Resubmissions
20/04/2025, 00:10 UTC
250420-agcc8axyax 1016/04/2025, 11:04 UTC
250416-m58gsaz1ay 1015/04/2025, 17:34 UTC
250415-v5ylksypw9 1015/04/2025, 06:16 UTC
250415-g1p7ras1dw 1014/04/2025, 08:06 UTC
250414-jzpwpstxhx 1014/04/2025, 07:59 UTC
250414-jvg1assky4 1014/04/2025, 07:22 UTC
250414-h7g1dss1h1 10Analysis
-
max time kernel
802s -
max time network
851s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
16/02/2025, 01:02 UTC
General
-
Target
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
-
Size
669KB
-
MD5
ead18f3a909685922d7213714ea9a183
-
SHA1
1270bd7fd62acc00447b30f066bb23f4745869bf
-
SHA256
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
-
SHA512
6e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
SSDEEP
6144:bLUHLyHlwFjxDi2nEZkQ4NXxp0XMgkBWPqdN/jGdfYY7SRA7j4YlvfYAAjJ:4uFi02nEZh4jp0XLuxGdgTm73vL
Score
10/10
Malware Config
Extracted
Path
C:\Users\Public\Documents\_readme.txt
Ransom Note
ATTENTION!
Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-T9WE5uiVT6
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
blower@india.com
Reserve e-mail address to contact us:
blower@firemail.cc
Your personal ID:
046Sdsd3273yifhsisySD60h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1
Emails
blower@india.com
blower@firemail.cc
URLs
https://we.tl/t-T9WE5uiVT6
Signatures
-
Renames multiple (212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 12 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 35 IoCs
-
Looks up external IP address via web service 19 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 17 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 19 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 6 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of WriteProcessMemory 42 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99" /deny *S-1-1-0:(OI)(CI)(DE,DC)2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Admin IsNotAutoStart IsNotTask2⤵
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsNotTask3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 856 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt14⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 10925⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 16844⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\Temp\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 5076 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 15684⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 16883⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 16362⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1336 -ip 13361⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjIzRTQ0RkMtQkYxRS00RUIyLUI4MjMtMjE1MkIyRDkzMTRCfSIgdXNlcmlkPSJ7MkMyRDE4OTctRkM3Qi00NUIwLThDOUUtREY4QThBRUVDQTQ0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OUJGN0FCRDMtMjRDOS00MjY4LTkzNkEtODEzRTFDQzAwQThEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTAxNDMwOTA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1652 -ip 16521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 856 -ip 8561⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 896 -ip 8961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5076 -ip 50761⤵
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 4520 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 16164⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 16563⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 1644 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 11563⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 16522⤵
- Program crash
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2200 -ip 22001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1644 -ip 16441⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4332 -ip 43321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4520 -ip 45201⤵
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 4880 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 10764⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 16443⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 1808 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 16083⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 15202⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3904 -ip 39041⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1808 -ip 18081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1932 -ip 19321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4880 -ip 48801⤵
