2scgNy0q5RozKqqnkbz4Yqrlo=s385-w385-h245

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /01Jb8XCP9zmCMMNXzhH98nRv_S3ci4daFvOQHvXSI486rouL2CFlJl3rK2FgYsgZnp2scgNy0q5RozKqqnkbz4Yqrlo=s385-w385-h245 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/qS8o-5yJZ1ZWNZKj2ljuKPtOjUICChyS1t0-8nJuJMKwxw7k9EgCkMblCQ47L6ErAovirLunojNQZkwGOL6Je_2_0w=s60

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /qS8o-5yJZ1ZWNZKj2ljuKPtOjUICChyS1t0-8nJuJMKwxw7k9EgCkMblCQ47L6ErAovirLunojNQZkwGOL6Je_2_0w=s60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/9LgRaZizzs922ypN168IqXVNpK3ubrsLYaZc90YBWVNbX9TexyEM09jsKtypcXl7c8YtkUCbU3FRrwPTJluo1bW3EA=s385-w385-h245

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /9LgRaZizzs922ypN168IqXVNpK3ubrsLYaZc90YBWVNbX9TexyEM09jsKtypcXl7c8YtkUCbU3FRrwPTJluo1bW3EA=s385-w385-h245 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/xQHeXocZYlEmoeKABkSRIeFl5k-xkflR2AzN3BBsaNVeTzi9zAnJqpm2LTo9nK3aIGV4QSuiaC5BAaLhjTvA6FXxs0Y=s60

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /xQHeXocZYlEmoeKABkSRIeFl5k-xkflR2AzN3BBsaNVeTzi9zAnJqpm2LTo9nK3aIGV4QSuiaC5BAaLhjTvA6FXxs0Y=s60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/cEZaW9W9Qe4WbqZ5ZNIS-T2EcXUP-qNls7HX0A-eBja6A3P1NXCUlERNhqgadxn5CIr8gmHBsO3FYmoabQWqpw3-=s385-w385-h245

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /cEZaW9W9Qe4WbqZ5ZNIS-T2EcXUP-qNls7HX0A-eBja6A3P1NXCUlERNhqgadxn5CIr8gmHBsO3FYmoabQWqpw3-=s385-w385-h245 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/_1CYyefHbr6UPV9fZgp4CEuoOq5tIw6acvOkGwkXq0PP4GXv1uBoj89BG8BEea6FTKLqTMzkzmy5nhnCIrqkzaNy=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /_1CYyefHbr6UPV9fZgp4CEuoOq5tIw6acvOkGwkXq0PP4GXv1uBoj89BG8BEea6FTKLqTMzkzmy5nhnCIrqkzaNy=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/WUDBCzDgjr3iamRWkpAg5FzZZj6aIO2TbNgdhlu5Yuejs5hoU3LpnKN03XRSYeutk_wL9nMBSJqoGQv8In00aexiYA=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /WUDBCzDgjr3iamRWkpAg5FzZZj6aIO2TbNgdhlu5Yuejs5hoU3LpnKN03XRSYeutk_wL9nMBSJqoGQv8In00aexiYA=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/hzEuDosE0ZhTFdi_esq5mNsKJrlxo3iKYDijKYTJsZynLpKIVvlgIccdjEsygQh6n3FmYu5gmqOhg5AREcXkAdczpg=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /hzEuDosE0ZhTFdi_esq5mNsKJrlxo3iKYDijKYTJsZynLpKIVvlgIccdjEsygQh6n3FmYu5gmqOhg5AREcXkAdczpg=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/B3iunsXOA4YVUHr_tJtSZ2DxhOFHIiUbfEEdgn291MiR4JHMI4YL5YqpnME5CN0XRj-ql_cex5S4o1tjBDKd7W5y=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /B3iunsXOA4YVUHr_tJtSZ2DxhOFHIiUbfEEdgn291MiR4JHMI4YL5YqpnME5CN0XRj-ql_cex5S4o1tjBDKd7W5y=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/Wv7WPiITs7VMTYknwR0EIaaapsno9wh9ILbopl8uoc74oZeTFVuceDju7aDliug1lpARN6mft6sS5YbhGNt1H88v0g=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /Wv7WPiITs7VMTYknwR0EIaaapsno9wh9ILbopl8uoc74oZeTFVuceDju7aDliug1lpARN6mft6sS5YbhGNt1H88v0g=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/BTwPiTyE48QEx-ybmXul-ClKwYIUo6fgAn-UMbVIkXdJaKf4ru20EZPKNo8toOChMwneCChtXSTr7ODDH2TUvPrLKQ=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /BTwPiTyE48QEx-ybmXul-ClKwYIUo6fgAn-UMbVIkXdJaKf4ru20EZPKNo8toOChMwneCChtXSTr7ODDH2TUvPrLKQ=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/LTvVQlqmc6L3TuFT6sqHBLZJHtDQLN6dfRU1RkHaUTTyb-EPZNe5MdU1L6_yHcTE92KNf-15HBb2v3SO_k6Xi1AcQC8=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /LTvVQlqmc6L3TuFT6sqHBLZJHtDQLN6dfRU1RkHaUTTyb-EPZNe5MdU1L6_yHcTE92KNf-15HBb2v3SO_k6Xi1AcQC8=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/hMT3ChuAV0chzLzOuCzMFPEIKLkw77AY2qcX1RB2YDI1WbdxYD7C9ltXHuOM5J37zDttcbSoYH2nzlFRYYW25Venug=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /hMT3ChuAV0chzLzOuCzMFPEIKLkw77AY2qcX1RB2YDI1WbdxYD7C9ltXHuOM5J37zDttcbSoYH2nzlFRYYW25Venug=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/IaIhYG4PcOK-ARokiIwWfFSrlOhK7nYClfvSsFL9OXFaMzbsgrcdqGeda_jiDbO-HJarFG5JJIkXWGgHEc83Og63vzk=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /IaIhYG4PcOK-ARokiIwWfFSrlOhK7nYClfvSsFL9OXFaMzbsgrcdqGeda_jiDbO-HJarFG5JJIkXWGgHEc83Og63vzk=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/kjCHPGKdrtdOzDpqLb1ryDkUxi2faNPUse7x-RJ_cL8-1oy7L2QoM1vOVuv_fX_bKpV6Zls2eeYBJ6gmHLBQv8Rj=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /kjCHPGKdrtdOzDpqLb1ryDkUxi2faNPUse7x-RJ_cL8-1oy7L2QoM1vOVuv_fX_bKpV6Zls2eeYBJ6gmHLBQv8Rj=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/_7k19RZKELB2342AdSYPAgC8Nrd6y8xWgNu9mSrk4lyB8tf1za6jCiYDFCq3FH81a9pufVwuvj3pE0QFEFGqAGGh4Q=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /_7k19RZKELB2342AdSYPAgC8Nrd6y8xWgNu9mSrk4lyB8tf1za6jCiYDFCq3FH81a9pufVwuvj3pE0QFEFGqAGGh4Q=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/mUzhc5edtqOCMejD6-SeVO_6K2-vu9AjddIXOYtiPSVe763YjAA1cbYhZH5tfTYP1GQfqm8CWPBcv8abYkeSUTXYTQ=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /mUzhc5edtqOCMejD6-SeVO_6K2-vu9AjddIXOYtiPSVe763YjAA1cbYhZH5tfTYP1GQfqm8CWPBcv8abYkeSUTXYTQ=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/im7SoGFLGPK_ewhkXGUE4DP9qyP5ybI4mh793oLXZRUdHVtF6gA0qmh2HarnvgNfvp4ASuQea37ql0QZsB8Ugv3xjw=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /im7SoGFLGPK_ewhkXGUE4DP9qyP5ybI4mh793oLXZRUdHVtF6gA0qmh2HarnvgNfvp4ASuQea37ql0QZsB8Ugv3xjw=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/ORZ5KHW8zJE8nuLJSNuKztvcyehyo3GRAgna2P8oQ4eaMfy9BbNIjxSu3fG8RtzaGcbMCXGWeUhpM8rTXsInga-3p_Y=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /ORZ5KHW8zJE8nuLJSNuKztvcyehyo3GRAgna2P8oQ4eaMfy9BbNIjxSu3fG8RtzaGcbMCXGWeUhpM8rTXsInga-3p_Y=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/N7zixf0Au7Bsc49RJPtxdkIDZcePWImtRVuPp_Bb2KgtOgttfEXMOjA1Q8jeURDNXj1PmH-1miqYtmt4obq4PscCAVg=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /N7zixf0Au7Bsc49RJPtxdkIDZcePWImtRVuPp_Bb2KgtOgttfEXMOjA1Q8jeURDNXj1PmH-1miqYtmt4obq4PscCAVg=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/7x0zWDKDuGV9wjVsZulFI9-3jeIrfEuWvAx-wjAyFOH_9pARfcwE8ZNC5fA5Ikfo51b064jQ5g8D78BxDF76EQ0yYA=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /7x0zWDKDuGV9wjVsZulFI9-3jeIrfEuWvAx-wjAyFOH_9pARfcwE8ZNC5fA5Ikfo51b064jQ5g8D78BxDF76EQ0yYA=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/ZWumfIAq-LUVGDHUxWfTrUanEp2ZT3DeubTHFsLth-dqkTEj61N4VuGuqaB3yRsc77RdTFag0cZlI_KndsSqC2Yahg=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /ZWumfIAq-LUVGDHUxWfTrUanEp2ZT3DeubTHFsLth-dqkTEj61N4VuGuqaB3yRsc77RdTFag0cZlI_KndsSqC2Yahg=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/LSr89y02q7nhvfdp38EPPKm_L7bnS9vHaP-7Hn22WJhlvMY1ecGyEz854wpReOHFrMCug-p6bNxRcdCfQO6fSmJMkac=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /LSr89y02q7nhvfdp38EPPKm_L7bnS9vHaP-7Hn22WJhlvMY1ecGyEz854wpReOHFrMCug-p6bNxRcdCfQO6fSmJMkac=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/LeiGwQZ2TYhC_36kBygBc76V4wGui0nUqtMurYA95iejl6oQHQBG6hA3gDtx5a5Jq9UrNF1ZWGInbIvo7dcvSF4zQqc=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /LeiGwQZ2TYhC_36kBygBc76V4wGui0nUqtMurYA95iejl6oQHQBG6hA3gDtx5a5Jq9UrNF1ZWGInbIvo7dcvSF4zQqc=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/tX75RktsiiTPCjw1kt2qNWphQ92EaZ9goN3ITcIJNkgpwwzCiPFXxqiNxoXlyVkSBg61i1QTDEKSexL-Ii2f9W2V=s275-w275-h175

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /tX75RktsiiTPCjw1kt2qNWphQ92EaZ9goN3ITcIJNkgpwwzCiPFXxqiNxoXlyVkSBg61i1QTDEKSexL-Ii2f9W2V=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

14.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.178.250.142.in-addr.arpa

IN PTR

Response

14.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f141e100net
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f741e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H
DNS

ssl.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_blue_patterned.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/marquee_blue_patterned.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_2024_favorites.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/marquee_2024_favorites.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_ai_powered.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/marquee_ai_powered.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_rising_artists.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/marquee_rising_artists.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/banner_editors_picks.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/banner_editors_picks.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/banner_dark_mode.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/banner_dark_mode.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/banner_youtube.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/banner_youtube.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/promo/banner_new_tab_page.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/promo/banner_new_tab_page.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/chrome/webstore/images/icon_48px.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /chrome/webstore/images/icon_48px.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

