3d1463a0bc570273ab82cb36c47254dbaa098584024115b09f1d8fd76979f492

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 14:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

920c4ee004fb901aa1ffecd185417b7c_JaffaCakes118.html
Size

37KB
MD5

920c4ee004fb901aa1ffecd185417b7c
SHA1

1f4eb3155204f4330508bd6e7c3b0b6a9a117256
SHA256

3d1463a0bc570273ab82cb36c47254dbaa098584024115b09f1d8fd76979f492
SHA512

89dfac823909819a1720ec5398d928c39b7eb849cf0daf1fc7ded9683d86392e3b875dcb445f2bc70685c54648c3aacb2731c98b03e3f54ae17504fe6099f1c6
SSDEEP

384:WjvHwduTvmBxnxVRLq1+c1XWV+PzCsBSGXNEu0:WjquTv2nxXLm9RWIVB/XNEB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
1140	msedge.exe
1140	msedge.exe
1132	identity_helper.exe
1132	identity_helper.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 4408	1140	msedge.exe	82
PID 1140 wrote to memory of 4408	1140	msedge.exe	82
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 4072	1140	msedge.exe	83
PID 1140 wrote to memory of 3736	1140	msedge.exe	84
PID 1140 wrote to memory of 3736	1140	msedge.exe	84
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85
PID 1140 wrote to memory of 2128	1140	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\920c4ee004fb901aa1ffecd185417b7c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc4718
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

greene.pl

msedge.exe

Remote address:

8.8.8.8:53

Request

greene.pl

IN A

Response

greene.pl

IN A

185.253.212.22
GET

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.css

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/menu/MenuMatic.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/style.css

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/style.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/css/screen.css

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/css/screen.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.js

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.js

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/menu/MenuMatic_0.68.3.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.js

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/plugins/wp-cumulus/swfobject.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.js

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/menu/MenuMatic_0.68.3.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.css

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/menu/MenuMatic.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
DNS

www.cpmprofit.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.cpmprofit.com

IN A

Response

www.cpmprofit.com

IN A

95.211.219.67
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

3.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.181.190.20.in-addr.arpa

IN PTR

Response
DNS

22.212.253.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.212.253.185.in-addr.arpa

IN PTR

Response
DNS

216.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.107.17.2.in-addr.arpa

IN PTR

Response

216.107.17.2.in-addr.arpa

IN PTR

a2-17-107-216deploystaticakamaitechnologiescom
GET

http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://www.cpmprofit.com/ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300

msedge.exe

Remote address:

95.211.219.67:80

Request

GET /ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300 HTTP/1.1
Host: www.cpmprofit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 550
content-type: text/html; charset=utf-8
date: Mon, 03 Jun 2024 14:02:18 GMT
server: nginx
set-cookie: sid=e3ff47f0-21b1-11ef-80ce-cbaec8d0d160; path=/; domain=.cpmprofit.com; expires=Sat, 21 Jun 2092 17:16:25 GMT; max-age=2147483647; HttpOnly
GET

http://greene.pl/wp-content/themes/Elma/images/logo.png

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/images/logo.png HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/images/search.gif

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/images/search.gif HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
GET

http://greene.pl/wp-content/themes/Elma/images/rss.png

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/images/rss.png HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/wp-content/themes/Elma/images/facebook.png

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/images/facebook.png HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/reklama/tymkan.jpg

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /reklama/tymkan.jpg HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/reklama/prfb.gif

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /reklama/prfb.gif HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21

msedge.exe

Remote address:

163.70.151.35:80

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 03 Jun 2024 14:02:19 GMT
Connection: keep-alive
Content-Length: 0
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.78
GET

http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.js

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/plugins/wp-cumulus/swfobject.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/reklama/myroom.jpg

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /reklama/myroom.jpg HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1

msedge.exe

Remote address:

142.250.179.238:80

Request

GET /embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1 HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2024 14:02:19 GMT
Location: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://greene.pl/wp-content/themes/Elma/css/print.css

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /wp-content/themes/Elma/css/print.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

http://greene.pl/reklama/ki.jpg

msedge.exe

Remote address:

185.253.212.22:80

Request

GET /reklama/ki.jpg HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Server: nginx
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
GET

https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1 HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/79e6d03a/www-player.css

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/embed.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/base.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Mon, 03 Jun 2024 13:26:01 GMT
Expires: Mon, 03 Jun 2024 15:26:01 GMT
Cache-Control: public, max-age=7200
Age: 2178
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

67.219.211.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.219.211.95.in-addr.arpa

IN PTR

Response
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f14�H
GET

https://i.ytimg.com/vi_webp/MDp4RBLZHWU/sddefault.webp

msedge.exe

Remote address:

142.250.200.54:443

Request

GET /vi_webp/MDp4RBLZHWU/sddefault.webp HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.212.194
GET

https://googleads.g.doubleclick.net/pagead/id

msedge.exe

Remote address:

216.58.212.194:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.213.6
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

yt3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

yt3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A
GET

https://static.doubleclick.net/instream/ad_status.js

msedge.exe

Remote address:

216.58.213.6:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

172.217.16.234:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.js

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H
DNS

54.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.200.250.142.in-addr.arpa

IN PTR

Response

54.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f221e100net
DNS

194.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.212.58.216.in-addr.arpa

IN PTR

Response

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f21e100net

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f194�H

194.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f2�H
DNS

6.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.213.58.216.in-addr.arpa

IN PTR

Response

6.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f61e100net

6.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f6�F
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.169.46
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

172.217.169.46:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rj

msedge.exe

Remote address:

142.250.180.1:443

Request

GET /ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

46.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.169.217.172.in-addr.arpa

IN PTR

Response

46.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f141e100net
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f31e100net

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�H

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f195�H
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response

185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.css

http

msedge.exe

576 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.css

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/style.css

http

msedge.exe

567 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/style.css

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/css/screen.css

http

msedge.exe

572 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/css/screen.css

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.js

http

msedge.exe

573 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.js

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.js

http

msedge.exe

567 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.js

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

http

msedge.exe

591 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.js

http

msedge.exe

562 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.js

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.js

http

msedge.exe

567 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.js

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.css

http

msedge.exe

576 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.css

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

http

msedge.exe

591 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

HTTP Response

403
95.211.219.67:80

http://www.cpmprofit.com/ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300

http

msedge.exe

600 B
1.2kB
5
5

HTTP Request

GET http://www.cpmprofit.com/ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300

HTTP Response

200
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/images/logo.png

http

msedge.exe

608 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/images/logo.png

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/images/search.gif

http

msedge.exe

610 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/images/search.gif

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/images/rss.png

http

msedge.exe

607 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/images/rss.png

HTTP Response

403
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/images/facebook.png

http

msedge.exe

612 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/images/facebook.png

HTTP Response

403
185.253.212.22:80

http://greene.pl/reklama/tymkan.jpg

http

msedge.exe

588 B
899 B
5
5

HTTP Request

GET http://greene.pl/reklama/tymkan.jpg

HTTP Response

403
185.253.212.22:80

http://greene.pl/reklama/prfb.gif

http

msedge.exe

586 B
899 B
5
5

HTTP Request

GET http://greene.pl/reklama/prfb.gif

HTTP Response

403
163.70.151.35:80

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21

http

msedge.exe

936 B
602 B
7
5

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21

HTTP Response

301
185.253.212.22:80

http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.js

http

msedge.exe

562 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.js

HTTP Response

403
185.253.212.22:80

http://greene.pl/reklama/myroom.jpg

http

msedge.exe

588 B
899 B
5
5

HTTP Request

GET http://greene.pl/reklama/myroom.jpg

HTTP Response

403
163.70.151.35:443

www.facebook.com

tls

msedge.exe

1.9kB
5.8kB
14
15
142.250.179.238:80

http://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1

http

msedge.exe

812 B
708 B
7
6

HTTP Request

GET http://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1

HTTP Response

301
185.253.212.22:80

http://greene.pl/wp-content/themes/Elma/css/print.css

http

msedge.exe

571 B
899 B
5
5

HTTP Request

GET http://greene.pl/wp-content/themes/Elma/css/print.css

HTTP Response

403
185.253.212.22:80

http://greene.pl/reklama/ki.jpg

http

msedge.exe

584 B
899 B
5
5

HTTP Request

GET http://greene.pl/reklama/ki.jpg

HTTP Response

403
142.250.179.238:443

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js

tls, http2

msedge.exe

21.7kB
1.1MB
436
795

HTTP Request

GET https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-player.css

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.4kB
13
18

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
142.250.200.54:443

https://i.ytimg.com/vi_webp/MDp4RBLZHWU/sddefault.webp

tls, http2

msedge.exe

2.0kB
19.3kB
19
23

HTTP Request

GET https://i.ytimg.com/vi_webp/MDp4RBLZHWU/sddefault.webp
216.58.212.194:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

msedge.exe

1.8kB
6.9kB
14
15

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
216.58.213.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

msedge.exe

1.9kB
6.9kB
17
15

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
172.217.16.234:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

1.9kB
7.1kB
17
18

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.187.196:443

https://www.google.com/js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.js

tls, http2

msedge.exe

2.5kB
27.8kB
30
31

HTTP Request

GET https://www.google.com/js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.js
172.217.169.46:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.8kB
8.6kB
15
17

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.180.1:443

https://yt3.ggpht.com/ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rj

tls, http2

msedge.exe

2.0kB
13.4kB
17
21

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rj

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

greene.pl

dns

msedge.exe

55 B
71 B
1
1

DNS Request

greene.pl

DNS Response

185.253.212.22
8.8.8.8:53

www.cpmprofit.com

dns

msedge.exe

63 B
79 B
1
1

DNS Request

www.cpmprofit.com

DNS Response

95.211.219.67
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

3.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

3.181.190.20.in-addr.arpa
8.8.8.8:53

22.212.253.185.in-addr.arpa

dns

73 B
138 B
1
1

DNS Request

22.212.253.185.in-addr.arpa
8.8.8.8:53

216.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

216.107.17.2.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
287 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.212.206

172.217.169.78
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
265 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22

172.217.169.22

216.58.212.214

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22
142.250.179.238:443

www.youtube.com

https

msedge.exe

17.0kB
43.7kB
34
45
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

67.219.211.95.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

67.219.211.95.in-addr.arpa
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.212.194
8.8.8.8:53

static.doubleclick.net

dns

msedge.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.213.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
259 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

216.58.212.202

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10
216.58.212.194:443

googleads.g.doubleclick.net

https

msedge.exe

3.6kB
7.5kB
8
10
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

yt3.ggpht.com

dns

msedge.exe

118 B
120 B
2
1

DNS Request

yt3.ggpht.com

DNS Request

yt3.ggpht.com

DNS Response

142.250.180.1
172.217.16.234:443

jnn-pa.googleapis.com

https

msedge.exe

6.5kB
50.6kB
29
46
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

54.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

54.200.250.142.in-addr.arpa
8.8.8.8:53

194.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

194.212.58.216.in-addr.arpa
8.8.8.8:53

6.213.58.216.in-addr.arpa

dns

71 B
138 B
1
1

DNS Request

6.213.58.216.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.169.46
172.217.169.46:443

play.google.com

https

msedge.exe

8.3kB
10.6kB
17
20
8.8.8.8:53

46.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.169.217.172.in-addr.arpa
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

1.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.180.250.142.in-addr.arpa
224.0.0.251:5353

576 B
9
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
216.58.212.194:443

googleads.g.doubleclick.net

https

msedge.exe

2.5kB
3.8kB
11
12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fdff7ed84cda899f233fa0d371638697

SHA1
46e3abe11d0a7e985fb9bf08d539a41c2ca6feef

SHA256
52c0b5e4c22099ec44b25bf96c9ecf5ac8451d5a938641f3b6e4c8f575170c38

SHA512
304fb48def289f1c87f6f22c6a03fa0cf1232db3575728b3032671868c60a99a5667851502da17318e9ebf732d1d6268bed6f764c203b73d6aaa5c6b31922e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0833164c016835c20eaea56853f3bb3e

SHA1
69a0c4bfde64f940e396d797fdcded5a20311008

SHA256
eec7ecf3c39571d6667f19106b2b24e207b08c563c25954fbbc02336446dc36b

SHA512
119284c2f5bc031ec2a7a3071caf7cc7a7ea15b358992d79a7f0d77246b1e982012aaaab1336dae851e76bd889ebf472dbd7b4bb7cd29307a61d58e7c0aff563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da3da8e313cbe3890796aa97d4167492

SHA1
5c6ea53e5a842dab7e48ac6326b56ef27bd31cc0

SHA256
f99865d367d8d8aa0a2329a6887e496d9cfef1036e4e0e63f30b67744cf99769

SHA512
556176bcacfb6156827d6893c6916b812182a045ebdad3cbe022ae613935986ca4b2330ee1e9ab204a53263efd8954db905f064cdcfd0ee7eaf451f872ee6205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f96fe5b7923dba795b14cc6e92a4b02

SHA1
2cd0fe6f3e7a2c85bdd9aff5873b8c621440d9d4

SHA256
2ab6463ff40c44a64b1cc7182a8b3f593e64f398615f75bad88c59802e692f3e

SHA512
9e38fe993998c1cde44ad66a407e7b1c9e476b1cea90f368bfd828dd6ba5ad2a71359fd588a016068cf3dcf6b0e75e21f07155198318d4ca69e9619810733794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
525a4871d5f081135842823ae2bfe61d

SHA1
37829f4b5c7df8d21609ddf0eb719b3990df31e8

SHA256
772ff5b007de708146ca1249f8ccf9bc4df4689361efb2b65cda45f616d24157

SHA512
0de204f864e88b888b805de96eb3fed7a2402f591202a69c0ef413a61bacdfc98a1eb5693c888286c6e223cd8ecc9185451fa4e9dc45936ef07a2d2f0847c931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
484c63f874e77cf482fc253b943bf970

SHA1
528490c269cc4a54f59232b633e7f2fe1178f160

SHA256
cca5e64c03a3bf67ac920f05f9d41b542808942d716e6e53a46dbf469aafb8bf

SHA512
ec639e20948ca2df3eb5c28160039a0e85e052f14bef6550034aaed49bc0f756df06c55515ec414970b1472a4805ddfede37cb5ce04d4d0d4ae1484c6a0efedb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response