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exeC:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe --Task1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --ForNetRes "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt1 IsNotAutoStart IsTask2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 1544 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 16124⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 16563⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe"C:\Users\Admin\AppData\Local\e62cc969-0181-49de-8473-8b92e1048a99\5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe" --Service 4620 "FsnDCf1u1wJvLcqbFxxtOchBf2V2lgtk24oM5mt2" 0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDos224DmXt12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 11683⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 16362⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4760 -ip 47601⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4620 -ip 46201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4116 -ip 41161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1544 -ip 15441⤵
Network
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10 -
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSapi.2ip.uaRemote address:8.8.8.8:53Requestapi.2ip.uaIN AResponseapi.2ip.uaIN A104.21.96.1api.2ip.uaIN A104.21.64.1api.2ip.uaIN A104.21.112.1api.2ip.uaIN A104.21.16.1api.2ip.uaIN A104.21.48.1api.2ip.uaIN A104.21.32.1api.2ip.uaIN A104.21.80.1
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 01:07:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JzwORJC0u%2BsFlwmJPh1c7lJuWnCAWP6oJnauok3KyKIOxdchaPVt8%2FiMeCPPTekhNf2jNQFer8p%2FyrWke4I7jAd18O9%2BL2h%2FbNtlY0Rc1n3ILpoEab6PYe37Iez%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a46768979483-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=69859&min_rtt=43281&rtt_var=33987&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3268&recv_bytes=384&delivery_rate=93992&cwnd=248&unsent_bytes=0&cid=73e2fbc7ffb3c141&ts=2469&x=0"
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=25EBCD309EF2675538D7D8A59F7966BC; domain=.bing.com; expires=Fri, 13-Mar-2026 01:07:37 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BC22431723F3461E9BF614E1EB6D7955 Ref B: FRA31EDGE0510 Ref C: 2025-02-16T01:07:37Z
date: Sun, 16 Feb 2025 01:07:37 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=25EBCD309EF2675538D7D8A59F7966BC
ResponseHTTP/2.0 204
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=DmoqJaWu3SuhPBq5vd1Gv6bh_Ygo3k9WdTU1cDT9gy8; domain=.bing.com; expires=Fri, 13-Mar-2026 01:07:37 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 637BD266841C494797BF47C13802A571 Ref B: FRA31EDGE0510 Ref C: 2025-02-16T01:07:37Z
date: Sun, 16 Feb 2025 01:07:37 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=25EBCD309EF2675538D7D8A59F7966BC; MSPTC=DmoqJaWu3SuhPBq5vd1Gv6bh_Ygo3k9WdTU1cDT9gy8
ResponseHTTP/2.0 204
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E3E0240E99AD46D6B2188F8FD040A536 Ref B: FRA31EDGE0510 Ref C: 2025-02-16T01:07:38Z
date: Sun, 16 Feb 2025 01:07:38 GMT
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A216.58.201.99
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN A
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN A
-
GEThttp://c.pki.goog/r/gsr1.crlRemote address:216.58.201.99:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 16 Feb 2025 00:56:54 GMT
Expires: Sun, 16 Feb 2025 01:46:54 GMT
Cache-Control: public, max-age=3000
Age: 647
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttp://c.pki.goog/r/r4.crlRemote address:216.58.201.99:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 16 Feb 2025 00:57:02 GMT
Expires: Sun, 16 Feb 2025 01:47:02 GMT
Cache-Control: public, max-age=3000
Age: 639
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 01:07:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DqJmC1zyrl5f%2FuBqXKRwRp2ErZlgYk%2FE2AXPuKrFP%2BQeWkd84p2IylkeonneRd5H2%2BDi%2FSTlEwECDUjuNyp%2BojxPzQNO5AmKDnr2zyyt%2FifdK4rjzjlFCbHQjiJ2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a4800eb148c5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59387&min_rtt=41831&rtt_var=35617&sent=6&recv=9&lost=0&retrans=1&sent_bytes=3560&recv_bytes=384&delivery_rate=43726&cwnd=253&unsent_bytes=0&cid=cf1c45558f8d163f&ts=743&x=0"
-
DNSymad.ugRemote address:8.8.8.8:53Requestymad.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSmsedge.api.cdp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.api.cdp.microsoft.comIN AResponsemsedge.api.cdp.microsoft.comIN CNAMEapi.cdp.microsoft.comapi.cdp.microsoft.comIN CNAMEglb.api.prod.dcat.dsp.trafficmanager.netglb.api.prod.dcat.dsp.trafficmanager.netIN A4.245.161.190
-