172.217.169.10
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllZnCaqz3OhhIFDYzGkEMh6qqXyYxJwkQ=?alt=proto

chrome.exe

Remote address:

142.250.187.234:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllZnCaqz3OhhIFDYzGkEMh6qqXyYxJwkQ=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CPjuygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://chromewebstore.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Jan 2025 13:08:30 GMT
content-type: text/html
vary: x-origin
content-length: 0
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
server-timing: gfet4t7; dur=5
content-type: text/html
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.187.234:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://chromewebstore.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://chromewebstore.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Jan 2025 13:08:30 GMT
content-type: text/html
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-length: 0
access-control-max-age: 3600
content-type: text/html
content-length: 0
server-timing: gfet4t7; dur=5
server-timing: gfet4t7; dur=5
POST

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.187.234:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
content-length: 69
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
content-type: application/json+protobuf
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://chromewebstore.google.com
x-client-data: CPjuygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://chromewebstore.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Jan 2025 13:08:30 GMT
content-type: text/html
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-length: 0
access-control-max-age: 3600
content-type: text/html
content-length: 0
server-timing: gfet4t7; dur=5
server-timing: gfet4t7; dur=5
DNS

chrome.exe

Remote address:

142.250.187.234:443

Response

HTTP/2.0 200

access-control-allow-origin: https://chromewebstore.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Jan 2025 13:08:30 GMT
content-type: text/html
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-length: 0
access-control-max-age: 3600
content-type: text/html
content-length: 0
server-timing: gfet4t7; dur=5
server-timing: gfet4t7; dur=5
DNS

chrome.exe

Remote address:

142.250.187.234:443

Response

HTTP/2.0 200

access-control-allow-origin: https://chromewebstore.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Jan 2025 13:08:30 GMT
content-type: text/html
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-length: 0
access-control-max-age: 3600
content-type: text/html
content-length: 0
server-timing: gfet4t7; dur=5
server-timing: gfet4t7; dur=5
DNS

chrome.exe

Remote address:

142.250.187.234:443

Response

HTTP/2.0 200

access-control-allow-origin: https://chromewebstore.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Jan 2025 13:08:30 GMT
content-type: text/html
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-length: 0
access-control-max-age: 3600
content-type: text/html
content-length: 0
server-timing: gfet4t7; dur=5
server-timing: gfet4t7; dur=5
DNS

chrome.exe

Remote address:

142.250.187.234:443

Response

HTTP/2.0 200

content-type: application/json+protobuf; charset=UTF-8
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
date: Sun, 05 Jan 2025 13:08:30 GMT
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-length: 30
access-control-max-age: 3600
content-type: text/html
content-length: 0
access-control-allow-origin: https://chromewebstore.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
server-timing: gfet4t7; dur=17
server-timing: gfet4t7; dur=5
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

172.217.169.42
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://chromewebstore.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://chromewebstore.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

scone-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

scone-pa.clients6.google.com

IN A

Response

scone-pa.clients6.google.com

IN A

142.250.200.10
GET

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.ZpMpph_5a4M.O%2Fd%3D1%2Frs%3DAHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ%2Fm%3D__features__

chrome.exe

Remote address:

142.250.200.10:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.ZpMpph_5a4M.O%2Fd%3D1%2Frs%3DAHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ%2Fm%3D__features__ HTTP/2.0
host: scone-pa.clients6.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CPjuygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=nY6-NGaGbVs8_8TwKc3zhv7KWBfjSM9B4BfkLQYTEd9zIzidUW2oxGngfjQhQx5gprhPJsmeDakfvJSvaozuq4QxKI5K0WK32Ym3wjd0AaLEPLIO1DH6kEtmdDVXvv_99h2Y4C1pAIPWqN_uot4zRBhun4OjisIs7pS4R6n1Lpv2xFXYnkWFe50wt5rO-FglAg
cookie: NID=520=FvsgnQ6sR2PFlgZkoUCmh8wDfDgVqFWGWhxGprqANB2KmtTgeHHrXg9AsDiEWnzcHmBHfKtGlULWkGVIjth2Igt90dp6CLOHIrC0-zVdzvYRLMHkQ9LvpdHlNBMUFrExuy4Q_KQokwHTrk5aEV-UHgtjeWsR1-5egvygwC3cxFN-DOM
POST

https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyA0vwca3tL87eYFZub4l3oBUxBL9Em8QVQ

chrome.exe

Remote address:

142.250.200.10:443

Request

POST /v1/survey/trigger/trigger_anonymous?key=AIzaSyA0vwca3tL87eYFZub4l3oBUxBL9Em8QVQ HTTP/2.0
host: scone-pa.clients6.google.com
content-length: 86
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-goog-encode-response-if-executable: base64
x-origin: https://chromewebstore.google.com
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
x-goog-api-key: AIzaSyA0vwca3tL87eYFZub4l3oBUxBL9Em8QVQ
x-requested-with: XMLHttpRequest
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json+protobuf
sec-ch-ua-full-version: "123.0.6312.123"
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-referer: https://chromewebstore.google.com
accept: */*
origin: https://scone-pa.clients6.google.com
x-client-data: CPjuygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.ZpMpph_5a4M.O%2Fd%3D1%2Frs%3DAHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ%2Fm%3D__features__
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=nY6-NGaGbVs8_8TwKc3zhv7KWBfjSM9B4BfkLQYTEd9zIzidUW2oxGngfjQhQx5gprhPJsmeDakfvJSvaozuq4QxKI5K0WK32Ym3wjd0AaLEPLIO1DH6kEtmdDVXvv_99h2Y4C1pAIPWqN_uot4zRBhun4OjisIs7pS4R6n1Lpv2xFXYnkWFe50wt5rO-FglAg
cookie: NID=520=luIqU_GD7QQ676WJq_LAY6diO47yT-kyb3Z_1GMsvnBtjsp181McKYxGRwRhxX47WEgAD7vuZiaj8lc5bWq7ITvtcBPB_AmvLdERDqGbjZ_55ApZkuZX6gOQmeYWWqPlZ7e69g9xkAv2cMuL4y-W_dAO9BT661ushBvoVks13wvXI0G_QjtJacI
DNS

195.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

region1.google-analytics.com

chrome.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f10�I
DNS

72.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.204.58.216.in-addr.arpa

IN PTR

Response

72.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f81e100net

72.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f72�G

72.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f8�G
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4cc1v9127140089za200&_p=1736082509382&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1867880871.1736082510&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1736082509&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2F&dr=&dt=Chrome%20Web%20Store&dp=%2F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1398

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4cc1v9127140089za200&_p=1736082509382&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1867880871.1736082510&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1736082509&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2F&dr=&dt=Chrome%20Web%20Store&dp=%2F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1398 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://chromewebstore.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

fancywaxxers.shop

Script.exe

Remote address:

8.8.8.8:53

Request

fancywaxxers.shop

IN A

Response

fancywaxxers.shop

IN A

104.21.32.1

fancywaxxers.shop

IN A

104.21.96.1

fancywaxxers.shop

IN A

104.21.112.1

fancywaxxers.shop

IN A

104.21.16.1

fancywaxxers.shop

IN A

104.21.64.1

fancywaxxers.shop

IN A

104.21.48.1

fancywaxxers.shop

IN A

104.21.80.1
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=jghqelam9ecr64l1okchpoelgt; expires=Thu, 01 May 2025 06:55:20 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bAqK9956rpSxY46jkR4kLJ%2F9qSgoaYTs9vf3oN0RE%2FE%2FAbSpBI7krEtBJfSV5SXKszCc9uCx8NkWVIEkTNcfi%2F9eV%2F4PTHFl42Gv6fTyKEaJfGbwtmN8rLu2VjPH40AQjt9kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2cfee706367-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=32379&min_rtt=27552&rtt_var=14858&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=607&delivery_rate=121088&cwnd=253&unsent_bytes=0&cid=fe819af559d1bdac&ts=280&x=0"
DNS

nearycrepso.shop

Script.exe

Remote address:

8.8.8.8:53

Request

nearycrepso.shop

IN A

Response
DNS

1.32.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.32.21.104.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

abruptyopsn.shop

Script.exe

Remote address:

8.8.8.8:53

Request

abruptyopsn.shop

IN A

Response

abruptyopsn.shop

IN A

104.21.48.1

abruptyopsn.shop

IN A

104.21.80.1

abruptyopsn.shop

IN A

104.21.32.1

abruptyopsn.shop

IN A

104.21.96.1

abruptyopsn.shop

IN A

104.21.64.1

abruptyopsn.shop

IN A

104.21.112.1

abruptyopsn.shop

IN A

104.21.16.1
DNS

abruptyopsn.shop

Script.exe

Remote address:

8.8.8.8:53

Request

abruptyopsn.shop

IN A

Response

abruptyopsn.shop

IN A

104.21.96.1

abruptyopsn.shop

IN A

104.21.16.1

abruptyopsn.shop

IN A

104.21.32.1

abruptyopsn.shop

IN A

104.21.48.1

abruptyopsn.shop

IN A

104.21.112.1

abruptyopsn.shop

IN A

104.21.80.1

abruptyopsn.shop

IN A

104.21.64.1
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=05k8477fhi6j1d6eroi2vt4eel; expires=Thu, 01 May 2025 06:55:21 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CYvPt1mj%2B%2B2PbGLk1WmBfmPptklb32dt%2Fvq%2FuO8pUy2yw5yojZIQTjI%2BNp29hEmhZaTiwEUJMXLOs71KORIVjBWqijkqs5kU8mlma0ncVFqJBPPahkEpDGX1hkJ0ZsU%2FULie"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2d27b064141-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=31178&min_rtt=26310&rtt_var=13019&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3509&recv_bytes=605&delivery_rate=103154&cwnd=253&unsent_bytes=0&cid=1ccb6152d9d3f23c&ts=263&x=0"
DNS

wholersorie.shop

Script.exe

Remote address:

8.8.8.8:53

Request

wholersorie.shop

IN A

Response

wholersorie.shop

IN A

172.67.160.114

wholersorie.shop

IN A

104.21.41.51
DNS

wholersorie.shop

Script.exe

Remote address:

8.8.8.8:53

Request

wholersorie.shop

IN A

Response

wholersorie.shop

IN A

104.21.41.51

wholersorie.shop

IN A

172.67.160.114
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ha5um27fmujsqkujojoh7ots67; expires=Thu, 01 May 2025 06:55:21 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmqlVhOOoufQUDAL6lApTbHU8B0g1q2xdkeJ0SfKU%2FQhWEiWTb1dvoGfROBlMBkPY6U36mOozD6F2hgiv6vkF5I6rey1u1FnUDGzuQJvRHVc7V%2B2isiss2vxtG%2FU%2F5zr2O4U"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2d47adfeefd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27390&min_rtt=26724&rtt_var=6662&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=605&delivery_rate=130272&cwnd=253&unsent_bytes=0&cid=ca44361997706f9c&ts=237&x=0"
DNS

framekgirus.shop

Script.exe

Remote address:

8.8.8.8:53

Request

framekgirus.shop

IN A

Response

framekgirus.shop

IN A

172.67.179.160

framekgirus.shop

IN A

104.21.18.19
DNS

framekgirus.shop

Script.exe

Remote address:

8.8.8.8:53

Request

framekgirus.shop

IN A

Response

framekgirus.shop

IN A

104.21.18.19

framekgirus.shop

IN A

172.67.179.160
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=8bsf4bii2lrmjroini524ij1ua; expires=Thu, 01 May 2025 06:55:21 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=smwyNMQ09hQ4wF3GzyWL3WbuVC%2FbwmpomR2wr2ITsLLbZmJg%2B5Di1Zn%2Bz2JQMCi8dwCqDBqD9mNkaVuzWc31Mm3zCQCsNCchQSnmDqBcIrVmKk8nrYoaJoUajJ4%2BgyD9VWmI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2d68cc3cdc2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27395&min_rtt=26389&rtt_var=7229&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=134121&cwnd=251&unsent_bytes=0&cid=4cd7d6705d6d7251&ts=204&x=0"
DNS

1.48.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.48.21.104.in-addr.arpa

IN PTR

Response
DNS

114.160.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.160.67.172.in-addr.arpa

IN PTR

Response
DNS

114.160.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.160.67.172.in-addr.arpa

IN PTR

Response
DNS

tirepublicerj.shop

Script.exe

Remote address:

8.8.8.8:53

Request

tirepublicerj.shop

IN A

Response

tirepublicerj.shop

IN A

104.21.16.1

tirepublicerj.shop

IN A

104.21.32.1

tirepublicerj.shop

IN A

104.21.96.1

tirepublicerj.shop

IN A

104.21.80.1

tirepublicerj.shop

IN A

104.21.112.1

tirepublicerj.shop

IN A

104.21.48.1

tirepublicerj.shop

IN A

104.21.64.1
DNS

tirepublicerj.shop

Script.exe

Remote address:

8.8.8.8:53

Request

tirepublicerj.shop

IN A

Response

tirepublicerj.shop

IN A

104.21.112.1

tirepublicerj.shop

IN A

104.21.32.1

tirepublicerj.shop

IN A

104.21.16.1

tirepublicerj.shop

IN A

104.21.64.1

tirepublicerj.shop

IN A

104.21.96.1

tirepublicerj.shop

IN A

104.21.80.1

tirepublicerj.shop

IN A

104.21.48.1
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=vimpmrkh2atpisi5a17cfc24ij; expires=Thu, 01 May 2025 06:55:22 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MwmDem74jXv2JSUsN5SBn3sQ1iOmJyuJ3r%2F%2F0jjkvkvpqdTwEM%2BD9A9Cb7cQnmEpVlQjMgXNi7nAB3B%2Fd3gqX2jyxWpUBP7BSGtz6In8hQ1SoXpls8CnXJjLUutfrppFQWSb%2FLM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2d858114911-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27571&min_rtt=26588&rtt_var=7287&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=609&delivery_rate=135249&cwnd=252&unsent_bytes=0&cid=8a525b7c8f327795&ts=257&x=0"
DNS

noisycuttej.shop

Script.exe

Remote address:

8.8.8.8:53

Request

noisycuttej.shop

IN A

Response

noisycuttej.shop

IN A

104.21.71.146

noisycuttej.shop

IN A

172.67.170.178
DNS

noisycuttej.shop

Script.exe

Remote address:

8.8.8.8:53

Request

noisycuttej.shop

IN A

Response

noisycuttej.shop

IN A

172.67.170.178

noisycuttej.shop

IN A

104.21.71.146
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=1htedve1pcetk4b4akpg3tot50; expires=Thu, 01 May 2025 06:55:22 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GbAbU07IxggAn7hyMpmLTP5mtRtktNnlzC0PfQkyLsQF1J5NRwp7bL2qW5RybH8X3kof749ouPoZFkEbe2aBnMiqSJXRQTccQWL4eQPqLrsKtz1ZNw7%2F7s%2FCqs2X2n%2Fmy%2FSE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2da8fdb368f-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27587&min_rtt=26200&rtt_var=7860&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3298&recv_bytes=605&delivery_rate=123479&cwnd=253&unsent_bytes=0&cid=a86301967474795d&ts=262&x=0"
DNS

rabidcowse.shop

Script.exe

Remote address:

8.8.8.8:53

Request

rabidcowse.shop

IN A

Response

rabidcowse.shop

IN A

172.67.156.127

rabidcowse.shop

IN A

104.21.7.224
DNS

rabidcowse.shop

Script.exe

Remote address:

8.8.8.8:53

Request

rabidcowse.shop

IN A

Response

rabidcowse.shop

IN A

172.67.156.127

rabidcowse.shop

IN A

104.21.7.224
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=eq6620qcj20oqs2tuk14t0g40o; expires=Thu, 01 May 2025 06:55:22 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0znzHVklJXGGan8eyaq6%2BBluXCutdwYJFPqFbz91Ibe%2FzfDDSpyentNw4bcpfG3fuv7pJkQ6CAarDrUao12ljcbkiS%2Bdmeb4g%2F9YPWhXWnizhePa7t3rFAsFTYvhJGofJKY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2dcbf86776d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27271&min_rtt=26271&rtt_var=7282&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=603&delivery_rate=136076&cwnd=251&unsent_bytes=0&cid=e68d35272959cd4d&ts=228&x=0"
DNS

160.179.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.179.67.172.in-addr.arpa

IN PTR

Response
DNS

1.16.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.16.21.104.in-addr.arpa

IN PTR

Response
DNS

cloudewahsj.shop

Script.exe

Remote address:

8.8.8.8:53

Request

cloudewahsj.shop

IN A

Response

cloudewahsj.shop

IN A

104.21.80.1

cloudewahsj.shop

IN A

104.21.32.1

cloudewahsj.shop

IN A

104.21.16.1

cloudewahsj.shop

IN A

104.21.96.1

cloudewahsj.shop

IN A

104.21.112.1

cloudewahsj.shop

IN A

104.21.48.1

cloudewahsj.shop

IN A

104.21.64.1
DNS

cloudewahsj.shop

Script.exe

Remote address:

8.8.8.8:53

Request

cloudewahsj.shop

IN A

Response

cloudewahsj.shop

IN A

104.21.80.1

cloudewahsj.shop

IN A

104.21.32.1

cloudewahsj.shop

IN A

104.21.48.1

cloudewahsj.shop

IN A

104.21.16.1

cloudewahsj.shop

IN A

104.21.64.1

cloudewahsj.shop

IN A

104.21.96.1

cloudewahsj.shop

IN A

104.21.112.1
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=2obtg4jfrd3fhonc8ucj2fnft0; expires=Thu, 01 May 2025 06:55:23 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ubvH3%2BNQv%2BWRgUAJGKdThCjsbZR6Sw3SeidKRUH4ncNbuKsA%2BontusBIQFqYNJ9ilIcdYAjlA4jICn7ksT6clXekU8AFtXNsnWdzcYHPXLJ3JC5bajp0ksWx9KstC9FOilo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2deba387725-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27503&min_rtt=26174&rtt_var=7859&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=605&delivery_rate=131871&cwnd=253&unsent_bytes=0&cid=3a4b4b957c90aba1&ts=235&x=0"
DNS

steamcommunity.com

Script.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

104.82.131.75
DNS

steamcommunity.com

Script.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

104.82.131.75
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:44 GMT
Content-Length: 25984
Connection: keep-alive
Set-Cookie: sessionid=ca220baf8b6a9b82a9a9bb2c; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
DNS

127.156.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.156.67.172.in-addr.arpa

IN PTR

Response
DNS

127.156.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.156.67.172.in-addr.arpa

IN PTR

Response
DNS

146.71.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.71.21.104.in-addr.arpa

IN PTR

Response
DNS

146.71.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.71.21.104.in-addr.arpa

IN PTR

Response
DNS

1.80.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.21.104.in-addr.arpa

IN PTR

Response
DNS

75.131.82.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.131.82.104.in-addr.arpa

IN PTR

Response

75.131.82.104.in-addr.arpa

IN PTR

a104-82-131-75deploystaticakamaitechnologiescom
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=f9ckqdnjnhcthjuser5fl0r09f; expires=Thu, 01 May 2025 06:55:26 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r3MQcBX%2FyAhXMEKMBhohEVSJ89e8lh8qVpKFNTAVw0YdgT3w4JjR7O2G0BaRCS47NPmUjtOz6KFd7WAjwq%2FBfzaIUCBsOS6JHwbqwxIjd7x3ywm4iN8Ejh5g1c4A3bRFSGraYg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2f26fb494d2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29166&min_rtt=26020&rtt_var=9806&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=607&delivery_rate=104304&cwnd=253&unsent_bytes=0&cid=46227ab31f6938e2&ts=240&x=0"
DNS

nearycrepso.shop

Script.exe

Remote address:

8.8.8.8:53

Request

nearycrepso.shop

IN A

Response
DNS

nearycrepso.shop

Script.exe

Remote address:

