Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://v1.addthis.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/07/2023, 15:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://v1.addthis.com/live/redirect/?url=https%3A%2F%2Fmkpromocional.com.br%2Fnew%2Fauth%2Fawfr%2F%2F%2F%2FZmh1dGNoaW5zb25AbXQuZ292

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://v1.addthis.com/live/redirect/?url=https%3A%2F%2Fmkpromocional.com.br%2Fnew%2Fauth%2Fawfr%2F%2F%2F%2FZmh1dGNoaW5zb25AbXQuZ292
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4bed9758,0x7ffe4bed9768,0x7ffe4bed9778
      2⤵
        PID:4876
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:2
        2⤵
          PID:764
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
          2⤵
            PID:3852
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
            2⤵
              PID:1132
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:1
              2⤵
                PID:1104
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:1
                2⤵
                  PID:452
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3492 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:1
                  2⤵
                    PID:2016
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4812 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:1
                    2⤵
                      PID:4204
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
                      2⤵
                        PID:3380
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3032 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
                        2⤵
                          PID:4996
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
                          2⤵
                            PID:4936
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
                            2⤵
                              PID:2800
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:8
                              2⤵
                                PID:4628
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 --field-trial-handle=1912,i,3076933021238437862,5097560195886553006,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3840
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:4604

                              Network

                              • flag-us
                                DNS
                                v1.addthis.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                v1.addthis.com
                                IN A
                                Response
                                v1.addthis.com
                                IN CNAME
                                v1.addthis.com.edgekey.net
                                v1.addthis.com.edgekey.net
                                IN CNAME
                                e4016.a.akamaiedge.net
                                e4016.a.akamaiedge.net
                                IN A
                                173.223.112.118
                              • flag-nl
                                GET
                                https://v1.addthis.com/live/redirect/?url=https%3A%2F%2Fmkpromocional.com.br%2Fnew%2Fauth%2Fawfr%2F%2F%2F%2FZmh1dGNoaW5zb25AbXQuZ292
                                chrome.exe
                                Remote address:
                                173.223.112.118:443
                                Request
                                GET /live/redirect/?url=https%3A%2F%2Fmkpromocional.com.br%2Fnew%2Fauth%2Fawfr%2F%2F%2F%2FZmh1dGNoaW5zb25AbXQuZ292 HTTP/2.0
                                host: v1.addthis.com
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: none
                                sec-fetch-mode: navigate
                                sec-fetch-user: ?1
                                sec-fetch-dest: document
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 302
                                content-length: 0
                                cache-control: max-age=0, no-cache, no-store, no-transform
                                pragma: no-cache
                                location: https://mkpromocional.com.br/new/auth/awfr////Zmh1dGNoaW5zb25AbXQuZ292
                                date: Fri, 07 Jul 2023 15:18:37 GMT
                              • flag-us
                                DNS
                                195.179.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                195.179.250.142.in-addr.arpa
                                IN PTR
                                Response
                                195.179.250.142.in-addr.arpa
                                IN PTR
                                ams15s42-in-f31e100net
                              • flag-us
                                DNS
                                10.36.251.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                10.36.251.142.in-addr.arpa
                                IN PTR
                                Response
                                10.36.251.142.in-addr.arpa
                                IN PTR
                                ams15s44-in-f101e100net
                              • flag-us
                                DNS
                                118.112.223.173.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                118.112.223.173.in-addr.arpa
                                IN PTR
                                Response
                                118.112.223.173.in-addr.arpa
                                IN PTR
                                a173-223-112-118deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                mkpromocional.com.br
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                mkpromocional.com.br
                                IN A
                                Response
                                mkpromocional.com.br
                                IN A
                                66.70.250.213
                              • flag-ca
                                GET
                                https://mkpromocional.com.br/new/auth/awfr////Zmh1dGNoaW5zb25AbXQuZ292
                                chrome.exe
                                Remote address:
                                66.70.250.213:443
                                Request
                                GET /new/auth/awfr////Zmh1dGNoaW5zb25AbXQuZ292 HTTP/2.0
                                host: mkpromocional.com.br
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: none
                                sec-fetch-mode: navigate
                                sec-fetch-user: ?1
                                sec-fetch-dest: document
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                refresh: 0;url=https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                vary: Accept-Encoding
                                content-encoding: br
                                content-length: 1
                                content-type: text/html; charset=UTF-8
                                date: Fri, 07 Jul 2023 15:18:38 GMT
                                server: Apache
                              • flag-ca
                                GET
                                https://mkpromocional.com.br/favicon.ico
                                chrome.exe
                                Remote address:
                                66.70.250.213:443
                                Request
                                GET /favicon.ico HTTP/2.0
                                host: mkpromocional.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://mkpromocional.com.br/new/auth/awfr////Zmh1dGNoaW5zb25AbXQuZ292
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                last-modified: Thu, 06 Nov 2014 15:48:35 GMT
                                accept-ranges: bytes
                                vary: Accept-Encoding
                                content-encoding: br
                                content-length: 1776
                                content-type: image/x-icon
                                date: Fri, 07 Jul 2023 15:18:38 GMT
                                server: Apache
                              • flag-us
                                DNS
                                lmo.congressosbdv.com.br
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lmo.congressosbdv.com.br
                                IN A
                                Response
                                lmo.congressosbdv.com.br
                                IN A
                                185.225.68.39
                              • flag-hu
                                GET
                                https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /?username=fhutchinson@mt.gov HTTP/2.0
                                host: lmo.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: cross-site
                                sec-fetch-mode: navigate
                                sec-fetch-dest: document
                                referer: https://mkpromocional.com.br/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:39 GMT
                                content-type: text/html; charset=utf-8
                                vary: Accept-Encoding
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                POST
                                https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                POST /?username=fhutchinson@mt.gov HTTP/2.0
                                host: lmo.congressosbdv.com.br
                                content-length: 1064
                                cache-control: max-age=0