POSThttps://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdatesRemote address:4.245.161.190:443RequestPOST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
ms-correlationid: {F23E44FC-BF1E-4EB2-B823-2152B2D9314B}
ms-requestid: {8CBDCF41-8ED7-4D7A-991C-AAFF462C964B}
ms-cv: /EQ+8h6/sk64IyFSstkxSw.0
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2539
ResponseHTTP/2.0 200
content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 16 Feb 2025 01:07:58 GMT
content-length: 296
ms-correlationid: f23e44fc-bf1e-4eb2-b823-2152b2d9314b
ms-requestid: 8cbdcf41-8ed7-4d7a-991c-aaff462c964b
ms-cv: {F23E44FC-BF1E-4EB2-B823-2152B2D9314B}.0
-
POSThttps://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=falseRemote address:4.245.161.190:443RequestPOST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
ms-correlationid: {F23E44FC-BF1E-4EB2-B823-2152B2D9314B}
ms-requestid: {8CF02516-74C7-4F39-A72D-5B93347FA4E3}
ms-cv: /EQ+8h6/sk64IyFSstkxSw.1
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2
ResponseHTTP/2.0 200
content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 16 Feb 2025 01:07:59 GMT
content-length: 5356
ms-correlationid: f23e44fc-bf1e-4eb2-b823-2152b2d9314b
ms-requestid: 8cf02516-74c7-4f39-a72d-5b93347fa4e3
ms-cv: {F23E44FC-BF1E-4EB2-B823-2152B2D9314B}.0
-
POSThttps://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=falseRemote address:4.245.161.190:443RequestPOST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
ms-correlationid: {F23E44FC-BF1E-4EB2-B823-2152B2D9314B}
ms-requestid: {5629DB48-AD5F-426C-8BB6-95695FAF7A53}
ms-cv: /EQ+8h6/sk64IyFSstkxSw.2
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2
ResponseHTTP/2.0 200
content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 16 Feb 2025 01:07:59 GMT
content-length: 5356
ms-correlationid: f23e44fc-bf1e-4eb2-b823-2152b2d9314b
ms-requestid: 5629db48-ad5f-426c-8bb6-95695faf7a53
ms-cv: {F23E44FC-BF1E-4EB2-B823-2152B2D9314B}.0
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSmsedge.b.tlu.dl.delivery.mp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netIN CNAMEa1847.dscd.akamai.neta1847.dscd.akamai.netIN A96.17.178.190a1847.dscd.akamai.netIN A96.17.178.199
-
DNSmsedge.b.tlu.dl.delivery.mp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN A
-
HEADhttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestHEAD /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Cache-Control: public, max-age=17280000
Content-Length: 178611280
Content-Type: application/octet-stream
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
Accept-Ranges: bytes
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: d3845ac7-72b9-4c1e-b6a6-464bdab20735
MS-RequestId: 15598162-c129-4336-93bb-8eb36f13a194
MS-CV: SDoo2CDHe0m0D8wS.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Sun, 16 Feb 2025 01:08:05 GMT
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:05 GMT
Content-Range: bytes 0-1119/178611280
Content-Length: 1120
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=1120-2253
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:08 GMT
Content-Range: bytes 1120-2253/178611280
Content-Length: 1134
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=2254-5523
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:10 GMT
Content-Range: bytes 2254-5523/178611280
Content-Length: 3270
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=5524-17055
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:13 GMT
Content-Range: bytes 5524-17055/178611280
Content-Length: 11532
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=17056-34805
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:18 GMT
Content-Range: bytes 17056-34805/178611280
Content-Length: 17750
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=34806-84340
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:19 GMT
Content-Range: bytes 34806-84340/178611280
Content-Length: 49535
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=84341-130671
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:20 GMT
Content-Range: bytes 84341-130671/178611280
Content-Length: 46331
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=130672-222822
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:21 GMT
Content-Range: bytes 130672-222822/178611280
Content-Length: 92151
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=222823-406245
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:22 GMT
Content-Range: bytes 222823-406245/178611280
Content-Length: 183423
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=406246-532460
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:23 GMT
Content-Range: bytes 406246-532460/178611280
Content-Length: 126215