8.8.8.8:53

Request

nearycrepso.shop

IN A

Response
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=h344qqq0ci6i0oucn37bn291sk; expires=Thu, 01 May 2025 06:55:26 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dsyLA3glnmGszG1gYQproBOcUAU82viJK1jpzCMgpJgmvnyfVXEFRRE6DQpZq4rx06WCVbSHtv98ObT8zQ6dRhCj4E%2Fj%2FQqBigY1juCnjQmGpBsPhs4Hthb%2FipLQ9Ngv%2BQyA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2f46c04951d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26936&min_rtt=26341&rtt_var=6659&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3509&recv_bytes=605&delivery_rate=147944&cwnd=248&unsent_bytes=0&cid=0eda4bc47bae6677&ts=241&x=0"
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=bjd409rn0c5ovtnc5p3u1ai4jf; expires=Thu, 01 May 2025 06:55:26 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1NVh3t7syrK6rPjMW%2F33Iu6noDH%2BKZwVCteQSQ9WTaSFDyRh8kS%2FCXsflbuE10rZZScj6IV1DlqvaoPGOM5RB8AFpFxCb0Lut%2B5crhqrj7sVGo76luXDxkzRyFZksHcVmL3T"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2f63c80ed01-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27030&min_rtt=26002&rtt_var=7382&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=605&delivery_rate=147009&cwnd=253&unsent_bytes=0&cid=8bead0d4f7a8ee7f&ts=229&x=0"
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=cqq6mjp30315j6msvt4h9ov7uk; expires=Thu, 01 May 2025 06:55:27 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yFPKkksKa%2Bn0qwbzg27aMFx5nwyEqojhmZN27rzrmNskRELdSc6JbhvnxROv%2BR%2BBSp%2FyTspeXmMeFBQK8sfJqWySeYuhLNFXwyNPAIqaIyo4TCvbSjxTx%2F%2BqhBoRuwpaxj90"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2f809ac79bd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28533&min_rtt=26521&rtt_var=9535&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=605&delivery_rate=146962&cwnd=251&unsent_bytes=0&cid=5c7dac432e6c5479&ts=248&x=0"
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=lj6t9ms6sl3vaope4p4qmcui0f; expires=Thu, 01 May 2025 06:55:27 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=11TbHvOYUwJHZqA9xhAUwLbLWOodOK7cxqqTj73DvNX3m1lnjiY916migSW3RxBbx68ZTOjIQmys21DqWfT1J9CpQIImi0palzhpN5URbeGKGPu210GaOm4i9U0oVidVbjTGSz4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2f9efc693db-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27145&min_rtt=26556&rtt_var=5953&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=609&delivery_rate=148560&cwnd=253&unsent_bytes=0&cid=cf83d80bef28c47c&ts=254&x=0"
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=02jl54cvis1hm41eer9iri0mt8; expires=Thu, 01 May 2025 06:55:27 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rm%2Fbup4I0eUbu3GMEcSD8%2Bb0RrvRtpso4vkR3VNP%2B%2FZlx8nScl6qiy7Uqz7BO2RQ5MA%2FSxnT8naZjOg8O3B%2Fdx3yJ%2Bbzw2u2GpM%2B%2BubsPtmm6%2FLDeSsfZxVb2iqnqGQ9gUIF9A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2fbd8da4969-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28293&min_rtt=26005&rtt_var=9335&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=607&delivery_rate=108856&cwnd=253&unsent_bytes=0&cid=b0698ec00833c247&ts=261&x=0"
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=qv2r8ohms4mmh788ig7ic11680; expires=Thu, 01 May 2025 06:55:27 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=engM4TgrXP2GuxnUqfGQtxpb%2BQpYkpk39o5u5ky0PpcN9p53neXLBC5ulSfO5iMJl%2FBNSWm07bmTDCUhAIhaMLxuFtD48w0%2Fo%2Fcjvm5kdtfu88LEJd2oWdmhTWg9li9aGB3U"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2fbedd379b6-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27667&min_rtt=26448&rtt_var=7688&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=143022&cwnd=253&unsent_bytes=0&cid=5f89d831dabd4e36&ts=253&x=0"
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=674l8u495ckf63kmgc3rsmn5fs; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fj%2FWvewj%2BUQkZ9pAvGRAlkhHMwDm8FRUpyA8NtkWF%2FJVXs7nPi87giqpxzhIqHqeNlaDYBEGS5FOo%2BiyszQwRGmuFJgyhmkRvdJ9ibSg0zAMnqEltSQxo9Yc87oYSKfDmHad"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2fdc944657b-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26730&min_rtt=26514&rtt_var=5960&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3509&recv_bytes=605&delivery_rate=148074&cwnd=240&unsent_bytes=0&cid=dbed50d665908edd&ts=224&x=0"
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=3vgqkvr42jtotrtb1akksbosk9; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jr6WoY1d43MZyxHTms3VLxzjdr%2F8HMJKLSrkPN4ZgAqT7ayhXGdmeAebSzilPmssHMVN75GiuLseCV%2BR5yqIUmInW6FC6QI5kCYiE95SxWVVqUXg2io95Mu3olUMfPGzz2g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2fdcc85654f-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26545&min_rtt=26211&rtt_var=6103&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=147553&cwnd=253&unsent_bytes=0&cid=adbe43b986377810&ts=277&x=0"
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=pfld4ddu8k9mehpqhdjdgpdo0n; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovr7ld6LHKd8nfdq6dC%2FYdFCNLInmYNSr8NkTAo3hkQx%2BsD2wJM0Mcpz3ZbrVNJ5gtUIVhwUVXX1fhAKWvvSczD1tWQ1B5blYgwa8E3HfFN%2B8jyAPlxpYGM60vN8FKmM%2FCkT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2ff8e5a954d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27122&min_rtt=26435&rtt_var=6618&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=135285&cwnd=253&unsent_bytes=0&cid=2bdcb7981c53b0a1&ts=252&x=0"
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=qkna551go1t76915jh3upofmk8; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KpupKeH8iMWS%2FIQFe74w9ri%2FL4ocq%2F6mr35PXfuTGp9h49f1GuznAl3CLoAfbbjJXLgCYAVB%2F0WKVq4cn9AvCWo54SF7oyQbAydicrZwiVGcQEDGIxIbm633AqX96o5D4bWj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b2ffdc647725-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27037&min_rtt=26203&rtt_var=6969&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=138032&cwnd=253&unsent_bytes=0&cid=32aff55bf3dc8977&ts=249&x=0"
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=69lmpi1u793fhndf8as9q2gv1v; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4R8EnRh9blZj0Kd7MRdduWyljRdTDQb3YX28DgXuYRHz0%2Ba4pMk%2BIkDwNug9ey%2B5a2xyLJKgPk1M4jiWf%2Faq4ZXJkCDdTzxbTZ3C8vgmIfQojgJ%2FsWGRUmJ0i7tHdqrXLvMosA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3017f3aef44-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28263&min_rtt=25934&rtt_var=8055&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=607&delivery_rate=141383&cwnd=253&unsent_bytes=0&cid=b7728598cc32bd3d&ts=221&x=0"
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=9il9auii340h80454qfu6kprjl; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sw0DJRd65T1vcK50v75O6aX8cRUmdGtSaf%2ByEFTQyFDcEN9ahTyKRoblWoE9yjyyLpNk%2BdGeaH%2B7X7kCMBrioCBYknBkauU1X86CB3qmxb%2FLRjS3vJE9RBEp4gniJZYG0Gm9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3018e6563af-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29182&min_rtt=26121&rtt_var=11379&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3296&recv_bytes=605&delivery_rate=142069&cwnd=253&unsent_bytes=0&cid=947be9e9651a5401&ts=262&x=0"
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:49 GMT
Content-Length: 35588
Connection: keep-alive
Set-Cookie: sessionid=bfa752a05e1ccef608ec83c8; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=rr12npm0nedaths424p4pufcnl; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sf32UiqaqD0HTuUVYLXP%2Bd4tTzFr%2B14TV5CaOZQFb0RiA8OD7D7Gnntpq43Smd7bbte1baktqI4dKpTLd1nZFGLsRWKHMu5TfJuYZKGhjOA7XV%2BJinlr2w2xrkToBzAYq9PPz94%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b303cb7e93db-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30219&min_rtt=26620&rtt_var=12471&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3302&recv_bytes=609&delivery_rate=127401&cwnd=253&unsent_bytes=0&cid=ea19d65bab225e7e&ts=262&x=0"
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=s6klj21d31hm8f8dancnhbq70n; expires=Thu, 01 May 2025 06:55:28 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xi5Z38Cka7OvRxsFUMIZ%2FN2ALFOmxuZ3X%2FAK0n10HRPj3EIU3NYUJ3b1oBB1i9z5h9e6trVBXucMVVxhDMGuPuBas3A1S6mULM8sebUvKBNNihl0dGDSqbtBRwkny6%2BsC9Mb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b303ccf94179-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29577&min_rtt=26166&rtt_var=12125&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3510&recv_bytes=605&delivery_rate=138253&cwnd=244&unsent_bytes=0&cid=45ea781b92c7f291&ts=256&x=0"
DNS

lev-tolstoi.com

Script.exe

Remote address:

8.8.8.8:53

Request

lev-tolstoi.com

IN A

Response
DNS

lev-tolstoi.com

Script.exe

Remote address:

8.8.8.8:53

Request

lev-tolstoi.com

IN A

Response
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=et6govjrciutfksub2jai9sad8; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0kEqrIxG0UowGixQDqKK0R1gBcR%2FQVZWgkF%2BVzfV3ArBS%2BAdXLN5huIPEGn2Voun3d3JDqROe8SLJ%2F9j7GqYdj5b6I63r95csUjHem85yyKgqRqpozQXpP5yxzgevfbiV7ZAg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3049875ef44-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28023&min_rtt=26082&rtt_var=8716&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=607&delivery_rate=125694&cwnd=253&unsent_bytes=0&cid=01f40d435821249d&ts=247&x=0"
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ei522blen4n5b55ua46cjvndbr; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GouPAdXGJwcqq6Qf3RnbgfUJXq9ylcOxsUmcTflcPI8sDNMltIz6we%2BPEWHOfAdgpfDSGobqUGGIEyYdCm86mXTsttTYiT6yA0mq%2BIKllSdU%2B2Z2gF2T8D%2BN3o6SptbJ3mxT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b305ddc96534-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30714&min_rtt=26230&rtt_var=11992&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=103469&cwnd=253&unsent_bytes=0&cid=19b37cd26067aaea&ts=300&x=0"
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=p7k2hmehlre5njvu4itgf92q6j; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKDvcAdmsFyrMs8m8SU8ezdwtEpx3XeK78kmZQTM36YKFGnXJpzqyVFLptJpdeHppjuSOfP%2B8spi0gF4tVo1o9UrQ1XSZO8YBFPjLAXOJmIUpzwEP8IDeDAJYNMMZHaAvqMA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b305e92bef4d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29124&min_rtt=26045&rtt_var=11262&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3298&recv_bytes=605&delivery_rate=126197&cwnd=253&unsent_bytes=0&cid=5b8e99ace9e133be&ts=255&x=0"
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=bo2538q98r26t8smi88sl3dnuj; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BYhxqLIqMpgr5jrsr3GAGVU2hiSUbDNOI8M5iQCpDzv6cLrI0hfP%2FZDaan3mv1ovxzy3HzhBdnuzj2hFOCYzp%2BBOMqI6mMKu%2FkIfCEz3N2BCKzhLKvKxKrOJoxA7lB0ZePw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30709aaef4e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28587&min_rtt=26197&rtt_var=9486&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3508&recv_bytes=605&delivery_rate=103830&cwnd=253&unsent_bytes=0&cid=c0d38f7c9456b5dc&ts=235&x=0"
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=os60grb7fb3paalqtesadbn4tk; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tQXlFwUym3YKqnDets9sHyIOWdfe0zeSrcnX6NNnn%2Bf%2BWfgoMVtQOcmu32zzmmE4Ke35IOPE3EPQtbJd8WRFSh2SIpqToib%2Fs1w1NFARwyGzp8Ay3pqwGGa%2B8V5RMiMw%2BSMR3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3079956ef44-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26912&min_rtt=25930&rtt_var=7353&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=607&delivery_rate=149889&cwnd=253&unsent_bytes=0&cid=16a7c3a1be55f82c&ts=236&x=0"
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=url8fl3ha9redc147ts5ud67vs; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwWF5QjtJ4KK0B%2FM3RShauHpRFhX%2FCBJ7KXTL4wD6KJI%2F2CbWiZcNt8QEW%2FHudy7I%2Fj1f36sQRtbhac5eIlJqDLUJP3S4W%2BnluMqBnRSfgNDTIasp9QIYmSOBNveeylkmn8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b307db8e94e5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28486&min_rtt=26228&rtt_var=9871&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=603&delivery_rate=146317&cwnd=251&unsent_bytes=0&cid=62502d2fe131a35b&ts=286&x=0"
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=m8f22rv5uk2dasifd84mh7f47v; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3SNVxfhSjcy95b12x80A1HmoDtolGCqzJTD%2FfQcNrnhU3DCu6q5KV9RfvUzr3Fasbofbip6Lgp22eiIWjtoVtqNoNR5OD8%2BwnuuBSHSc4UbktyUhI%2Bj9Mrgwv3tFz2undye"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3080e45654b-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27946&min_rtt=26088&rtt_var=8237&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=605&delivery_rate=104032&cwnd=253&unsent_bytes=0&cid=9eadcbef0db7be38&ts=256&x=0"
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=v1m683b9m777355h2jt8l8jbdv; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y1HFfnrPJB1uqwfTezfK2SOiNWxIXOW0W7ZEV%2BIPiyrwDUBzCSLN51DiHSV8twg9hFxkqBIS2lMHuRrtSenGOU3PQ1Yp0p1mdXUdC%2BoR2IVV4tzfS2I52lpjV1zmVPPGyk8o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b308cf72f663-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26964&min_rtt=25865&rtt_var=7290&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=131454&cwnd=253&unsent_bytes=0&cid=d2349347b9a08b48&ts=241&x=0"
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=didjp720kbosfsdlq6cb1d39ml; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ulCgJsCAIATYF63%2FulNK%2Fvs18k0wB017lx3za2MMajC6k6HMHI0CmfbdjVDovzeUbKRYhQIFxtJ3nZVn2VQzwsABm6wqCXOHp8RiyN%2FohTGF9pncSWaaU2ZtYR%2BB0gvcWWK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3098df863e5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27720&min_rtt=26640&rtt_var=7646&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3508&recv_bytes=605&delivery_rate=144767&cwnd=252&unsent_bytes=0&cid=00f41bb51df84460&ts=240&x=0"
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=2jolptj28nq0d30a0d5jl99cja; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=maXg3ieNrkYPo%2FY2xq9RnelVo1Z1ya3fDfhQyXeM037LrDtLtOobI%2F9%2F6WPUlGkTB6wSjvI0aGHzjC0DYvZ2aN35nA4anofUj7BqxXsvzG9EoaqHWntKtZLww0UDGgUg%2BaIl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b309fce13853-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27126&min_rtt=26182&rtt_var=6966&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=123498&cwnd=244&unsent_bytes=0&cid=617b55e99096c90b&ts=223&x=0"
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=7o74itd86igaeq29v2l7ju7de7; expires=Thu, 01 May 2025 06:55:29 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=royLKlHnKO1pYI%2BLB4ULrDilUfx2GiTO3wphuhB7q5ZwDSfZgfJSFhj%2F8DApab4AJWweS5r8Wf28NYvQOHTMVZ3dnURc6dwoP%2FQVYc%2BwoB6pu0L1WVHCc5c2elLmYurKGG4kXpY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b309fb0abf04-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27180&min_rtt=26296&rtt_var=6838&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=609&delivery_rate=123919&cwnd=253&unsent_bytes=0&cid=41136bf1e8d201e0&ts=219&x=0"
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ilb6v4ddhst8rg9628a8gdomth; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=INI9wx39fOxK%2F5U16SweqnTXfgzZ%2BPgC3WY28lyGoOnZirfP%2FcBzASnXaGIpOQA%2BTXOQbKHWRz4PCc02MtxtA5oQNXnEHjNy6HValNwb9WgX1Grs3bwCkMYSMdlL9smfy4QM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30aa881ef17-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27784&min_rtt=26612&rtt_var=7458&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3296&recv_bytes=605&delivery_rate=119475&cwnd=253&unsent_bytes=0&cid=a33f1ceb2aab5839&ts=251&x=0"
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ikn9rr5ujtur1q2naaktkm5sue; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJ2VPz5OOiLeuQANIUHeOKnaaEQBtXBQ1qiM9S%2B3wHrGNkqAS%2FJ4d9yX7jWcNAKBcC8gwhpupBo6LfZvzDqS1j0b6RgnYefL4jiPomwipRVMMuD5%2BqshrHWKyTXG3J4%2BqLnF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30b7fd36394-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28106&min_rtt=26279&rtt_var=8624&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=124017&cwnd=253&unsent_bytes=0&cid=a7bb9529c271cb2f&ts=195&x=0"
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=kb3vni89d1j0qqu9fqqii79q5b; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9NNYqturkIbs%2FXvHqP29wUheojpSMiU5WoMdpIHKPDMsya0oXkc2k4hVdIM0dOZutkF3kzl2WqX9oBdv%2BaeUE5XneGClJ%2Ff6xsXaBxr8CEuU%2BRKLH5ObbnbKXxxRzR%2F4KFk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30bbfd563b8-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27337&min_rtt=26140&rtt_var=7714&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3298&recv_bytes=605&delivery_rate=139274&cwnd=246&unsent_bytes=0&cid=f5a34a7c89a6345c&ts=230&x=0"
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Length: 35588
Connection: keep-alive
Set-Cookie: sessionid=b4c674346b8c1f0c00746b25; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=alc3coo3da187p11ojtfgva7q9; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o7j5PmchdZ9oCpMLh0I%2BZ4fQOLuWo9qAchvi3OnEaCRuMLXeIuHZS7zQq2GHYKhdis0s%2FtZYoqSK2voZbzxmkhBbhbqclQhz5TITGLZeN6%2BIIKumRIbyyvAvbpS0czsRVgXNDhg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30cacc29533-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27012&min_rtt=26209&rtt_var=7036&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=609&delivery_rate=146978&cwnd=253&unsent_bytes=0&cid=eca1baad2219e842&ts=264&x=0"
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=o88docnif8t8id6kclihgo2f6b; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77x8Cs3R%2FAYXvNtC3AjXyWUBYtcTmv6oBTDdTrwhGL2vjFPMXofD073b7RP0rIWAZZJ8wMjUeqJsyALjO%2BN%2FXy73Nw%2FddyovW9V0oLX9sm9EgoqwB23vlhB1NFH12QDG3Loq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30cf870ef58-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26566&min_rtt=26057&rtt_var=6345&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=149131&cwnd=253&unsent_bytes=0&cid=f73b50b3bea886ac&ts=237&x=0"
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=3aatmdn7d56phol493t8slhjek; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uIep3xeElMvIRfI0owQkdEe%2FZr%2FKEFIInwOgZnsANcWX6O9WkjLG2AKrgtijk8zw%2BJDBA%2FuFswvrCqc7cB68CugYZ6HF1BasfaarbaURSCz3fxip1OcDET0ol9%2FdfZMM%2B%2Fg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30d7cec943d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26776&min_rtt=26258&rtt_var=6378&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=603&delivery_rate=140587&cwnd=248&unsent_bytes=0&cid=5937ef904d67919e&ts=226&x=0"
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=n4fbuhclqrvsh4k5rgrpspj7fu; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tincIgylKLEUeJsAPSIFzSXP32AfpwdjicJwr6Eqg9rzdFOQ%2Fb15CGpDfqUHFeCzA3E6fNIf7Nq%2F4e1Z176dp2BDy7yRCLGbBcJS%2FgA8nFhxrbUm9Syrd0ds%2FGoFVU7o%2Fvig"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30eea44632e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27858&min_rtt=26219&rtt_var=7201&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=142512&cwnd=253&unsent_bytes=0&cid=47388ebc1c5b32c0&ts=292&x=0"
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=3a12ib74pvl7ipq0spibtnjvrq; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X7souRboD0OPqSGyYJo%2BHIwpnEHx7VRGOEO2C9kTFCbDh1mORTNxKjMp9eotet86zLqVNZRYZBaG5sSN%2Fedv0Birg560OPUJGuRz7862uvgRQIIl3fjZPkUD1WMmACAiZvC52r0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30f1ed763b5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27013&min_rtt=26130&rtt_var=6784&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3302&recv_bytes=609&delivery_rate=129567&cwnd=253&unsent_bytes=0&cid=026345d72304d7ff&ts=261&x=0"
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=pfl4n68rqas0jr10tltc6dvlji; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SoFrCrP3pDgRuPOw%2B8d9YcTLhsue4ZF6bY1BH8rGf4TeclAvNainYXU1IogbNffn94%2BnAh5KpCN77uLAtmrodHS%2B2%2BQEXRkAOqz332nfF6hlxxTTurElFSoNuAcCRWHDuIPf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30f3dd7f650-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28989&min_rtt=26283&rtt_var=7553&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=605&delivery_rate=150794&cwnd=246&unsent_bytes=0&cid=33cb230edae8047d&ts=220&x=0"
POST

https://fancywaxxers.shop/api

Script.exe

Remote address:

104.21.32.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: fancywaxxers.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=05o66s9pivps1t5n2cn8fi358h; expires=Thu, 01 May 2025 06:55:30 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NrotTGV0ha1cQDsZYT%2BNOHNYrlGns1LuHzRcTx5L%2B2XXHaYcoHaHtFI5Xbf6nPSRLLuKIpzDD6jul8SMNvG7gc%2F7%2BOPgeoAAMx32SCAx3MFDd2zAj4FDztZFcyG5zMvvhng8Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b30f5b69be98-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29451&min_rtt=26427&rtt_var=9549&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=607&delivery_rate=151079&cwnd=244&unsent_bytes=0&cid=370bc9c955272b11&ts=257&x=0"
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Length: 35588
Connection: keep-alive
Set-Cookie: sessionid=177357be4c5c17b72b070473; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=8s2pmrq2nkn4sdb5q5nmtlmas8; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rALEZmiP1iZt4eL79kwrdqt46InfF9Kw8y3swGYq%2FfnHmnMg63hz72wg%2BInH5JCnhvuZCdETAWoUVGkgV5iWlRCPYIPoV8YSq%2FgRZUXLBg37MhEEKecWabzGoUI12rFSLSvY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3110da53859-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=29360&min_rtt=26870&rtt_var=7788&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=148187&cwnd=207&unsent_bytes=0&cid=41c9e31ebadaab0c&ts=228&x=0"
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=3i1parlnb4f6kb8kj6b98d9shs; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BmOP1yQRIkTc91x9do%2ByaHNSOpRwxsPVV5C9R40M%2BhJ%2Fpb%2F8hARbZuLJgHdeopPYxh6kcVa0S5FpsQRf768wWv%2B%2FDwFVkXgtUdqbo15J5%2B7gLyt9w3XSKJ93BZSOanHGO9I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3111d7a6322-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27316&min_rtt=26288&rtt_var=6210&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=150967&cwnd=246&unsent_bytes=0&cid=7306d0e70575b150&ts=229&x=0"
DNS

nearycrepso.shop

Script.exe

Remote address:

8.8.8.8:53

Request

nearycrepso.shop

IN A

Response
POST

https://abruptyopsn.shop/api

Script.exe

Remote address:

104.21.48.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: abruptyopsn.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=n481kmlhmca12kuvpnd34ip063; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dQw6HmRDfuwbMJjjVzksAMp2O%2FSPCSHB%2FPfhtbpbgUHUm6KI9umwivzV80sOihjmdTCrfouGSa1AMRG6mC8gzhSqVLIXNs4YFKK9EVejURpSIwtqtULxuOACOSEs0YmgukX3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3116b0def4e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26689&min_rtt=26144&rtt_var=6513&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3508&recv_bytes=605&delivery_rate=148848&cwnd=253&unsent_bytes=0&cid=16dff78ff1cf4dff&ts=234&x=0"
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=s458naj3132rm7bf4kfor3iftv; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SeKNTz1tiJw4uKUGyqmbWP3rGosremd2Dha3vLoxM55KWR1%2Fd24qQ9S7rNN2kTZPxa8%2Bo8ssKwd%2Btj5IzX1jh%2FCz2Z3n%2F0rXpRtjsUJT3BtQYELdY1M0QPh065mR4tI6Df8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b312db1d7775-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27548&min_rtt=26546&rtt_var=6930&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=603&delivery_rate=147778&cwnd=253&unsent_bytes=0&cid=66302529d45a916c&ts=249&x=0"
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=if4js8v5eh7hacu75iubshbbad; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJNsbp2EjoiTa9tMj12ZDTnqvxai8bKnmksTEA77tnvYEUFsnqDxyVLciUFcdOfdf%2Bt5uJ8Yy4gz05mtn5CGDrzLVWRpm3pF9jRyxOkJ%2BIaw5Teohdxqx7E7C%2B31mrO2Incm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b312df01f650-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26899&min_rtt=26088&rtt_var=6913&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=605&delivery_rate=150844&cwnd=246&unsent_bytes=0&cid=d305820e5384c9ec&ts=226&x=0"
POST

https://wholersorie.shop/api

Script.exe

Remote address:

172.67.160.114:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: wholersorie.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ge9fkagsul9mg5u8e6j7fphk1h; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NOw4%2Bt%2BXtbcq3phCK6SmbtV72OMb%2B%2BHa6CDCRfAvftSjdPJAvIGW8IRk9UoVQ3Y4EaweU6I%2FIMOpaRQ%2Fcm3QRG9rpxhOsA1kns0o%2BmYUMO3S5zlI%2B%2BD5mDeNPdElYfDT0c%2Bx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3134e45cd85-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27869&min_rtt=26656&rtt_var=6448&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=139499&cwnd=252&unsent_bytes=0&cid=13721dad586b3c46&ts=238&x=0"
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Length: 35588
Connection: keep-alive
Set-Cookie: sessionid=887a5edc5e3540812a3c1082; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=2330p4t5h1hpvvdc3c7g4fg7nu; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fcnriDIl0Xr%2ByQ9Rl1kMhIXpZZv8QPB55JEl%2BItEqnFptsIajm7eGqyhuC0noxMavGx6nI7gBwUS6DSh5zV4kN7W8qFgRJwDXSYVNwKooJ8ZJQs1TzOzAXopobS3SKLMFPpU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b314cd2793d8-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27556&min_rtt=26495&rtt_var=7657&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3292&recv_bytes=605&delivery_rate=148908&cwnd=253&unsent_bytes=0&cid=ac24da735bb9e5e2&ts=225&x=0"
POST

https://framekgirus.shop/api

Script.exe

Remote address:

172.67.179.160:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: framekgirus.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=er2ltn8t59h83858m545jr44gt; expires=Thu, 01 May 2025 06:55:31 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lDMHZjNixSt7zqSug%2BwF1jf9nKvOJiI%2FHiD1bKELPQ0qoID4h4q0ZkhtKURvF0KCMpUbFFvVQjMtRtNfyx82%2FcrzFRhogdcLfal%2B0n18hRmxDasW8DOuiKac8gJNcxd5cArs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b3152b369571-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30020&min_rtt=27429&rtt_var=9743&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=605&delivery_rate=115286&cwnd=253&unsent_bytes=0&cid=75053fc1b4fb039e&ts=256&x=0"
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:53 GMT
Content-Length: 35588
Connection: keep-alive
Set-Cookie: sessionid=71e82cf0fd0dda062ad3c2a7; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
POST

https://tirepublicerj.shop/api

Script.exe

Remote address:

104.21.16.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirepublicerj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=4058kl032omgdcfav0bams8i9c; expires=Thu, 01 May 2025 06:55:32 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iXFhZ5k2xgatQeU4%2BkYZEgJ4Ul%2BN9scEQhNDFzVyKOJlPCgK1nIYfcFzyahDgYkDguJ68M73KGjtwVlj6OAAv417X9sKELYKD0F7OAe%2BDN34z5QsM4mm73XGuWAhlr3KXNMWTZI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b317090fecff-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26906&min_rtt=25720&rtt_var=7655&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3302&recv_bytes=609&delivery_rate=149367&cwnd=253&unsent_bytes=0&cid=c72206063a04eac9&ts=254&x=0"
POST

https://noisycuttej.shop/api

Script.exe

Remote address:

104.21.71.146:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: noisycuttej.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=gd362h5m2rj2au6m24d12qhtui; expires=Thu, 01 May 2025 06:55:32 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IGFkYnNDBIY2RiiXUVANT10WEiKo9SysPZlYJwQZJ6qSgj67c0shfbHbaAoge4Abn1uovjESVPDaiRCuRXTWsHYnQxL7hd7oGTQ6RWM652A0nod3X%2B3vHWT6sJzeJo%2FoPaR6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b318fbb16547-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=27721&min_rtt=26473&rtt_var=7833&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=136519&cwnd=253&unsent_bytes=0&cid=b513348354a5ed7f&ts=249&x=0"
POST

https://rabidcowse.shop/api

Script.exe

Remote address:

172.67.156.127:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: rabidcowse.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=m63qa1cgkl8bp54e32jml70k8n; expires=Thu, 01 May 2025 06:55:32 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uq7jNNvYKhKjPyLAVPvLRQE%2B2MD1D58M%2FQMpg%2BCoF5p4tStZ94h3Q9fwrxpwAfXbPtHs8EkqMC%2BPz%2BjQINNx7qWyCfQV7lapZjygp6T7KW0BQ8OZM%2FMu5Ce%2FfNWoqQLsU6E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b31ada53ef39-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26937&min_rtt=26163&rtt_var=6710&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=603&delivery_rate=144957&cwnd=253&unsent_bytes=0&cid=5ebfa718e446bb6c&ts=249&x=0"
POST

https://cloudewahsj.shop/api

Script.exe

Remote address:

104.21.80.1:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: cloudewahsj.shop

Response

HTTP/1.1 200 OK

Date: Sun, 05 Jan 2025 13:08:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=95lt4gcmrmtplf88d80a17871e; expires=Thu, 01 May 2025 06:55:32 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
cf-cache-status: DYNAMIC
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vMBAXDgAd%2BqPlJmAMYTQ7rMJh%2BTS6khfPS9srHc0HfgFmjbBs7W9E2PyU%2FsRy4XpcA98%2ByfZC18dpP%2FyzMDltVXDi%2FX8FjdYTsoOvrU6PMhRBpC9RHCq0GUHSu1pLBlz3az0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8fd3b31cbee77725-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=26742&min_rtt=26179&rtt_var=6224&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=150554&cwnd=253&unsent_bytes=0&cid=a5d45331249baa8b&ts=227&x=0"
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
GET

https://steamcommunity.com/profiles/76561199724331900

Script.exe

Remote address:

104.82.131.75:443

Request

GET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Sun, 05 Jan 2025 13:08:54 GMT
Content-Length: 35588
Connection: keep-alive
Set-Cookie: sessionid=75b4436f6e1843bdaf329e89; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
DNS

110.11.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.11.19.2.in-addr.arpa

IN PTR

Response

110.11.19.2.in-addr.arpa

IN PTR

a2-19-11-110deploystaticakamaitechnologiescom

20.26.156.215:443

github.com

tls

chrome.exe

1.1kB
4.0kB
10
8
20.26.156.215:443

https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip

tls, http2

chrome.exe

1.9kB
8.7kB
14
16

HTTP Request

GET https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip

HTTP Response

302
185.199.108.133:443

https://objects.githubusercontent.com/github-production-release-asset-2e65be/912393462/a1fc45f9-1170-4fea-94f7-e6f5c39717de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250105T130823Z&X-Amz-Expires=300&X-Amz-Signature=d6e7b9a2432fe067131ef6a3650237e70d2d5edfb4e959747cce114c4ffb28b8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dscript.zip&response-content-type=application%2Foctet-stream

tls, http2

chrome.exe

109.7kB
5.9MB
2335
4222

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/912393462/a1fc45f9-1170-4fea-94f7-e6f5c39717de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250105T130823Z&X-Amz-Expires=300&X-Amz-Signature=d6e7b9a2432fe067131ef6a3650237e70d2d5edfb4e959747cce114c4ffb28b8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dscript.zip&response-content-type=application%2Foctet-stream

HTTP Response

200
142.250.187.196:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGMuI6rsGIjBVxY1zIwg5SEIp95B0OVMSUbgjBao-W0fo7RLeT2jteh-7RfW05m22M5r_I83LxTUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

3.0kB
17.1kB
30
36

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMuI6rsGIjDfHcxjUvYywn-iUbTv3ekdl5bGF8OYfT9lNuNgwwZoUEbypf52eT1AHQYPL8kbqZAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS117BTGMuI6rsGIjBVxY1zIwg5SEIp95B0OVMSUbgjBao-W0fo7RLeT2jteh-7RfW05m22M5r_I83LxTUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.178.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_1

tls, http2

chrome.exe

4.9kB
126.0kB
58
104

HTTP Request

GET https://chrome.google.com/webstore?hl=en

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_1
142.250.178.14:443

chrome.google.com

tls, http2

chrome.exe

1.3kB
1.5kB
5
4
142.250.187.238:443

https://chromewebstore.google.com/_/ChromeWebStoreConsumerFeUi/browserinfo?f.sid=1273197494816756361&bl=boq_chrome-webstore-consumerfe-ui_20241218.04_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=47313&rt=j

tls, http2

chrome.exe

5.7kB
148.0kB
68
122

HTTP Request

GET https://chromewebstore.google.com/

HTTP Request

POST https://chromewebstore.google.com/_/ChromeWebStoreConsumerFeUi/browserinfo?f.sid=1273197494816756361&bl=boq_chrome-webstore-consumerfe-ui_20241218.04_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=47313&rt=j
142.250.200.33:443

https://lh3.googleusercontent.com/tX75RktsiiTPCjw1kt2qNWphQ92EaZ9goN3ITcIJNkgpwwzCiPFXxqiNxoXlyVkSBg61i1QTDEKSexL-Ii2f9W2V=s275-w275-h175

tls, http2

chrome.exe

33.1kB
1.0MB
549
772

HTTP Request

GET https://lh3.googleusercontent.com/Ywdz5mn9q2Mx76DU45LSH-Pv5OGpqk8QAOY3lT1AWScMTZYQtAhqhVjtY5I2JZK530QIycLZooe2a0k3quGqYUaZ=s80

HTTP Request

GET https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=s80

HTTP Request

GET https://lh3.googleusercontent.com/3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=s80

HTTP Request

GET https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=s80

HTTP Request

GET https://lh3.googleusercontent.com/zwVTBpu9Rl4W3wt6U_G2NlF6bx549ZsR8KxiveJrs_BOnkW5Re-gF1VP-B7SGsUUbVPxm6zdPPqSms2XumNdy02YxaI=s80

HTTP Request

GET https://lh3.googleusercontent.com/ARAA8if0Lq3o9OkRVNf0wLcwvn9VZYfydKXoAw1jIavuAdtq7MmK1OOzwsq7swf51KRdzYmxQ_e23V4FQ7Nah9op2A=s80

HTTP Request

GET https://lh3.googleusercontent.com/-HkHnZiEIhFxE7xXRmyKWvihUlevZU9qOM2eqDPoi5KNvqAX6R3OspeJ16raKK5Xyg4GB0_035dJryDS1f9qNNQI=s506-w506-h322

HTTP Request

GET https://lh3.googleusercontent.com/gzp44EpvZoFe-IysPbd42kpzcevZsq7VHQrL9RPCz-cMWauxtjtMho_DOUflBuYirenmK81e6b-GjDcEQEcV-kAOjg=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/aYtRs4dw-pZbZMZWSR4XmlRoKH84G3FLkqm0AgsTJHebj-xU_WzSK5yEWEb5_MhHEPwtiKhTNrhI3Yv26kYvLoHU_eI=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/4-gNWTHBLMsX85Aq5gP4gWaKV3kUqvQ7ggHPPkqMpxxmvt0aqcVzWQ2g4I4q5natgfwrOmyAO9gbYsR9enrLkqhc2V8=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/7bzB7r3hq4iuhk8YbeFLYjQyqlsRZxssEBQR0daAEmwEeCUlIdVs7AwcxDn6ap1ybIpXokw368nc_DKxQjL2va9XUT4=s60

HTTP Request

GET https://lh3.googleusercontent.com/AeVf1S-J4BzWM3CJH_ehajYLZQlDdGGpNjJCKSicmZQZDW6ip3Yj1rs6F9DCdrlx8oySHjRw3TxkvDuoD8QfFFBn0g=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/eokZouSQJm_wp51JNpTrrndoXtS05FxglPBfH-OV9AZpqzDY0P95h6miMWEKuP7bE7eh2qe4etiiNWA65sdX-eI3iQ=s60

HTTP Request

GET https://lh3.googleusercontent.com/Nqr6IxiVpBPvS435vFQqesFbDzKceaGn-kTU41Y2fvQoxg-yhGmg4YbAmk32nNFXxrmhsfYUlAUzEGwQDXaktMMdfb8=s385-w385-h245

HTTP Request

GET https://lh3.googleusercontent.com/d7JGzmH9YVYHYQ4nTgETLuNsL-b5LKqFj7jMhnaBrxtCKudlZvqpsPggOUY0CzjGtB44fepcKyur_HPWq93zr_cxZg=s60

HTTP Request

GET https://lh3.googleusercontent.com/01Jb8XCP9zmCMMNXzhH98nRv_S3ci4daFvOQHvXSI486rouL2CFlJl3rK2FgYsgZnp2scgNy0q5RozKqqnkbz4Yqrlo=s385-w385-h245

HTTP Request

GET https://lh3.googleusercontent.com/qS8o-5yJZ1ZWNZKj2ljuKPtOjUICChyS1t0-8nJuJMKwxw7k9EgCkMblCQ47L6ErAovirLunojNQZkwGOL6Je_2_0w=s60

HTTP Request

GET https://lh3.googleusercontent.com/9LgRaZizzs922ypN168IqXVNpK3ubrsLYaZc90YBWVNbX9TexyEM09jsKtypcXl7c8YtkUCbU3FRrwPTJluo1bW3EA=s385-w385-h245

HTTP Request

GET https://lh3.googleusercontent.com/xQHeXocZYlEmoeKABkSRIeFl5k-xkflR2AzN3BBsaNVeTzi9zAnJqpm2LTo9nK3aIGV4QSuiaC5BAaLhjTvA6FXxs0Y=s60

HTTP Request

GET https://lh3.googleusercontent.com/cEZaW9W9Qe4WbqZ5ZNIS-T2EcXUP-qNls7HX0A-eBja6A3P1NXCUlERNhqgadxn5CIr8gmHBsO3FYmoabQWqpw3-=s385-w385-h245

HTTP Request

GET https://lh3.googleusercontent.com/_1CYyefHbr6UPV9fZgp4CEuoOq5tIw6acvOkGwkXq0PP4GXv1uBoj89BG8BEea6FTKLqTMzkzmy5nhnCIrqkzaNy=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/WUDBCzDgjr3iamRWkpAg5FzZZj6aIO2TbNgdhlu5Yuejs5hoU3LpnKN03XRSYeutk_wL9nMBSJqoGQv8In00aexiYA=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/hzEuDosE0ZhTFdi_esq5mNsKJrlxo3iKYDijKYTJsZynLpKIVvlgIccdjEsygQh6n3FmYu5gmqOhg5AREcXkAdczpg=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/B3iunsXOA4YVUHr_tJtSZ2DxhOFHIiUbfEEdgn291MiR4JHMI4YL5YqpnME5CN0XRj-ql_cex5S4o1tjBDKd7W5y=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/Wv7WPiITs7VMTYknwR0EIaaapsno9wh9ILbopl8uoc74oZeTFVuceDju7aDliug1lpARN6mft6sS5YbhGNt1H88v0g=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/BTwPiTyE48QEx-ybmXul-ClKwYIUo6fgAn-UMbVIkXdJaKf4ru20EZPKNo8toOChMwneCChtXSTr7ODDH2TUvPrLKQ=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/LTvVQlqmc6L3TuFT6sqHBLZJHtDQLN6dfRU1RkHaUTTyb-EPZNe5MdU1L6_yHcTE92KNf-15HBb2v3SO_k6Xi1AcQC8=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/hMT3ChuAV0chzLzOuCzMFPEIKLkw77AY2qcX1RB2YDI1WbdxYD7C9ltXHuOM5J37zDttcbSoYH2nzlFRYYW25Venug=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/IaIhYG4PcOK-ARokiIwWfFSrlOhK7nYClfvSsFL9OXFaMzbsgrcdqGeda_jiDbO-HJarFG5JJIkXWGgHEc83Og63vzk=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/kjCHPGKdrtdOzDpqLb1ryDkUxi2faNPUse7x-RJ_cL8-1oy7L2QoM1vOVuv_fX_bKpV6Zls2eeYBJ6gmHLBQv8Rj=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/_7k19RZKELB2342AdSYPAgC8Nrd6y8xWgNu9mSrk4lyB8tf1za6jCiYDFCq3FH81a9pufVwuvj3pE0QFEFGqAGGh4Q=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/mUzhc5edtqOCMejD6-SeVO_6K2-vu9AjddIXOYtiPSVe763YjAA1cbYhZH5tfTYP1GQfqm8CWPBcv8abYkeSUTXYTQ=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/im7SoGFLGPK_ewhkXGUE4DP9qyP5ybI4mh793oLXZRUdHVtF6gA0qmh2HarnvgNfvp4ASuQea37ql0QZsB8Ugv3xjw=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/ORZ5KHW8zJE8nuLJSNuKztvcyehyo3GRAgna2P8oQ4eaMfy9BbNIjxSu3fG8RtzaGcbMCXGWeUhpM8rTXsInga-3p_Y=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/N7zixf0Au7Bsc49RJPtxdkIDZcePWImtRVuPp_Bb2KgtOgttfEXMOjA1Q8jeURDNXj1PmH-1miqYtmt4obq4PscCAVg=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/7x0zWDKDuGV9wjVsZulFI9-3jeIrfEuWvAx-wjAyFOH_9pARfcwE8ZNC5fA5Ikfo51b064jQ5g8D78BxDF76EQ0yYA=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/ZWumfIAq-LUVGDHUxWfTrUanEp2ZT3DeubTHFsLth-dqkTEj61N4VuGuqaB3yRsc77RdTFag0cZlI_KndsSqC2Yahg=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/LSr89y02q7nhvfdp38EPPKm_L7bnS9vHaP-7Hn22WJhlvMY1ecGyEz854wpReOHFrMCug-p6bNxRcdCfQO6fSmJMkac=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/LeiGwQZ2TYhC_36kBygBc76V4wGui0nUqtMurYA95iejl6oQHQBG6hA3gDtx5a5Jq9UrNF1ZWGInbIvo7dcvSF4zQqc=s275-w275-h175

HTTP Request

GET https://lh3.googleusercontent.com/tX75RktsiiTPCjw1kt2qNWphQ92EaZ9goN3ITcIJNkgpwwzCiPFXxqiNxoXlyVkSBg61i1QTDEKSexL-Ii2f9W2V=s275-w275-h175
142.250.200.3:443

ssl.gstatic.com

tls

chrome.exe

901 B
1.8kB
7
5
142.250.200.3:443

https://ssl.gstatic.com/chrome/webstore/images/icon_48px.png

tls, http2

chrome.exe

14.5kB
582.5kB
269
429

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_blue_patterned.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_2024_favorites.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_ai_powered.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/marquee_rising_artists.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/banner_editors_picks.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/banner_dark_mode.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/banner_youtube.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/promo/banner_new_tab_page.png

HTTP Request

GET https://ssl.gstatic.com/chrome/webstore/images/icon_48px.png
142.250.200.3:443

ssl.gstatic.com

tls, http2

chrome.exe

1.0kB
5.6kB
9
8
142.250.200.3:443

ssl.gstatic.com

tls, http2

chrome.exe

1.0kB
5.6kB
9
8
142.250.200.3:443

ssl.gstatic.com

tls

chrome.exe

901 B
1.8kB
7
5
142.250.200.3:443

ssl.gstatic.com

tls

chrome.exe

851 B
1.8kB
7
5
142.250.187.234:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

chrome.exe

3.1kB
7.8kB
21
26

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQllZnCaqz3OhhIFDYzGkEMh6qqXyYxJwkQ=?alt=proto

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

1.9kB
8.4kB
15
17

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

play.google.com

tls, http2

chrome.exe

989 B
7.6kB
9
9
142.250.200.10:443

https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyA0vwca3tL87eYFZub4l3oBUxBL9Em8QVQ

tls, http2

chrome.exe

4.0kB
13.7kB
19
26

HTTP Request

GET https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.ZpMpph_5a4M.O%2Fd%3D1%2Frs%3DAHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ%2Fm%3D__features__

HTTP Request

POST https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyA0vwca3tL87eYFZub4l3oBUxBL9Em8QVQ
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4cc1v9127140089za200&_p=1736082509382&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1867880871.1736082510&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1736082509&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2F&dr=&dt=Chrome%20Web%20Store&dp=%2F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1398

tls, http2

chrome.exe

2.4kB
7.1kB
13
13

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4cc1v9127140089za200&_p=1736082509382&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1867880871.1736082510&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1736082509&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2F&dr=&dt=Chrome%20Web%20Store&dp=%2F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1398
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.3kB
33.2kB
17
29

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.5kB
43.1kB
21
36

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.5kB
43.1kB
21
36

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
104.21.32.1:443

https://fancywaxxers.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://fancywaxxers.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.5kB
43.1kB
21
36

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
104.21.48.1:443

https://abruptyopsn.shop/api

tls, http

Script.exe

1.0kB
5.1kB
9
9

HTTP Request

POST https://abruptyopsn.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
172.67.160.114:443

https://wholersorie.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://wholersorie.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.5kB
43.2kB
21
37

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
172.67.179.160:443

https://framekgirus.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://framekgirus.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.5kB
43.1kB
21
36

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200
104.21.16.1:443

https://tirepublicerj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://tirepublicerj.shop/api

HTTP Response

200
104.21.71.146:443

https://noisycuttej.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://noisycuttej.shop/api

HTTP Response

200
172.67.156.127:443

https://rabidcowse.shop/api

tls, http

Script.exe

999 B
4.9kB
9
9

HTTP Request

POST https://rabidcowse.shop/api

HTTP Response

200
104.21.80.1:443

https://cloudewahsj.shop/api

tls, http

Script.exe

1.0kB
4.9kB
9
9

HTTP Request

POST https://cloudewahsj.shop/api

HTTP Response

200
104.82.131.75:443

https://steamcommunity.com/profiles/76561199724331900

tls, http

Script.exe

1.5kB
43.1kB
21
36

HTTP Request

GET https://steamcommunity.com/profiles/76561199724331900

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

github.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

objects.githubusercontent.com

dns

chrome.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.108.133

185.199.110.133

185.199.109.133

185.199.111.133
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

136.11.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

136.11.19.2.in-addr.arpa
8.8.8.8:53

133.108.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.108.199.185.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
142.250.187.196:443

www.google.com

https

chrome.exe

4.1kB
12.3kB
15
17
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
8.8.8.8:53

chrome.google.com

dns

chrome.exe

63 B
100 B
1
1

DNS Request

chrome.google.com

DNS Response

142.250.178.14
8.8.8.8:53

chromewebstore.google.com

dns

chrome.exe

71 B
87 B
1
1

DNS Request

chromewebstore.google.com

DNS Response

142.250.187.238
8.8.8.8:53

lh3.googleusercontent.com

dns

chrome.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33
8.8.8.8:53

14.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.178.250.142.in-addr.arpa
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
142.250.200.33:443

lh3.googleusercontent.com

https

chrome.exe

6.3kB
87.3kB
43
75
8.8.8.8:53

ssl.gstatic.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.234

142.250.179.234

142.250.200.10

216.58.213.10

216.58.204.74

216.58.212.202

142.250.180.10

216.58.212.234

142.250.200.42

216.58.201.106

172.217.16.234

142.250.178.10

142.250.187.202

172.217.169.10
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
293 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

172.217.16.234

216.58.204.74

142.250.187.202

216.58.212.202

142.250.200.10

172.217.169.10

142.250.187.234

142.250.178.10

142.250.180.10

142.250.179.234

142.250.200.42

216.58.201.106

172.217.169.74

172.217.169.42
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.178.14
172.217.16.234:443

ogads-pa.googleapis.com

https

chrome.exe

1.9kB
6.6kB
9
9
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
142.250.178.14:443

apis.google.com

https

chrome.exe

3.7kB
41.5kB
26
40
142.250.179.238:443

play.google.com

https

chrome.exe

23.3kB
11.0kB
37
35
8.8.8.8:53

scone-pa.clients6.google.com

dns

chrome.exe

74 B
90 B
1
1

DNS Request

scone-pa.clients6.google.com

DNS Response

142.250.200.10
8.8.8.8:53

195.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.187.250.142.in-addr.arpa
8.8.8.8:53

region1.google-analytics.com

dns

chrome.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

72.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

72.204.58.216.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
142.250.200.3:443

ssl.gstatic.com

https

chrome.exe

1.6kB
6.3kB
4
7
142.250.200.10:443

scone-pa.clients6.google.com

https

chrome.exe

1.6kB
7.0kB
4
8
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
142.250.187.238:443

chromewebstore.google.com

https

chrome.exe

2.9kB
7.2kB
5
8
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

fancywaxxers.shop

dns

Script.exe

63 B
175 B
1
1

DNS Request

fancywaxxers.shop

DNS Response

104.21.32.1

104.21.96.1

104.21.112.1

104.21.16.1

104.21.64.1

104.21.48.1

104.21.80.1
8.8.8.8:53

nearycrepso.shop

dns

Script.exe

62 B
119 B
1
1

DNS Request

nearycrepso.shop
8.8.8.8:53

1.32.21.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

1.32.21.104.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

abruptyopsn.shop

dns

Script.exe

124 B
348 B
2
2

DNS Request

abruptyopsn.shop

DNS Request

abruptyopsn.shop

DNS Response

104.21.48.1

104.21.80.1

104.21.32.1

104.21.96.1

104.21.64.1

104.21.112.1

104.21.16.1

DNS Response

104.21.96.1

104.21.16.1

104.21.32.1

104.21.48.1

104.21.112.1

104.21.80.1

104.21.64.1
8.8.8.8:53

wholersorie.shop

dns

Script.exe

124 B
188 B
2
2

DNS Request

wholersorie.shop

DNS Request

wholersorie.shop

DNS Response

172.67.160.114

104.21.41.51

DNS Response

104.21.41.51

172.67.160.114
8.8.8.8:53

framekgirus.shop

dns

Script.exe

124 B
188 B
2
2

DNS Request

framekgirus.shop

DNS Request

framekgirus.shop

DNS Response

172.67.179.160

104.21.18.19

DNS Response

104.21.18.19

172.67.179.160
8.8.8.8:53

1.48.21.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

1.48.21.104.in-addr.arpa
8.8.8.8:53

114.160.67.172.in-addr.arpa

dns

146 B
270 B
2
2

DNS Request

114.160.67.172.in-addr.arpa

DNS Request

114.160.67.172.in-addr.arpa
8.8.8.8:53

tirepublicerj.shop

dns

Script.exe

128 B
352 B
2
2

DNS Request

tirepublicerj.shop

DNS Request

tirepublicerj.shop

DNS Response

104.21.16.1

104.21.32.1

104.21.96.1

104.21.80.1

104.21.112.1

104.21.48.1

104.21.64.1

DNS Response

104.21.112.1

104.21.32.1

104.21.16.1

104.21.64.1

104.21.96.1

104.21.80.1

104.21.48.1
8.8.8.8:53

noisycuttej.shop

dns

Script.exe

124 B
188 B
2
2

DNS Request

noisycuttej.shop

DNS Request

noisycuttej.shop

DNS Response

104.21.71.146

172.67.170.178

DNS Response

172.67.170.178

104.21.71.146
8.8.8.8:53

rabidcowse.shop

dns

Script.exe

122 B
186 B
2
2

DNS Request

rabidcowse.shop

DNS Request

rabidcowse.shop

DNS Response

172.67.156.127

104.21.7.224

DNS Response

172.67.156.127

104.21.7.224
8.8.8.8:53

1.16.21.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

1.16.21.104.in-addr.arpa
8.8.8.8:53

160.179.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

160.179.67.172.in-addr.arpa
8.8.8.8:53

cloudewahsj.shop

dns

Script.exe

124 B
348 B
2
2

DNS Request

cloudewahsj.shop

DNS Request

cloudewahsj.shop

DNS Response

104.21.80.1

104.21.32.1

104.21.16.1

104.21.96.1

104.21.112.1

104.21.48.1

104.21.64.1

DNS Response

104.21.80.1

104.21.32.1

104.21.48.1

104.21.16.1

104.21.64.1

104.21.96.1

104.21.112.1
8.8.8.8:53

steamcommunity.com

dns

Script.exe

128 B
160 B
2
2

DNS Request

steamcommunity.com

DNS Request

steamcommunity.com

DNS Response

104.82.131.75

DNS Response

104.82.131.75
8.8.8.8:53

127.156.67.172.in-addr.arpa

dns

146 B
270 B
2
2

DNS Request

127.156.67.172.in-addr.arpa

DNS Request

127.156.67.172.in-addr.arpa
8.8.8.8:53

146.71.21.104.in-addr.arpa

dns

144 B
268 B
2
2

DNS Request

146.71.21.104.in-addr.arpa

DNS Request

146.71.21.104.in-addr.arpa
8.8.8.8:53

1.80.21.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

1.80.21.104.in-addr.arpa
8.8.8.8:53

75.131.82.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

75.131.82.104.in-addr.arpa
8.8.8.8:53

nearycrepso.shop

dns

Script.exe

124 B
238 B
2
2

DNS Request

nearycrepso.shop

DNS Request

nearycrepso.shop
8.8.8.8:53

lev-tolstoi.com

dns

Script.exe

122 B
268 B
2
2

DNS Request

lev-tolstoi.com

DNS Request

lev-tolstoi.com
8.8.8.8:53

nearycrepso.shop

dns

Script.exe

62 B
119 B
1
1

DNS Request

nearycrepso.shop
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

110.11.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

110.11.19.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ac15105a9b307004461f5e081d150e3a

SHA1
268146b4ded31dc13184be599e89da05d34fb4f2

SHA256
1c6212459b68d8de3b69b799964ccf96e32666633ca8f96dffb39cb2de0ff0ae

SHA512
42212ceb2324efa13b438c01d7f432ab93670b763159b83e2465cbd8b35804a4362ecea62fe2fa36ee330ce46ec94337351aa60f56ecc70fe28ec275f478f9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b142bb8fe8472d56f0c877a330a8a4dc

SHA1
617deb7390026301eefc14b71e23aa59cd32a6aa

SHA256
ee76725cb2889845ee9b95b6074cfc202e7b32bf03a61609ee8afa5cd2e9f214

SHA512
9d0254838b968e537fa1549e5d177acabdb85d0e717b242623ae8bf7e4fa9eb2961655274ba71222481a0b92420341589370ef24d0ad032e21cf16021f238250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b7ebd129ac4db24312d4940287a7eb39

SHA1
e72ddf9fe28257254286ce6b960d971c86f1f16a

SHA256
198ea38b04091ee691fd73b1c00295ec72009a986d88666230b499580600c7fd

SHA512
f0f61878cb1a00140cb1227e22ab48132e9091d3c201d239298aa01063024a8d7c28cf913a330bb0a9444b1d8cac86e6ccc3bf6666b270feb6d003101476f3f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35d2a75256b57e50cd3decfec0dd116a

SHA1
c63de5a649883f489dee447f11034d1370d80b94

SHA256
6a7f60a5b2cad29e3de7fced8cbc1cc19042a86320362e62c3b4c35de1720e60

SHA512
d26c67ef41e8e2c293723bca2d25deded8d7603b27ab309d00cd49021b0c911c209afeb4e4b200b966a45a208145920c34cd3fd26e140a399be5b29730fc138d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
509971435b6e6f8b83f49830e8c231f9

SHA1
fcbbffa095cf1cb223a64dc74c00c85239f75359

SHA256
17e514e575aaf9094f50cd3c292dd3c356d15525d7f20f593531f6fb3e3d6ac7

SHA512
4133abd10ae089889d18cb003cf325650d8341a475c52ab3b868ea02cdcfe86c53887296db343718dab362a50e58f654c23b3d5303c880e3faadabb2a5532eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b65055e5753319799536517bba934f5

SHA1
44ffdfcb2b96263e2bfad3611aeff2ed717c35fa

SHA256
c1d75f49e28366930d9bb13f109551980e1b18b79c1f4d2c29aba18f20046667

SHA512
cd234c3c195d058cfeea5be4233145849a3468e7451ab4e10943b1e9ef523f89c8f7c8cedb6d241b2e26dad1ea00396dbee0ca282091f0bbf294dde887532013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b41a549aac8a2e716165451b1b149ff0

SHA1
24ea83eba3b630f1566fa446cbf70144bb5a80dd

SHA256
e036cc3864ea81b6709bae779631dad8c9b5e36da0da4827fe36e10886a47ccd

SHA512
013931493ac54f536e98316710bb1caa86554853df6199b79d339bc5c4bacdf110fc0a64ac8e7fb9cfbb7baed90eb8d3615b220f3a5202236751aae352b1ebb0

Download Submit
C:\Users\Admin\Downloads\script.zip.crdownload

Filesize
5.4MB

MD5
a8f18d05ee349962e2f6c4ec12c31adc

SHA1
decabb22b693adde8b9a50561705750d36063506

SHA256
60881fb0340f0104136d089421f819b3f42bbd5b42a095b6a66cfb756ec0d09a

SHA512
3303f2ac273617cf74579235984c6e60836a87b46726f9a96eb876af53b0a84adc7aef3b3f3462264218befbf39e673c9799a657cfbb670488971a9eaf2ceec1

Download Submit
memory/560-164-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

Filesize
4KB

Download
memory/560-171-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/560-166-0x0000000005460000-0x0000000005A04000-memory.dmp

Filesize
5.6MB

Download
memory/560-165-0x0000000000510000-0x0000000000572000-memory.dmp

Filesize
392KB

Download
memory/2124-170-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2124-168-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2124-172-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response