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-platform: "Windows"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                content-type: application/json
                                accept: */*
                                origin: https://lmo.congressosbdv.com.br
                                sec-fetch-site: same-origin
                                sec-fetch-mode: cors
                                sec-fetch-dest: empty
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:40 GMT
                                content-type: application/json
                                vary: Accept-Encoding
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /?username=fhutchinson@mt.gov HTTP/2.0
                                host: lmo.congressosbdv.com.br
                                cache-control: max-age=0
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: same-origin
                                sec-fetch-mode: navigate
                                sec-fetch-dest: document
                                referer: https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:41 GMT
                                content-type: text/html; charset=utf-8
                                vary: Accept-Encoding
                                cache-control: no-store, no-cache
                                pragma: no-cache
                                vary: Accept-Encoding
                                p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                x-ms-request-id: 26b7dd73-25f9-4ef3-84ac-d8e012f36e00
                                x-ms-ests-server: 2.1.15771.3 - FRC ProdSlices
                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2"}]}
                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                referrer-policy: strict-origin-when-cross-origin
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://lmo.congressosbdv.com.br/favicon.ico
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /favicon.ico HTTP/2.0
                                host: lmo.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                cookie: AADSSO=NA|NoExtension
                                cookie: SSOCOOKIEPULLED=1
                                Response
                                HTTP/2.0 404
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:48 GMT
                                content-type: text/html; charset=utf-8
                                vary: Accept-Encoding
                                cache-control: private
                                p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                x-ms-request-id: 4be771a0-4c68-4283-bc7a-635f6d3b3400
                                x-ms-ests-server: 2.1.15771.3 - SEC ProdSlices
                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2"}]}
                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                referrer-policy: strict-origin-when-cross-origin
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov&sso_reload=true
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /?username=fhutchinson@mt.gov&sso_reload=true HTTP/2.0
                                host: lmo.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: same-origin
                                sec-fetch-mode: navigate
                                sec-fetch-dest: document
                                referer: https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                cookie: AADSSO=NA|NoExtension
                                cookie: SSOCOOKIEPULLED=1
                                Response
                                HTTP/2.0 302
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:50 GMT
                                content-type: text/html; charset=utf-8
                                location: https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2#
                                cache-control: no-store, no-cache
                                pragma: no-cache
                                vary: Accept-Encoding
                                p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                x-ms-request-id: 23eb61ef-e15d-4ed8-bbc6-59b722a71f00
                                x-ms-ests-server: 2.1.15771.3 - NCUS ProdSlices
                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2"}]}
                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                referrer-policy: strict-origin-when-cross-origin
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2 HTTP/2.0
                                host: 3fc6fdea-94ec5259.congressosbdv.com.br
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: same-site
                                sec-fetch-mode: navigate
                                sec-fetch-dest: document
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                referer: https://lmo.congressosbdv.com.br/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:51 GMT
                                content-type: text/html; charset=utf-8
                                vary: Accept-Encoding
                                cache-control: no-cache,no-store
                                pragma: no-cache
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/portal/css/style.css?id=2796320B5D7D57B804571A0EC676C246098DE8B557CE807D5FD59216FEF387F6
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /adfs/portal/css/style.css?id=2796320B5D7D57B804571A0EC676C246098DE8B557CE807D5FD59216FEF387F6 HTTP/2.0
                                host: 3fc6fdea-94ec5259.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: text/css,*/*;q=0.1
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: style
                                referer: https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:53 GMT
                                content-type: text/css
                                vary: Accept-Encoding
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/portal/logo/logo.png?id=3705C04DBD76FB3A846CEBAB9AE5A514FA715F46EE59D310BB95B9DCD9142E3B
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /adfs/portal/logo/logo.png?id=3705C04DBD76FB3A846CEBAB9AE5A514FA715F46EE59D310BB95B9DCD9142E3B HTTP/2.0
                                host: 3fc6fdea-94ec5259.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:53 GMT
                                content-type: image/png
                                etag: 3705C04DBD76FB3A846CEBAB9AE5A514FA715F46EE59D310BB95B9DCD9142E3B
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://3fc6fdea-94ec5259.congressosbdv.com.br/favicon.ico
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /favicon.ico HTTP/2.0
                                host: 3fc6fdea-94ec5259.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                Response
                                HTTP/2.0 404
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:54 GMT
                                content-type: text/html; charset=us-ascii
                                vary: Accept-Encoding
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-us
                                DNS
                                apps.identrust.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                apps.identrust.com
                                IN A
                                Response
                                apps.identrust.com
                                IN CNAME
                                identrust.edgesuite.net
                                identrust.edgesuite.net
                                IN CNAME
                                a1952.dscq.akamai.net
                                a1952.dscq.akamai.net
                                IN A
                                2.18.121.75
                                a1952.dscq.akamai.net
                                IN A
                                2.18.121.76
                              • flag-us
                                GET
                                http://apps.identrust.com/roots/dstrootcax3.p7c
                                chrome.exe
                                Remote address:
                                2.18.121.75:80
                                Request
                                GET /roots/dstrootcax3.p7c HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: apps.identrust.com
                                Response
                                HTTP/1.1 200 OK
                                X-XSS-Protection: 1; mode=block
                                Strict-Transport-Security: max-age=15768000
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                Content-Security-Policy: default-src 'self' *.identrust.com
                                Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
                                ETag: "37d-5f433188daa00"
                                Accept-Ranges: bytes
                                Content-Length: 893
                                X-Content-Type-Options: nosniff
                                X-Frame-Options: sameorigin
                                Content-Type: application/pkcs7-mime
                                Cache-Control: max-age=3600
                                Expires: Fri, 07 Jul 2023 16:18:38 GMT
                                Date: Fri, 07 Jul 2023 15:18:38 GMT
                                Connection: keep-alive
                              • flag-us
                                DNS
                                4.159.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                4.159.190.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                254.23.238.8.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                254.23.238.8.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                213.250.70.66.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                213.250.70.66.in-addr.arpa