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=532461-1090214
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:25 GMT
Content-Range: bytes 532461-1090214/178611280
Content-Length: 557754
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=1090215-2602955
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:27 GMT
Content-Range: bytes 1090215-2602955/178611280
Content-Length: 1512741
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=2602956-3408950
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:28 GMT
Content-Range: bytes 2602956-3408950/178611280
Content-Length: 805995
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=3408951-6248286
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:29 GMT
Content-Range: bytes 3408951-6248286/178611280
Content-Length: 2839336
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=6248287-10183329
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:30 GMT
Content-Range: bytes 6248287-10183329/178611280
Content-Length: 3935043
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=10183330-14781072
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:31 GMT
Content-Range: bytes 10183330-14781072/178611280
Content-Length: 4597743
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=14781073-16500560
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:32 GMT
Content-Range: bytes 14781073-16500560/178611280
Content-Length: 1719488
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=16500561-24724554
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:33 GMT
Content-Range: bytes 16500561-24724554/178611280
Content-Length: 8223994
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=24724555-28881489
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:08:35 GMT
Content-Range: bytes 24724555-28881489/178611280
Content-Length: 4156935
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 01:08:13 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uqhPWuoopO8XSECHG3Ih3%2FFvb4nK8de901GTRQ7%2Bu0WITBp%2FmqdXZ4J38ADzJT9u%2FtiuhpdG5kdzRwTx3jxqhhv8SgAVmc6jDSFm5B8FGquaNZOpkJ1ObouFMvo%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a52fb8dfcd5c-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=42469&min_rtt=42179&rtt_var=9377&sent=5&recv=9&lost=0&retrans=1&sent_bytes=3267&recv_bytes=384&delivery_rate=93762&cwnd=242&unsent_bytes=0&cid=c9cb8fad251e0d1b&ts=142&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 01:08:15 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=izDuGwY%2B0ufn5iExXCYSzS9IznU1yW1kEp6Gc9bhuGr1lcFSO20WAnZHLBYP%2FtjrY68%2B9PrQZ%2BCp7GiBpTI30iBoXcuv5UXwPwbEp4CwIooPpZIUoLawB81DhDy%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a53aedb09483-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=49886&min_rtt=44737&rtt_var=14705&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3267&recv_bytes=384&delivery_rate=90878&cwnd=248&unsent_bytes=0&cid=f99d3d2823498bdd&ts=174&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 01:08:24 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVoB%2Frit1h%2BAZ0HIBzSoPTItqnUw63s%2FAyVssedvlhKkkg%2B8nJ9YJTwu7pL8teRaL3%2FxdmqdFjIvBa%2BG9BHIdwfWEP1vOUbGfGM98%2Bvt1z7mAA7sE7YlS5%2BEvRmM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a572eb17cd72-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=50952&min_rtt=42186&rtt_var=26400&sent=5&recv=9&lost=0&retrans=1&sent_bytes=3268&recv_bytes=384&delivery_rate=96043&cwnd=253&unsent_bytes=0&cid=9035f75cc4891ad8&ts=205&x=0"
-
DNStse1.mm.bing.netRemote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 485790
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0475E24576804343952B0316F693F991 Ref B: FRA31EDGE0408 Ref C: 2025-02-16T01:09:38Z
date: Sun, 16 Feb 2025 01:09:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388211_1N1VN3YVI7PM6IVRW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388211_1N1VN3YVI7PM6IVRW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 436830
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AD1B322050874DCA806BA629770F5ABB Ref B: FRA31EDGE0408 Ref C: 2025-02-16T01:09:38Z
date: Sun, 16 Feb 2025 01:09:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388210_1H3OUU9FLD09LO8YS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388210_1H3OUU9FLD09LO8YS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 344530
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0A0C5E0795CB49EC9C27A695877A4445 Ref B: FRA31EDGE0408 Ref C: 2025-02-16T01:12:12Z
date: Sun, 16 Feb 2025 01:12:11 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 436830
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96B0DB55A5FB416EBB09F5DEC3B782A7 Ref B: FRA31EDGE0408 Ref C: 2025-02-16T01:12:12Z
date: Sun, 16 Feb 2025 01:12:11 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 193575
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B99BC786CC2F4F718A058FE4A2CFF76B Ref B: FRA31EDGE0408 Ref C: 2025-02-16T01:12:12Z
date: Sun, 16 Feb 2025 01:12:11 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:11:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dXKVnvsGssTXgpxYTqu6put5ZA%2BlwmjIklVT6OVRDulH26igarg%2FdHBCQUcXtn42UW4S6nZ5lCgk2ZBhTgXV2WdybAv4MLT66%2BpDP5mE1oAm7QiiaGBSRpo7lakg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a992a9a0cd5c-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=43491&min_rtt=42092&rtt_var=10321&sent=6&recv=9&lost=0&retrans=1&sent_bytes=3524&recv_bytes=384&delivery_rate=96592&cwnd=243&unsent_bytes=0&cid=086a5503a08d640d&ts=408&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:11:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZRS20hAZeRNsm5qzqXRphvhyhlF89xdNPho9TB80dk%2BR7a4TNJ4UW4naTowYuWP1wYeLYhefbbtcP%2BGijn759pdolZHS%2FJXyCtHPffUnw%2FTtnvJcpgPVfaoMl8jn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a9882a579483-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=510629&min_rtt=45847&rtt_var=340523&sent=5&recv=5&lost=0&retrans=0&sent_bytes=3266&recv_bytes=384&delivery_rate=75461&cwnd=248&unsent_bytes=0&cid=8cb834777a0ca10a&ts=137&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.96.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:11:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7TVo1cYhOSwyQHQf3OOj1Z8FYB81bJrw%2FqFhcz%2BkafTN7aISMzyvXnhLo%2FHbuu9DFCdjdkVnSFSkc0WzdlXRoXUrRlDz74eVa0JSaoly72wdVeBgNIqF8tsJvejZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129a9bf39fb48c5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47062&min_rtt=45299&rtt_var=9357&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3267&recv_bytes=384&delivery_rate=89634&cwnd=253&unsent_bytes=0&cid=cbd886ef1bc42396&ts=139&x=0"
-
DNSapi.2ip.uaRemote address:8.8.8.8:53Requestapi.2ip.uaIN AResponseapi.2ip.uaIN A104.21.32.1api.2ip.uaIN A104.21.112.1api.2ip.uaIN A104.21.16.1api.2ip.uaIN A104.21.80.1api.2ip.uaIN A104.21.96.1api.2ip.uaIN A104.21.48.1api.2ip.uaIN A104.21.64.1
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.32.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:15:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hK%2BhdF6Cr%2BUcv4%2Bql%2BGNpaBnxRdSMPZOXBHkfDCIUhofb9KzqPHwFSi2fJDxJVy0rSrQKUmCh3lULVkSQrS2RB0RK%2F3Gs2p9lgPmdtt65SYBso7oJ0%2BdG7zH2k%2Bm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129af86f81246d0-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=42689&min_rtt=41953&rtt_var=17204&sent=8&recv=8&lost=0&retrans=3&sent_bytes=6274&recv_bytes=384&delivery_rate=28364&cwnd=251&unsent_bytes=0&cid=ca0f357f4832d280&ts=541&x=0"
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.32.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:15:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JdDBKuxnfOF%2B6AyLtLG%2BEcLkuepgsK6lV7llhQLKIY1bfRtPUhtspxVmIEdqJB4hcwFkcXpu9YjjRh6tv%2F5gMbDAPY6I%2FxrTrWFkhCoUyvlHQ99VGysgXhefKPlj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129b07b4bc571e0-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47019&min_rtt=43077&rtt_var=9910&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3267&recv_bytes=384&delivery_rate=94281&cwnd=246&unsent_bytes=0&cid=37aa9e0a03c8302c&ts=145&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.32.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:15:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q7BnNHxKTYuT%2FHVJWFifZln%2F3W9nks63WOcjK%2BsnOw3CqQH0wVlEN2wga9UVSrXtNaAi2%2BVsVTjR%2B2VMuUyaTOlLjmrSZ%2FzVadZzGvmBqO0%2BlUFJl%2BnPmo1qWLlY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129b03a5ae77765-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=280470&min_rtt=42387&rtt_var=124798&sent=5&recv=5&lost=0&retrans=0&sent_bytes=3273&recv_bytes=341&delivery_rate=32014&cwnd=253&unsent_bytes=0&cid=f10ee935894df936&ts=400&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.32.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:15:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DAU9%2F8FV30k6utt2tIVErHfz77umxyA5swERPYXKrBuPvuNGcBNav1NMEqg9RwSfX7awr9KIx3jWggLI4apjaUdKa0oYg459F3kTv4p38ROoimyddrNZHdbIYG3w"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129b052abd17765-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=57463&min_rtt=48335&rtt_var=19758&sent=6&recv=9&lost=0&retrans=1&sent_bytes=3524&recv_bytes=384&delivery_rate=84023&cwnd=254&unsent_bytes=0&cid=3f7476fa336f87ce&ts=1059&x=0"
-