                                IN PTR
                                Response
                                213.250.70.66.in-addr.arpa
                                IN PTR
                                lc1livreiniciativacom
                              • flag-us
                                DNS
                                39.68.225.185.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                39.68.225.185.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                75.121.18.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                75.121.18.2.in-addr.arpa
                                IN PTR
                                Response
                                75.121.18.2.in-addr.arpa
                                IN PTR
                                a2-18-121-75deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                57.169.31.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                57.169.31.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                54.120.234.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                54.120.234.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                86f3b1a3-94ec5259.congressosbdv.com.br
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                86f3b1a3-94ec5259.congressosbdv.com.br
                                IN A
                                Response
                                86f3b1a3-94ec5259.congressosbdv.com.br
                                IN A
                                185.225.68.39
                              • flag-hu
                                GET
                                https://86f3b1a3-94ec5259.congressosbdv.com.br/shared/1.0/content/js/BssoInterrupt_Core_XtdzrKj01CuSfnIRcfwDDQ2.js
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /shared/1.0/content/js/BssoInterrupt_Core_XtdzrKj01CuSfnIRcfwDDQ2.js HTTP/2.0
                                host: 86f3b1a3-94ec5259.congressosbdv.com.br
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                origin: https://lmo.congressosbdv.com.br
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: */*
                                sec-fetch-site: same-site
                                sec-fetch-mode: cors
                                sec-fetch-dest: script
                                referer: https://lmo.congressosbdv.com.br/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:46 GMT
                                content-type: application/x-javascript
                                vary: Accept-Encoding
                                access-control-allow-origin: *
                                access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                age: 1837670
                                cache-control: public, max-age=31536000
                                last-modified: Tue, 13 Jun 2023 17:22:52 GMT
                                vary: Accept-Encoding
                                x-cache: HIT
                                x-ms-blob-type: BlockBlob
                                x-ms-lease-status: unlocked
                                x-ms-request-id: ad467466-501e-0022-1e2f-a0adb9000000
                                x-ms-version: 2009-09-19
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                OPTIONS
                                https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                OPTIONS /api/report?catId=GW+estsfd+dub2 HTTP/2.0
                                host: 81133f65-94ec5259.congressosbdv.com.br
                                origin: https://lmo.congressosbdv.com.br
                                access-control-request-method: POST
                                access-control-request-headers: content-type
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:49 GMT
                                content-type: text/html
                                vary: Accept-Encoding
                                access-control-allow-headers: content-type
                                access-control-allow-credentials: false
                                access-control-allow-methods: *, GET, OPTIONS, POST
                                access-control-allow-origin: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                POST
                                https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                POST /api/report?catId=GW+estsfd+dub2 HTTP/2.0
                                host: 81133f65-94ec5259.congressosbdv.com.br
                                content-length: 460
                                content-type: application/reports+json
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                server: nginx
                                date: Fri, 07 Jul 2023 15:18:51 GMT
                                content-type: text/plain; charset=utf-8
                                vary: Accept-Encoding
                                vary: Accept-Encoding
                                request-context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765
                                access-control-allow-credentials: false
                                access-control-allow-methods: *, GET, OPTIONS, POST
                                access-control-allow-origin: *
                                content-encoding: gzip
                                strict-transport-security: max-age=31536000; includeSubDomains
                              • flag-hu
                                GET
                                https://lmo.congressosbdv.com.br/websocket/hook/?3rqhyT=OTRlYzUyNTkyOGRkNGRmYjkyMDcxYzcyNzgyNmNmNTk=
                                chrome.exe
                                Remote address:
                                185.225.68.39:443
                                Request
                                GET /websocket/hook/?3rqhyT=OTRlYzUyNTkyOGRkNGRmYjkyMDcxYzcyNzgyNmNmNTk= HTTP/1.1
                                Host: lmo.congressosbdv.com.br
                                Connection: Upgrade
                                Pragma: no-cache
                                Cache-Control: no-cache
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                Upgrade: websocket
                                Origin: https://lmo.congressosbdv.com.br
                                Sec-WebSocket-Version: 13
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Cookie: 3rqhyT=OTRlYzUyNTktMjhkZC00ZGZiLTkyMDctMWM3Mjc4MjZjZjU5OmUzODk4ZTM5LTcxOTUtNDY0NS05Y2MyLWZhYTI4ZGQyMzJiOA==
                                Sec-WebSocket-Key: EQ5ODB091xvBiLkC1OXLfA==
                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                Response
                                HTTP/1.1 101 Switching Protocols
                                Server: nginx
                                Date: Fri, 07 Jul 2023 15:18:48 GMT
                                Connection: upgrade
                                Upgrade: websocket
                                Sec-WebSocket-Accept: KZ1QRIaeyzt2ha7oZ8d3Y8U24vk=
                                Sec-WebSocket-Extensions: permessage-deflate
                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                              • flag-us
                                DNS
                                81133f65-94ec5259.congressosbdv.com.br
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                81133f65-94ec5259.congressosbdv.com.br
                                IN A
                                Response
                                81133f65-94ec5259.congressosbdv.com.br
                                IN A
                                185.225.68.39
                              • flag-us
                                DNS
                                3fc6fdea-94ec5259.congressosbdv.com.br
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                3fc6fdea-94ec5259.congressosbdv.com.br
                                IN A
                                Response
                                3fc6fdea-94ec5259.congressosbdv.com.br
                                IN A
                                185.225.68.39
                              • flag-us
                                DNS
                                content-autofill.googleapis.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                content-autofill.googleapis.com
                                IN A
                                Response
                                content-autofill.googleapis.com
                                IN A
                                142.250.179.138
                                content-autofill.googleapis.com
                                IN A
                                142.251.36.42
                                content-autofill.googleapis.com
                                IN A
                                142.250.179.170
                                content-autofill.googleapis.com
                                IN A
                                142.250.179.202
                                content-autofill.googleapis.com
                                IN A
                                142.251.36.10
                                content-autofill.googleapis.com
                                IN A
                                142.251.39.106
                                content-autofill.googleapis.com
                                IN A
                                172.217.168.202
                                content-autofill.googleapis.com
                                IN A