DNSmsedge.b.tlu.dl.delivery.mp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEfg.microsoft.map.fastly.netfg.microsoft.map.fastly.netIN A199.232.214.172fg.microsoft.map.fastly.netIN A199.232.210.172
-
DNSmsedge.b.tlu.dl.delivery.mp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netIN CNAMEa1847.dscd.akamai.neta1847.dscd.akamai.netIN A96.17.178.199a1847.dscd.akamai.netIN A96.17.178.190
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:199.232.214.172:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Microsoft Edge Update/1.3.195.43;winhttp
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80072ee2
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 3
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 178611280
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Accept-Ranges: bytes
Date: Sun, 16 Feb 2025 01:18:00 GMT
Via: 1.1 varnish
Age: 95329
X-Served-By: cache-lcy-eglc8600070-LCY
X-Cache: HIT
X-Cache-Hits: 4331
X-Timer: S1739668681.579486,VS0,VE0
X-CID: 3
X-CCC: GB
-
HEADhttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestHEAD /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 1
X-HTTP-Attempts: 5
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Cache-Control: public, max-age=17280000
Content-Length: 178611280
Content-Type: application/octet-stream
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
Accept-Ranges: bytes
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: d3845ac7-72b9-4c1e-b6a6-464bdab20735
MS-RequestId: 15598162-c129-4336-93bb-8eb36f13a194
MS-CV: SDoo2CDHe0m0D8wS.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Sun, 16 Feb 2025 01:19:24 GMT
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=0-4158905
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 1
X-HTTP-Attempts: 5
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.3
MS-CorrelationId: dbd5c674-626c-4576-84e2-fc041afa499f
MS-RequestId: 8b3b8e23-d1a6-40f8-b459-35d40e4801f4
MS-CV: ggkrC5Kur02AUjvm.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Fri, 14 Feb 2025 19:48:08 GMT
ETag: "uSMLSWgBKqAeo7HbaKEGHWxdVXM="
Date: Sun, 16 Feb 2025 01:19:24 GMT
Content-Range: bytes 0-4158905/178611280
Content-Length: 4158906
Connection: keep-alive
X-CID: 2
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dRemote address:96.17.178.190:80RequestGET /filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 14 Feb 2025 19:48:08 GMT
Range: bytes=42840243-46862593
User-Agent: Microsoft BITS/7.8
X-Old-UID: {768E06D1-E60E-4702-89DB-6EE20A6A3D3E}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 1
X-HTTP-Attempts: 5
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
-
DNSmsedge.b.tlu.dl.delivery.mp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netIN CNAMEa1847.dscd.akamai.neta1847.dscd.akamai.netIN A96.17.178.190a1847.dscd.akamai.netIN A96.17.178.199
-
DNSmsedge.b.tlu.dl.delivery.mp.microsoft.comRemote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN AResponse
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
DNSloot.ugRemote address:8.8.8.8:53Requestloot.ugIN A
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.112.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:20:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BHXPaTnra9xgdBmpz0Xy5ynhHBLaIFb0Pk7hRJOLiu7FO9v5%2FeLUbH9dAbKKHi1CfYEA0gd98OtelX%2BMBM8FfRz8pz6A5Nhrb%2Fq6lHHFyx7NSlC3SbCFlW0tQ9r"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129b77a2d4c48bf-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=42567&min_rtt=41968&rtt_var=7390&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3267&recv_bytes=384&delivery_rate=96877&cwnd=253&unsent_bytes=0&cid=b6c19c9cad842389&ts=131&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.112.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:20:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=av2MwzYickw1wjYPnFSZv%2BtBpmk9T67i2HfbRM%2BvrACDesJUw%2FNs5aQcQNzM%2BHHtMPO5Q5Yf7b1P8m2KHv7JJ%2B5aVmOTwJhBk8%2BxXYXUrfAQVHZOu3FXYzqxk7Gf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129b77a28629e25-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=43299&min_rtt=42201&rtt_var=7765&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3267&recv_bytes=384&delivery_rate=95491&cwnd=253&unsent_bytes=0&cid=c584d82037c09b38&ts=131&x=0"
-
GEThttps://api.2ip.ua/geo.jsonRemote address:104.21.112.1:443RequestGET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
ResponseHTTP/1.1 429 Too Many Requests