                                172.217.23.202
                              • flag-nl
                                GET
                                https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmgLbsOhjOCMRIFDQGlaXISBQ1lIZnq?alt=proto
                                chrome.exe
                                Remote address:
                                142.250.179.138:443
                                Request
                                GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmgLbsOhjOCMRIFDQGlaXISBQ1lIZnq?alt=proto HTTP/2.0
                                host: content-autofill.googleapis.com
                                x-goog-encode-response-if-executable: base64
                                x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                x-client-data: CMeUywE=
                                sec-fetch-site: none
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: empty
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                138.179.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                138.179.250.142.in-addr.arpa
                                IN PTR
                                Response
                                138.179.250.142.in-addr.arpa
                                IN PTR
                                ams17s10-in-f101e100net
                              • flag-us
                                DNS
                                clients2.google.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                clients2.google.com
                                IN A
                                Response
                                clients2.google.com
                                IN CNAME
                                clients.l.google.com
                                clients.l.google.com
                                IN A
                                142.251.36.46
                              • flag-us
                                DNS
                                157.123.68.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                157.123.68.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                assets.msn.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                assets.msn.com
                                IN A
                                Response
                                assets.msn.com
                                IN CNAME
                                assets.msn.com.edgekey.net
                                assets.msn.com.edgekey.net
                                IN CNAME
                                e28578.d.akamaiedge.net
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.136
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.128
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.152
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.137
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.144
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.146
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.107
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.121
                                e28578.d.akamaiedge.net
                                IN A
                                23.53.42.122
                              • flag-de
                                GET
                                https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=4cfcf1a7-955e-467d-bab7-7047f364dd2f&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask
                                Remote address:
                                23.53.42.136:443
                                Request
                                GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=4cfcf1a7-955e-467d-bab7-7047f364dd2f&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
                                host: assets.msn.com
                                x-search-account: None
                                accept-encoding: gzip, deflate
                                x-device-machineid: {9A0AA320-02A9-4895-93BF-E83F6D53852E}
                                x-userageclass: Unknown
                                x-bm-market: US
                                x-bm-dateformat: M/d/yyyy
                                x-device-ossku: 48
                                x-bm-dtz: 0
                                x-deviceid: 0100B2E609000CC3
                                x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
                                sitename: www.msn.com
                                x-bm-theme: 000000;0078d7
                                muid: F6100D52207B421D8A275B2B199B44DD
                                x-agent-deviceid: 0100B2E609000CC3
                                x-bm-onlinesearchdisabled: true
                                x-bm-cbt: 1688743146
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                x-device-isoptin: false
                                accept-language: en-US, en
                                x-device-touch: false
                                x-device-clientsession: F71CEF8239B54B3E9B3630FCA12BB620
                                cookie: MUID=F6100D52207B421D8A275B2B199B44DD
                                Response
                                HTTP/2.0 200
                                content-type: application/json; charset=utf-8
                                server: Kestrel
                                access-control-allow-credentials: true
                                access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
                                access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
                                access-control-allow-origin: *.msn.com
                                access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
                                content-encoding: gzip
                                ddd-authenticatedwithjwtflow: False
                                ddd-usertype: AnonymousMuid
                                ddd-tmpl: SageUser:0;partialResponse:1;coldStartUpsell:1;tbn:0;lowT:0;IsRecoNewUser:1;winbadge:1;lowC:0;coldStart:1;BingRecoCode:Success
                                ddd-feednewsitemcount: 1
                                x-wpo-activityid: 6D7F335E-5A06-4A9A-9735-B3A80ACD63BA|2023-07-07T15:19:07.8109201Z|fabric:/wpo|FRC|WPO_94
                                ddd-activityid: 6d7f335e-5a06-4a9a-9735-b3a80acd63ba
                                ddd-strategyexecutionlatency: 00:00:00.1771195
                                ddd-debugid: 6d7f335e-5a06-4a9a-9735-b3a80acd63ba|2023-07-07T15:19:07.8199355Z|fabric:/winfeed|FRC|WinFeed_610
                                onewebservicelatency: 178
                                x-msedge-responseinfo: 178
                                x-ceto-ref: 64a82cebc24842b7938e1d701a448a32|2023-07-07T15:19:07.639Z
                                expires: Fri, 07 Jul 2023 15:19:07 GMT
                                date: Fri, 07 Jul 2023 15:19:07 GMT
                                content-length: 1533
                                akamai-request-bc: [a=23.53.42.132,b=705922382,c=g,n=DE_HE_FRANKFURT,o=20940],[a=20.74.25.147,c=o]
                                server-timing: clientrtt; dur=23, clienttt; dur=192, origin; dur=191 , cdntime; dur=1
                                akamai-cache-status: Miss from child
                                akamai-server-ip: 23.53.42.132
                                akamai-request-id: 2a13854e
                                x-as-suppresssetcookie: 1
                                cache-control: private, max-age=0
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                timing-allow-origin: *
                                vary: Origin
                              • flag-us
                                DNS
                                198.187.3.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                198.187.3.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                136.42.53.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                136.42.53.23.in-addr.arpa
                                IN PTR
                                Response
                                136.42.53.23.in-addr.arpa
                                IN PTR
                                a23-53-42-136deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                8.3.197.209.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.3.197.209.in-addr.arpa
                                IN PTR
                                Response
                                8.3.197.209.in-addr.arpa
                                IN PTR
                                vip0x008map2sslhwcdnnet
                              • flag-us
                                DNS
                                240.81.21.72.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                240.81.21.72.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                43.229.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                43.229.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                8.179.89.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.179.89.13.in-addr.arpa
                                IN PTR
                                Response
                              • 173.223.112.118:443
                                https://v1.addthis.com/live/redirect/?url=https%3A%2F%2Fmkpromocional.com.br%2Fnew%2Fauth%2Fawfr%2F%2F%2F%2FZmh1dGNoaW5zb25AbXQuZ292
                                tls, http2
                                chrome.exe
                                2.0kB
                                 6.8kB
                                 17
                                23