Date: Sun, 16 Feb 2025 01:20:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PoZq6tesJ0bXQnZkc7ppz3MMgUmDnG3gZOI13kbO%2F%2FuJ2axDZWq5aL8AuuZL9ONy4TS3okRs42hFNx%2Bl2BcWD2CVUCW52qifDyjFWhjEgznPdL9lSz4Ad%2F4RWCy%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9129b7876dd748bf-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=54313&min_rtt=41777&rtt_var=31514&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3267&recv_bytes=384&delivery_rate=95991&cwnd=253&unsent_bytes=0&cid=137b399a2cf02005&ts=223&x=0"
-
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
200 -
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=tls, http2
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d54d9f215774bc3a8514c5e34a67211&localId=w:3156B12D-F3AE-8DCD-F69C-2A13650B3D7A&deviceId=6755478344485516&anid=HTTP Response
204 -
216.58.201.99:80http://c.pki.goog/r/r4.crlhttp
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200 -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
200 -
4.245.161.190:443https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=falsetls, http2
HTTP Request
POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdatesHTTP Response
200HTTP Request
POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=falseHTTP Response
200HTTP Request
POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.69/files?action=GenerateDownloadInfo&foregroundPriority=falseHTTP Response
200 -
96.17.178.190:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dhttp
HTTP Request
HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
200HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206 -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
200 -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
200 -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
200 -
150.171.28.10:443tse1.mm.bing.nettls, http2
-
150.171.28.10:443tse1.mm.bing.nettls, http2
-
150.171.28.10:443tse1.mm.bing.nettls, http2
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388211_1N1VN3YVI7PM6IVRW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388210_1H3OUU9FLD09LO8YS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 -
150.171.28.10:443tse1.mm.bing.nettls, http2
-
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.json -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.96.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.32.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.32.1:443api.2ip.uatls
-
104.21.32.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.32.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.32.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
199.232.214.172:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dhttp
HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
200 -
96.17.178.190:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dhttp
HTTP Request
HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
200HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/af8e5f2c-8b7f-478f-8f6c-f1dc567e0d65?P1=1740272880&P2=404&P3=2&P4=AdcES2RHql1OMS2h2dJC9IucfXjnOoi%2f%2f%2bDh8w0pX9wPB1VWAftT2xkjYlNiPIFvA14wecNznq2%2bQy3Taf9TvA%3d%3d -
104.21.112.1:443api.2ip.uatls
-
104.21.112.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.112.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429 -
104.21.112.1:443https://api.2ip.ua/geo.jsontls, http
HTTP Request
GET https://api.2ip.ua/geo.jsonHTTP Response
429
-
8.8.8.8:53g.bing.comdns
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
8.8.8.8:53api.2ip.uadns
DNS Request
api.2ip.ua
DNS Response
104.21.96.1104.21.64.1104.21.112.1104.21.16.1104.21.48.1104.21.32.1104.21.80.1
-
8.8.8.8:53c.pki.googdns
DNS Request
c.pki.goog
DNS Request
c.pki.goog
DNS Request
c.pki.goog
DNS Response
216.58.201.99
-
8.8.8.8:53ymad.ugdns
DNS Request
ymad.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53msedge.api.cdp.microsoft.comdns
DNS Request
msedge.api.cdp.microsoft.com
DNS Response
4.245.161.190
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53msedge.b.tlu.dl.delivery.mp.microsoft.comdns
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
96.17.178.19096.17.178.199
-
8.8.8.8:53tse1.mm.bing.netdns
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
DNS Request
loot.ug
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53api.2ip.uadns
DNS Request
api.2ip.ua
DNS Response
104.21.32.1104.21.112.1104.21.16.1104.21.80.1104.21.96.1104.21.48.1104.21.64.1
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53msedge.b.tlu.dl.delivery.mp.microsoft.comdns
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
199.232.214.172199.232.210.172
DNS Response
96.17.178.19996.17.178.190
-
8.8.8.8:53msedge.b.tlu.dl.delivery.mp.microsoft.comdns
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
96.17.178.19096.17.178.199
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