                                HTTP Request

                                GET https://v1.addthis.com/live/redirect/?url=https%3A%2F%2Fmkpromocional.com.br%2Fnew%2Fauth%2Fawfr%2F%2F%2F%2FZmh1dGNoaW5zb25AbXQuZ292

                                HTTP Response

                                302
                              • 173.223.112.118:443
                                v1.addthis.com
                                tls, http2
                                chrome.exe
                                1.1kB
                                 6.1kB
                                 12
                                13
                              • 66.70.250.213:443
                                https://mkpromocional.com.br/favicon.ico
                                tls, http2
                                chrome.exe
                                2.2kB
                                 9.3kB
                                 17
                                21

                                HTTP Request

                                GET https://mkpromocional.com.br/new/auth/awfr////Zmh1dGNoaW5zb25AbXQuZ292

                                HTTP Response

                                200

                                HTTP Request

                                GET https://mkpromocional.com.br/favicon.ico

                                HTTP Response

                                200
                              • 185.225.68.39:443
                                lmo.congressosbdv.com.br
                                tls
                                chrome.exe
                                1.1kB
                                 4.7kB
                                 11
                                10
                              • 185.225.68.39:443
                                https://3fc6fdea-94ec5259.congressosbdv.com.br/favicon.ico
                                tls, http2
                                chrome.exe
                                12.6kB
                                 389.6kB
                                 177
                                324

                                HTTP Request

                                GET https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov

                                HTTP Response

                                200

                                HTTP Request

                                POST https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov

                                HTTP Response

                                200

                                HTTP Request

                                GET https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov

                                HTTP Response

                                200

                                HTTP Request

                                GET https://lmo.congressosbdv.com.br/favicon.ico

                                HTTP Request

                                GET https://lmo.congressosbdv.com.br/?username=fhutchinson@mt.gov&sso_reload=true

                                HTTP Response

                                404

                                HTTP Response

                                302

                                HTTP Request

                                GET https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/ls/?login_hint=fhutchinson%40mt.gov&client-request-id=1e93f1fa-a85e-464d-bd61-e509bdb9c6a5&username=fhutchinson%40mt.gov&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAR-fZwsF7fC121v4lPOvTuPLV3FqEzYCP0LjIwvGBknMQmlZZSWJGdk5hXn5znkluil55fdYhL0L0r3TAkvdktNSS1KLMnMz3vEjEXhBRaBVyw8BsxWHBxcAgwSDAoMP1gYF7EC3fQ-8bVy7MMbfruPRW5XWi7PcIpV3yKlsKQg08gkKyLI1S83ItsrL8moPCA4P9_c2MUzy6XQMzcyMTfAzD0j3dXW3MpwApvQBDamU2wMH9gYO9gZZrEzHOBkPMDL8IPvwfXru6_fv__W4xW_TnK4WZh-SX56dlZuto-3c25kmXmWpbFXlldJUkSQfmi5k5NTQVBBuKW_d6gtAA2

                                HTTP Response

                                200

                                HTTP Request

                                GET https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/portal/css/style.css?id=2796320B5D7D57B804571A0EC676C246098DE8B557CE807D5FD59216FEF387F6

                                HTTP Request

                                GET https://3fc6fdea-94ec5259.congressosbdv.com.br/adfs/portal/logo/logo.png?id=3705C04DBD76FB3A846CEBAB9AE5A514FA715F46EE59D310BB95B9DCD9142E3B

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://3fc6fdea-94ec5259.congressosbdv.com.br/favicon.ico

                                HTTP Response

                                404
                              • 2.18.121.75:80
                                http://apps.identrust.com/roots/dstrootcax3.p7c
                                http
                                chrome.exe
                                416 B
                                 1.7kB
                                 6
                                6

                                HTTP Request

                                GET http://apps.identrust.com/roots/dstrootcax3.p7c

                                HTTP Response

                                200
                              • 185.225.68.39:443
                                https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2
                                tls, http2
                                chrome.exe
                                4.0kB
                                 57.4kB
                                 43
                                67

                                HTTP Request

                                GET https://86f3b1a3-94ec5259.congressosbdv.com.br/shared/1.0/content/js/BssoInterrupt_Core_XtdzrKj01CuSfnIRcfwDDQ2.js

                                HTTP Response

                                200

                                HTTP Request

                                OPTIONS https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2

                                HTTP Response

                                200

                                HTTP Request

                                POST https://81133f65-94ec5259.congressosbdv.com.br/api/report?catId=GW+estsfd+dub2

                                HTTP Response

                                200
                              • 185.225.68.39:443
                                https://lmo.congressosbdv.com.br/websocket/hook/?3rqhyT=OTRlYzUyNTkyOGRkNGRmYjkyMDcxYzcyNzgyNmNmNTk=
                                tls, http
                                chrome.exe
                                1.9kB
                                 1.1kB
                                 12
                                10

                                HTTP Request

                                GET https://lmo.congressosbdv.com.br/websocket/hook/?3rqhyT=OTRlYzUyNTkyOGRkNGRmYjkyMDcxYzcyNzgyNmNmNTk=

                                HTTP Response

                                101
                              • 142.250.179.138:443
                                https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmgLbsOhjOCMRIFDQGlaXISBQ1lIZnq?alt=proto
                                tls, http2
                                chrome.exe
                                1.8kB
                                 7.0kB
                                 15
                                16

                                HTTP Request

                                GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmgLbsOhjOCMRIFDQGlaXISBQ1lIZnq?alt=proto
                              • 142.251.36.46:443
                                clients2.google.com
                                tls, http2
                                chrome.exe
                                1.1kB
                                 8.4kB
                                 12
                                12
                              • 23.53.42.136:443
                                https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=4cfcf1a7-955e-467d-bab7-7047f364dd2f&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask
                                tls, http2
                                2.7kB
                                 10.6kB
                                 21
                                19

                                HTTP Request

                                GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=4cfcf1a7-955e-467d-bab7-7047f364dd2f&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

                                HTTP Response

                                200
                              • 8.8.8.8:53
                                v1.addthis.com
                                dns
                                chrome.exe
                                60 B
                                 149 B
                                 1
                                1

                                DNS Request

                                v1.addthis.com

                                DNS Response

                                173.223.112.118

                              • 8.8.8.8:53
                                195.179.250.142.in-addr.arpa
                                dns
                                74 B
                                 112 B
                                 1
                                1

                                DNS Request

                                195.179.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                10.36.251.142.in-addr.arpa
                                dns
                                72 B
                                 111 B
                                 1
                                1

                                DNS Request

                                10.36.251.142.in-addr.arpa

                              • 8.8.8.8:53
                                118.112.223.173.in-addr.arpa
                                dns
                                74 B
                                 141 B
                                 1
                                1

                                DNS Request

                                118.112.223.173.in-addr.arpa

                              • 8.8.8.8:53
                                mkpromocional.com.br
                                dns
                                chrome.exe
                                66 B
                                 82 B
                                 1
                                1

                                DNS Request

                                mkpromocional.com.br

                                DNS Response

                                66.70.250.213

                              • 8.8.8.8:53
                                lmo.congressosbdv.com.br
                                dns
                                chrome.exe
                                70 B
                                 86 B
                                 1
                                1

                                DNS Request

                                lmo.congressosbdv.com.br

                                DNS Response

                                185.225.68.39

                              • 8.8.8.8:53
                                apps.identrust.com
                                dns
                                chrome.exe
                                64 B
                                 165 B
                                 1
                                1

                                DNS Request

                                apps.identrust.com

                                DNS Response

                                2.18.121.75
                                2.18.121.76

                              • 8.8.8.8:53
                                4.159.190.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                4.159.190.20.in-addr.arpa

                              • 8.8.8.8:53
                                254.23.238.8.in-addr.arpa
                                dns
                                71 B
                                 125 B
                                 1
                                1

                                DNS Request

                                254.23.238.8.in-addr.arpa

                              • 8.8.8.8:53
                                213.250.70.66.in-addr.arpa
                                dns
                                72 B
                                 109 B
                                 1
                                1

                                DNS Request

                                213.250.70.66.in-addr.arpa

                              • 8.8.8.8:53
                                39.68.225.185.in-addr.arpa
                                dns
                                72 B
                                 132 B
                                 1
                                1

                                DNS Request

                                39.68.225.185.in-addr.arpa

                              • 8.8.8.8:53
                                75.121.18.2.in-addr.arpa
                                dns
                                70 B
                                 133 B
                                 1
                                1

                                DNS Request

                                75.121.18.2.in-addr.arpa

                              • 8.8.8.8:53
                                57.169.31.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                57.169.31.20.in-addr.arpa

                              • 8.8.8.8:53
                                54.120.234.20.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                54.120.234.20.in-addr.arpa

                              • 8.8.8.8:53
                                86f3b1a3-94ec5259.congressosbdv.com.br
                                dns
                                chrome.exe
                                84 B
                                 100 B
                                 1
                                1

                                DNS Request

                                86f3b1a3-94ec5259.congressosbdv.com.br

                                DNS Response

                                185.225.68.39

                              • 8.8.8.8:53
                                81133f65-94ec5259.congressosbdv.com.br
                                dns
                                chrome.exe
                                84 B
                                 100 B
                                 1
                                1

                                DNS Request

                                81133f65-94ec5259.congressosbdv.com.br

                                DNS Response

                                185.225.68.39

                              • 8.8.8.8:53
                                3fc6fdea-94ec5259.congressosbdv.com.br
                                dns
                                chrome.exe
                                84 B
                                 100 B
                                 1
                                1

                                DNS Request

                                3fc6fdea-94ec5259.congressosbdv.com.br

                                DNS Response

                                185.225.68.39

                              • 8.8.8.8:53
                                content-autofill.googleapis.com
                                dns
                                chrome.exe
                                77 B
                                 205 B
                                 1
                                1

                                DNS Request

                                content-autofill.googleapis.com

                                DNS Response

                                142.250.179.138
                                142.251.36.42
                                142.250.179.170
                                142.250.179.202
                                142.251.36.10
                                142.251.39.106
                                172.217.168.202
                                172.217.23.202

                              • 8.8.8.8:53
                                138.179.250.142.in-addr.arpa
                                dns
                                74 B
                                 113 B
                                 1
                                1

                                DNS Request

                                138.179.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                clients2.google.com
                                dns
                                chrome.exe
                                65 B
                                 105 B
                                 1
                                1

                                DNS Request

                                clients2.google.com

                                DNS Response

                                142.251.36.46

                              • 142.251.36.46:443
                                clients2.google.com
                                https
                                chrome.exe
                                3.7kB
                                 8.2kB
                                 10
                                12
                              • 224.0.0.251:5353
                                chrome.exe
                                204 B
                                 3
                              • 8.8.8.8:53
                                157.123.68.40.in-addr.arpa
                                dns
                                72 B
                                 146 B
                                 1
                                1

                                DNS Request

                                157.123.68.40.in-addr.arpa

                              • 8.8.8.8:53
                                assets.msn.com
                                dns
                                60 B
                                 278 B
                                 1
                                1

                                DNS Request

                                assets.msn.com

                                DNS Response

                                23.53.42.136
                                23.53.42.128
                                23.53.42.152
                                23.53.42.137
                                23.53.42.144
                                23.53.42.146
                                23.53.42.107
                                23.53.42.121
                                23.53.42.122

                              • 8.8.8.8:53
                                198.187.3.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                198.187.3.20.in-addr.arpa

                              • 8.8.8.8:53
                                136.42.53.23.in-addr.arpa
                                dns
                                71 B
                                 135 B
                                 1
                                1

                                DNS Request

                                136.42.53.23.in-addr.arpa

                              • 8.8.8.8:53
                                8.3.197.209.in-addr.arpa
                                dns
                                70 B
                                 111 B
                                 1
                                1

                                DNS Request

                                8.3.197.209.in-addr.arpa

                              • 8.8.8.8:53
                                240.81.21.72.in-addr.arpa
                                dns
                                71 B
                                 142 B
                                 1
                                1

                                DNS Request

                                240.81.21.72.in-addr.arpa

                              • 8.8.8.8:53
                                43.229.111.52.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                43.229.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                8.179.89.13.in-addr.arpa
                                dns
                                70 B
                                 144 B
                                 1
                                1

                                DNS Request

                                8.179.89.13.in-addr.arpa

                              MITRE ATT&CK Enterprise v6

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                72B

                                MD5

                                d83677ebc29d0ed5519cf06aa5cac227

                                SHA1

                                c3f074e1e4dc230d00b9415310c1f2966a19655e

                                SHA256

                                e7d79a91aa3fa010fc100991cb5b15d8a03787bcedabf2b4502f24e91e8be7c4

                                SHA512

                                2924f2ce3a93db0fc447a44482583ec11923ac6086ce084e521780110e0bfca855121eead14875308594ee9fc842dc1e625697afb4cff4d4ae872dafff204962

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                2KB

                                MD5

                                a7ad25bd8bb10fe432d6265470506dc5

                                SHA1

                                32b28628ae313c9909f8332c8e6f9d74f1c695ed

                                SHA256

                                ae9e37e79018ebb387835d07e33488ecff6c804466434fb6728dd14909edf1e0

                                SHA512

                                fb1e95c97656ac798430c79e73eeb14debc96d4da4bf43f2d96f1da9ff5e20c9d40edf3b4d736ec3561ce45ba5c4d12de7f94ba8f18846125ac10c84f855d01c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                705B

                                MD5

                                89afd1e8c47a27906cdf7f0d803b5144

                                SHA1

                                592d69ad415f94a7dcb204fc673f8afe18ed78e7

                                SHA256

                                5e36477ecd77813ff36abebfa49dce66c2ab90024d5e02535e538f1d17834913

                                SHA512

                                375b14ad2b85d5af84342d7fa8e8770c3a2863fe6baaf53a350eb01a1ee85a568f0b00efa1453614b6d5ebb58ea9ce71903f87a7a9f30b1333b995a41c76105f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                8431b4de3119bb559e959e4543f918aa

                                SHA1

                                e253cd849d68d6290b6364ec7436ac4979f218ef

                                SHA256

                                3151b46ade0d3bb68ab913f56fbc7fce1d9d03861f0939c0564bc989db699045

                                SHA512

                                3f723d2eb9aea46044ff19cf27d5a8f7f2636f3f9ff2ab06d86cd08fa14bd2ca40cc3abe4067a1feebe3a024b18bf2a165cc5636e1fab92f28837059671f1738

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                274cf97cfa0d24496bc317e04b3eacb2

                                SHA1

                                04d4a0c0c2679861f1548f6a3fe50575dd748489

                                SHA256

                                9a0a4e82a34a2790bdec2ee76590b0450090769b2e38b1ea0ebcc2b3a1cd2478

                                SHA512

                                d8963c747152b461b125ce82fc1f9e3e9a5edaf3cb03983ad0e1ba88af9598d9be6841a4c2dabffb26bb1d205931b94a84ac5219b09fe963be473560e840c8bb

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                371c829799645de1979ab958a2d8fb18

                                SHA1

                                6200b375d1ca94c6403d368931142b88202352af

                                SHA256

                                9c1d7d1740b9ad7ab138d62dcd1fb76e6b15a0cf98282b2fa57a3441bbe1a5b4

                                SHA512

                                e947499518d13e2716bc508c22b2fc7b23b5fafc921b859e1a4251eaed7c21be36030712d515501793a32443212cdecc30cd9b90510ab9d4cd37ee08ff33dc98

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                Filesize

                                15KB

                                MD5

                                4e13e22da1aec60e57a92d7297606da1

                                SHA1

                                26067c91297188a0f3782b675002078e516b2d52

                                SHA256

                                403d2d27a85a6243eff064494e14c5e8fc629ff23836a69c7d9bb0fc2c842912

                                SHA512

                                d6181f0d01a6047f580f00f5a56baeca3b3149c531322b6c9b8d5ab7d75ffde4c285e1ad596c9c6bd8faa7c8ed6a499210db0f8eb89cecf610947f059d01de7c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                89KB

                                MD5

                                340cc8a19d2d84392671c63251db80af

                                SHA1

                                399fbdf460a9a113bed35b9730242b2ab4e187a2

                                SHA256

                                07f929d3e47789c7e07c9c39f656491a7630b120f1d65f56d51efac1abe02c3e

                                SHA512

                                3cbfaf7bac64e106234ecf64af4e08370bc8f601c8666963237f0bc1c1336c7f5f461c2856dbe575afcb9fc419a2836c135eaf6498ead19788a9aaa6fe55a68e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                173KB

                                MD5

                                447f16bf76ba1a25f123d4526946211f

                                SHA1

                                18ab35715e2a326391279db4253d4c779b7ace4f

                                SHA256

                                992b5a80f284ec8ecdf66c2284fa6c914d51a00de55f4e449f035c5bbee0263d

                                SHA512

                                2523541714a99eb5ecc1fb857347f1af47ad30f3a48268da158e7998d2b3c0bbd5e8a7d3f99cb019d213fec71ff8cfae09727cccce5bd0b82f653f4638c48b37

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                193KB

                                MD5

                                c7c84a02804a260d32c932cabe6192fe

                                SHA1

                                6d2072f6682959165b0c7bebcfb2ef2dc6016ac5

                                SHA256

                                a46340001f6be0896627c499c3863ffe261eed30c75e6d8df7932382a189d47a

                                SHA512

                                fc27c4b5d2fd1a0f90a7602de0e9d43fc8dba2f140d232fb5111e7a35478aef43ca3fde715730324dd9e756d2b6b3dcfe186020a8f065862fb67d0cd5e0b6829

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                174KB

                                MD5

                                cb63d39e887a1df4e01e52e1dea86d55

                                SHA1

                                f3bc4acea5a34e2b92b686d9e4c66e0b7f8d439c

                                SHA256

                                3df1a2a35465ba1578b83fa6477814cb645793cc691a8a171420f2f9cbaf0624

                                SHA512

                                fcb5379bacd441c6ec18a74893ad189bf8735c2f76dfccaff84e4ab753c8e59e3bcec6acc1941dee6bec6b446a02d35612aee0caea0f1eb83629487935878a01

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                Download Submit

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.