-
8.8.8.8:53loot.ugdns
DNS Request
loot.ug
DNS Request
loot.ug
-
8.8.8.8:53
-
8.8.8.8:53
-
8.8.8.8:53
-
8.8.8.8:53
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5f782b09fd215d3d9bb898d61ea2e7a37
SHA1a382348e9592bdf93dd10c49773b815a992fa7c7
SHA2567bd4646090dff9875e08ea00e5727b11be19fcb850344856e66360c152835694
SHA5129342bd7a0cbabd7e699ea545897a6403371a0034e4bea067a9662dad9e492c5fa9b27efa4c850e1c001c79d6a76ffe0dacb6831010e41c8d5e2a92bd5b898606
-
Filesize
289KB
MD58371e2c5f50981d45da1d2ac011151e4
SHA1207585c4ce4a8688d77e3806f0b13b0bc9951e7d
SHA2569e0d2763e84ca2810f700b6e5df470a7789f5566a5fe960ee48a761c77676b5b
SHA512e1ed56af0c3291c16a1a6d3add0e25ac0a97766d62a59f8f7941760ba6b015176e268132d1c08c2e84a11e3cde2759c051ebf81ae1b5a4981ddad770574229a9
-
Filesize
1KB
MD5a510a83da9bbfb7d36892097a48e33b7
SHA106a23f1849ed511f22694e39b25cf2034181e43f
SHA256177f4bd3c2d393a54a23e9043ab0214a95b156ca4b5a4d8eaa78aeda02888528
SHA5120758985b1e9ad6e0233cdea9e172d7b48275ed9555679d68d93c7351d48700f585ee696a3f421be5733a04300fe3dd1975de247e4eece8b8a343b3cd41308114
-
Filesize
622KB
MD54e6518161cc338011531e6ec335401e2
SHA16d221aae3781af873141e6bbc6790c7ffb20259e
SHA256a47f41aa7bcec0354731bea88367b16ea9010ff199298e613b6e3aee6744beca
SHA512549c082c5d737f1b1ffcabea6b7f5c44d87efbc9864081afb02a10fa33ffb7c4a081956814e0ccbf9f0ed8a590c4ee9bad782ca49bd63ec9818a25e5b3af1382
-
Filesize
736KB
MD5c3c0fe1bf5f38a6c89cead208307b99c
SHA1df5d4f184c3124d4749c778084f35a2c00066b0b
SHA256f4f6d008e54b5a6bac3998fc3fe8e632c347d6b598813e3524d5489b84bd2eaf
SHA5120f3e96d16c512e37025b04ff7989d60126c3d65fe868dbcfbeae4dac910ce04fc52d1089f0e41ce85c2def0182a927fdcc349094e74cdd21b45a42fde7f01806
-
Filesize
180KB
MD5b2e47100abd58190e40c8b6f9f672a36
SHA1a754a78021b16e63d9e606cacc6de4fcf6872628
SHA256889217bcb971387bc3cb6d76554646d2b0822eceb102320d40adf2422c829128
SHA512d30da8c901e063df5901d011b22a01f884234ddddd44b9e81b3c43d93a51e10342074523339d155d69ff03a03a1df66c7d19e0137a16f47735b5b600616ca2a9
-
Filesize
26.0MB
MD5078fdfc06d675c9476796f61e8d8b396
SHA1183e0f30aad003e5443fc282813f349ebd7bb1c8
SHA25671474bbf9ec8997bb0ec65853cb095b000f1cdd52aa3f53b486a994588a4b7f7
SHA512ec1b7bb3993e7022b600557fb63f405cca68fa269ebf9cebb4c699c7e35ac3bdafac44c12b60b67c01987d499023a2b5cfea0bdb66684eff4d67546ec5952a68
-
Filesize
28.5MB
MD501bc6dc2e63ba4656e64f83debbc1f4e
SHA1823cb85a326995b562bd02e26996a4a841795322
SHA256b96e7138eee33474e5ec02c855673b56f78f0773d10fb962b7c9d015597db689
SHA51290f0a9df306c83c3c10cdc7cb03110bb75796b3462a3562743a5a4cf9366d85e157cdf7b60bf6458051a0deec9275ae30fc49d19f83aebaae01ec908b3335175
-
Filesize
1KB
MD5c9be626e9715952e9b70f92f912b9787
SHA1aa2e946d9ad9027172d0d321917942b7562d6abe
SHA256c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4
SHA5127581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5
-
Filesize
436B
MD5971c514f84bba0785f80aa1c23edfd79
SHA1732acea710a87530c6b08ecdf32a110d254a54c8
SHA256f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA51243dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58
-
Filesize
174B
MD5a1c72c21e5f915020c27dc2b144de200
SHA16abdbff341e0a3e0e3aee86cfccba70b75e1b61a
SHA256a17fb3ba97b327eb355572eda402ccf5a5fca4823ab56ff06c475d293e1385af
SHA5128645ee30dd3010379ef05f287f878efa62e41e6df0b9a98eb195c8fabed428f1d9c4b6e528161f769d4e8a441ce68cccec95f432c448c7b5cb9ee575b46dd0d0
-
Filesize
170B
MD5298902e5d051a81e24b6d985ba726a71
SHA1edeec6a4ffae41cc36b7b24af3b6e2a80482dedb
SHA256c828dd9bcda7b53680a860ba95ac9643a13ecf8d8cfc77995527439607659e11
SHA51213c538ce31628c5c1ed5bcc20e3987931ba539b6e147ad9c141d67ac22099374bb6a1acb21d21d5000859d8ebecaf2482436fbb6a8ed766335f4b75f30d4e2fc
-
Filesize
542B
MD5794f37d6fcc52e598a6b9b993bfa8922
SHA1f31f03ba70324db01078cc41a06b6bcf3f07056e
SHA2563356f73006fee0c1448598764560c334e02d4eccc556bd4ed6f5f1537476cc33
SHA512192888f5b6fbd0fcd308752edb8023ee1db8c3a813183b496785dc18de6e76484aba883ccf3c6df925a624133cf01bd6f1e278c5bd0e883d654a3eda13e3e399
-
Filesize
669KB
MD5ead18f3a909685922d7213714ea9a183
SHA11270bd7fd62acc00447b30f066bb23f4745869bf
SHA2565da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18
SHA5126e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91
-
Filesize
1KB
MD5d75064cfaac9c92f52aadf373dc7e463
SHA136ea05181d9b037694929ec81f276f13c7d2655c
SHA256163ec5b903b6baadd32d560c44c1ea4dce241579a7493eb32c632eae9085d508
SHA51243387299749f31c623c5dd4a53ff4d2eff5edfeb80fd4e2edd45860b5c9367d2767ae2ee9b60824b57301999dd2bd995b7d3bd5e7187e447aed76106272559d1
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
472KB
-
Filesize
1024KB
-
Filesize
472KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB