Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 14:02 UTC
Static task
static1
Behavioral task
behavioral1
Sample
920c4ee004fb901aa1ffecd185417b7c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
920c4ee004fb901aa1ffecd185417b7c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
920c4ee004fb901aa1ffecd185417b7c_JaffaCakes118.html
-
Size
37KB
-
MD5
920c4ee004fb901aa1ffecd185417b7c
-
SHA1
1f4eb3155204f4330508bd6e7c3b0b6a9a117256
-
SHA256
3d1463a0bc570273ab82cb36c47254dbaa098584024115b09f1d8fd76979f492
-
SHA512
89dfac823909819a1720ec5398d928c39b7eb849cf0daf1fc7ded9683d86392e3b875dcb445f2bc70685c54648c3aacb2731c98b03e3f54ae17504fe6099f1c6
-
SSDEEP
384:WjvHwduTvmBxnxVRLq1+c1XWV+PzCsBSGXNEu0:WjquTv2nxXLm9RWIVB/XNEB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3736 msedge.exe 3736 msedge.exe 1140 msedge.exe 1140 msedge.exe 1132 identity_helper.exe 1132 identity_helper.exe 824 msedge.exe 824 msedge.exe 824 msedge.exe 824 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1140 wrote to memory of 4408 1140 msedge.exe 82 PID 1140 wrote to memory of 4408 1140 msedge.exe 82 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 4072 1140 msedge.exe 83 PID 1140 wrote to memory of 3736 1140 msedge.exe 84 PID 1140 wrote to memory of 3736 1140 msedge.exe 84 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85 PID 1140 wrote to memory of 2128 1140 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\920c4ee004fb901aa1ffecd185417b7c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc47182⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:12⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,682710669934653425,11515995985815140218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:824
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4796
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestgreene.plIN AResponsegreene.plIN A185.253.212.22
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/menu/MenuMatic.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/style.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/css/screen.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/menu/MenuMatic_0.68.3.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/plugins/wp-cumulus/swfobject.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/menu/MenuMatic_0.68.3.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/menu/MenuMatic.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:8.8.8.8:53Requestwww.cpmprofit.comIN AResponsewww.cpmprofit.comIN A95.211.219.67
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request3.181.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.212.253.185.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request216.107.17.2.in-addr.arpaIN PTRResponse216.107.17.2.in-addr.arpaIN PTRa2-17-107-216deploystaticakamaitechnologiescom
-
Remote address:185.253.212.22:80RequestGET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:18 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
GEThttp://www.cpmprofit.com/ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300msedge.exeRemote address:95.211.219.67:80RequestGET /ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300 HTTP/1.1
Host: www.cpmprofit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 550
content-type: text/html; charset=utf-8
date: Mon, 03 Jun 2024 14:02:18 GMT
server: nginx
set-cookie: sid=e3ff47f0-21b1-11ef-80ce-cbaec8d0d160; path=/; domain=.cpmprofit.com; expires=Sat, 21 Jun 2092 17:16:25 GMT; max-age=2147483647; HttpOnly
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/images/logo.png HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/images/search.gif HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A163.70.151.35
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/images/rss.png HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/images/facebook.png HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /reklama/tymkan.jpg HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /reklama/prfb.gif HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
GEThttp://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21msedge.exeRemote address:163.70.151.35:80RequestGET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 03 Jun 2024 14:02:19 GMT
Connection: keep-alive
Content-Length: 0
-
Remote address:8.8.8.8:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A216.58.212.206youtube-ui.l.google.comIN A172.217.169.78
-
Remote address:185.253.212.22:80RequestGET /wp-content/plugins/wp-cumulus/swfobject.js HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /reklama/myroom.jpg HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:142.250.179.238:80RequestGET /embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1 HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2024 14:02:19 GMT
Location: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
-
Remote address:185.253.212.22:80RequestGET /wp-content/themes/Elma/css/print.css HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:185.253.212.22:80RequestGET /reklama/ki.jpg HTTP/1.1
Host: greene.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 403 Forbidden
Date: Mon, 03 Jun 2024 14:02:19 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
-
Remote address:142.250.179.238:443RequestGET /embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1 HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.179.238:443RequestGET /s/player/79e6d03a/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.179.238:443RequestGET /s/player/79e6d03a/player_ias.vflset/en_US/embed.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.jsmsedge.exeRemote address:142.250.179.238:443RequestGET /s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.179.238:443RequestGET /s/player/79e6d03a/player_ias.vflset/en_US/base.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:216.58.213.14:80RequestGET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Mon, 03 Jun 2024 13:26:01 GMT
Expires: Mon, 03 Jun 2024 15:26:01 GMT
Cache-Control: public, max-age=7200
Age: 2178
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Requesti.ytimg.comIN AResponsei.ytimg.comIN A142.250.200.54i.ytimg.comIN A216.58.201.118i.ytimg.comIN A216.58.204.86i.ytimg.comIN A216.58.213.22i.ytimg.comIN A172.217.169.22i.ytimg.comIN A216.58.212.214i.ytimg.comIN A142.250.179.246i.ytimg.comIN A142.250.180.22i.ytimg.comIN A142.250.187.214i.ytimg.comIN A142.250.187.246i.ytimg.comIN A142.250.178.22i.ytimg.comIN A172.217.16.246i.ytimg.comIN A142.250.200.22
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request67.219.211.95.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request35.151.70.163.in-addr.arpaIN PTRResponse35.151.70.163.in-addr.arpaIN PTRedge-star-mini-shv-02-lhr6facebookcom
-
Remote address:8.8.8.8:53Request238.179.250.142.in-addr.arpaIN PTRResponse238.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f141e100net
-
Remote address:8.8.8.8:53Request14.213.58.216.in-addr.arpaIN PTRResponse14.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f141e100net14.213.58.216.in-addr.arpaIN PTRber01s14-in-f14�H
-
Remote address:142.250.200.54:443RequestGET /vi_webp/MDp4RBLZHWU/sddefault.webp HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestgoogleads.g.doubleclick.netIN AResponsegoogleads.g.doubleclick.netIN A216.58.212.194
-
Remote address:216.58.212.194:443RequestGET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requeststatic.doubleclick.netIN AResponsestatic.doubleclick.netIN A216.58.213.6
-
Remote address:8.8.8.8:53Requestjnn-pa.googleapis.comIN AResponsejnn-pa.googleapis.comIN A172.217.16.234jnn-pa.googleapis.comIN A142.250.200.10jnn-pa.googleapis.comIN A142.250.200.42jnn-pa.googleapis.comIN A216.58.201.106jnn-pa.googleapis.comIN A216.58.204.74jnn-pa.googleapis.comIN A216.58.213.10jnn-pa.googleapis.comIN A216.58.212.202jnn-pa.googleapis.comIN A142.250.179.234jnn-pa.googleapis.comIN A142.250.180.10jnn-pa.googleapis.comIN A142.250.187.202jnn-pa.googleapis.comIN A142.250.187.234jnn-pa.googleapis.comIN A142.250.178.10
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.187.196
-
Remote address:8.8.8.8:53Requestyt3.ggpht.comIN AResponseyt3.ggpht.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.180.1
-
Remote address:8.8.8.8:53Requestyt3.ggpht.comIN A
-
Remote address:216.58.213.6:443RequestGET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:172.217.16.234:443RequestOPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.187.196:443RequestGET /js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request99.201.58.216.in-addr.arpaIN PTRResponse99.201.58.216.in-addr.arpaIN PTRprg03s02-in-f991e100net99.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f3�H99.201.58.216.in-addr.arpaIN PTRprg03s02-in-f3�H
-
Remote address:8.8.8.8:53Request54.200.250.142.in-addr.arpaIN PTRResponse54.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f221e100net
-
Remote address:8.8.8.8:53Request194.212.58.216.in-addr.arpaIN PTRResponse194.212.58.216.in-addr.arpaIN PTRams16s21-in-f21e100net194.212.58.216.in-addr.arpaIN PTRams16s21-in-f194�H194.212.58.216.in-addr.arpaIN PTRlhr25s27-in-f2�H
-
Remote address:8.8.8.8:53Request6.213.58.216.in-addr.arpaIN PTRResponse6.213.58.216.in-addr.arpaIN PTRber01s14-in-f61e100net6.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f6�F
-
Remote address:8.8.8.8:53Request234.16.217.172.in-addr.arpaIN PTRResponse234.16.217.172.in-addr.arpaIN PTRmad08s04-in-f101e100net234.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f10�I
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A172.217.169.46
-
Remote address:172.217.169.46:443RequestOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://yt3.ggpht.com/ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rjmsedge.exeRemote address:142.250.180.1:443RequestGET /ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request46.169.217.172.in-addr.arpaIN PTRResponse46.169.217.172.in-addr.arpaIN PTRlhr48s08-in-f141e100net
-
Remote address:8.8.8.8:53Request195.212.58.216.in-addr.arpaIN PTRResponse195.212.58.216.in-addr.arpaIN PTRams16s21-in-f31e100net195.212.58.216.in-addr.arpaIN PTRlhr25s27-in-f3�H195.212.58.216.in-addr.arpaIN PTRams16s21-in-f195�H
-
Remote address:8.8.8.8:53Request1.180.250.142.in-addr.arpaIN PTRResponse1.180.250.142.in-addr.arpaIN PTRlhr25s32-in-f11e100net
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request30.243.111.52.in-addr.arpaIN PTRResponse
-
576 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.cssHTTP Response
403 -
567 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/style.cssHTTP Response
403 -
572 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/css/screen.cssHTTP Response
403 -
185.253.212.22:80http://greene.pl/wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.jshttpmsedge.exe573 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/menu/mootools-1.2.1-core-yc.jsHTTP Response
403 -
567 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.jsHTTP Response
403 -
185.253.212.22:80http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70httpmsedge.exe591 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70HTTP Response
403 -
562 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.jsHTTP Response
403 -
567 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic_0.68.3.jsHTTP Response
403 -
576 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/menu/MenuMatic.cssHTTP Response
403 -
185.253.212.22:80http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70httpmsedge.exe591 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70HTTP Response
403 -
95.211.219.67:80http://www.cpmprofit.com/ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300httpmsedge.exe600 B 1.2kB 5 5
HTTP Request
GET http://www.cpmprofit.com/ads.php?r=1752396523f8d6274a8bab9e88da68b6d27dc8f414265329&popup=0&f=300HTTP Response
200 -
608 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/images/logo.pngHTTP Response
403 -
610 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/images/search.gifHTTP Response
403 -
607 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/images/rss.pngHTTP Response
403 -
612 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/images/facebook.pngHTTP Response
403 -
588 B 899 B 5 5
HTTP Request
GET http://greene.pl/reklama/tymkan.jpgHTTP Response
403 -
586 B 899 B 5 5
HTTP Request
GET http://greene.pl/reklama/prfb.gifHTTP Response
403 -
163.70.151.35:80http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21httpmsedge.exe936 B 602 B 7 5
HTTP Request
GET http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fgreene.polska&layout=button_count&show_faces=false&width=4500&action=like&font=arial&colorscheme=light&height=21HTTP Response
301 -
562 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/plugins/wp-cumulus/swfobject.jsHTTP Response
403 -
588 B 899 B 5 5
HTTP Request
GET http://greene.pl/reklama/myroom.jpgHTTP Response
403 -
1.9kB 5.8kB 14 15
-
142.250.179.238:80http://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1httpmsedge.exe812 B 708 B 7 6
HTTP Request
GET http://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1HTTP Response
301 -
571 B 899 B 5 5
HTTP Request
GET http://greene.pl/wp-content/themes/Elma/css/print.cssHTTP Response
403 -
584 B 899 B 5 5
HTTP Request
GET http://greene.pl/reklama/ki.jpgHTTP Response
403 -
142.250.179.238:443https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.jstls, http2msedge.exe21.7kB 1.1MB 436 795
HTTP Request
GET https://www.youtube.com/embed/MDp4RBLZHWU?hl=en&fs=1&rel=0&border=1HTTP Request
GET https://www.youtube.com/s/player/79e6d03a/www-player.cssHTTP Request
GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.jsHTTP Request
GET https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.jsHTTP Request
GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js -
908 B 18.4kB 13 18
HTTP Request
GET http://www.google-analytics.com/ga.jsHTTP Response
200 -
2.0kB 19.3kB 19 23
HTTP Request
GET https://i.ytimg.com/vi_webp/MDp4RBLZHWU/sddefault.webp -
1.8kB 6.9kB 14 15
HTTP Request
GET https://googleads.g.doubleclick.net/pagead/id -
1.9kB 6.9kB 17 15
HTTP Request
GET https://static.doubleclick.net/instream/ad_status.js -
172.217.16.234:443https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Createtls, http2msedge.exe1.9kB 7.1kB 17 18
HTTP Request
OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create -
142.250.187.196:443https://www.google.com/js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.jstls, http2msedge.exe2.5kB 27.8kB 30 31
HTTP Request
GET https://www.google.com/js/th/8RF9Niw07aUICNCAbe3-TNvweVXnMmbokKfNU9TTb8E.js -
172.217.169.46:443https://play.google.com/log?format=json&hasfast=true&authuser=0tls, http2msedge.exe1.8kB 8.6kB 15 17
HTTP Request
OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0 -
142.250.180.1:443https://yt3.ggpht.com/ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rjtls, http2msedge.exe2.0kB 13.4kB 17 21
HTTP Request
GET https://yt3.ggpht.com/ytc/AIdro_lUcZRBKCZClua6ec-95rA-lsAG3vhEsH3yGOfZQgHk9D8=s68-c-k-c0x00ffffff-no-rj
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
55 B 71 B 1 1
DNS Request
greene.pl
DNS Response
185.253.212.22
-
63 B 79 B 1 1
DNS Request
www.cpmprofit.com
DNS Response
95.211.219.67
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
3.181.190.20.in-addr.arpa
-
73 B 138 B 1 1
DNS Request
22.212.253.185.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
216.107.17.2.in-addr.arpa
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
163.70.151.35
-
61 B 287 B 1 1
DNS Request
www.youtube.com
DNS Response
142.250.179.238142.250.180.14142.250.187.206142.250.187.238142.250.178.14172.217.16.238142.250.200.14142.250.200.46216.58.201.110216.58.204.78216.58.212.206172.217.169.78
-
57 B 265 B 1 1
DNS Request
i.ytimg.com
DNS Response
142.250.200.54216.58.201.118216.58.204.86216.58.213.22172.217.169.22216.58.212.214142.250.179.246142.250.180.22142.250.187.214142.250.187.246142.250.178.22172.217.16.246142.250.200.22
-
17.0kB 43.7kB 34 45
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 135 B 1 1
DNS Request
67.219.211.95.in-addr.arpa
-
72 B 125 B 1 1
DNS Request
35.151.70.163.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
238.179.250.142.in-addr.arpa
-
72 B 141 B 1 1
DNS Request
14.213.58.216.in-addr.arpa
-
73 B 89 B 1 1
DNS Request
googleads.g.doubleclick.net
DNS Response
216.58.212.194
-
68 B 84 B 1 1
DNS Request
static.doubleclick.net
DNS Response
216.58.213.6
-
67 B 259 B 1 1
DNS Request
jnn-pa.googleapis.com
DNS Response
172.217.16.234142.250.200.10142.250.200.42216.58.201.106216.58.204.74216.58.213.10216.58.212.202142.250.179.234142.250.180.10142.250.187.202142.250.187.234142.250.178.10
-
3.6kB 7.5kB 8 10
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.187.196
-
118 B 120 B 2 1
DNS Request
yt3.ggpht.com
DNS Request
yt3.ggpht.com
DNS Response
142.250.180.1
-
6.5kB 50.6kB 29 46
-
72 B 169 B 1 1
DNS Request
99.201.58.216.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
54.200.250.142.in-addr.arpa
-
73 B 171 B 1 1
DNS Request
194.212.58.216.in-addr.arpa
-
71 B 138 B 1 1
DNS Request
6.213.58.216.in-addr.arpa
-
73 B 142 B 1 1
DNS Request
234.16.217.172.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
play.google.com
DNS Response
172.217.169.46
-
8.3kB 10.6kB 17 20
-
73 B 112 B 1 1
DNS Request
46.169.217.172.in-addr.arpa
-
73 B 171 B 1 1
DNS Request
195.212.58.216.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
1.180.250.142.in-addr.arpa
-
576 B 9
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
30.243.111.52.in-addr.arpa
-
2.5kB 3.8kB 11 12
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5fdff7ed84cda899f233fa0d371638697
SHA146e3abe11d0a7e985fb9bf08d539a41c2ca6feef
SHA25652c0b5e4c22099ec44b25bf96c9ecf5ac8451d5a938641f3b6e4c8f575170c38
SHA512304fb48def289f1c87f6f22c6a03fa0cf1232db3575728b3032671868c60a99a5667851502da17318e9ebf732d1d6268bed6f764c203b73d6aaa5c6b31922e62
-
Filesize
2KB
MD50833164c016835c20eaea56853f3bb3e
SHA169a0c4bfde64f940e396d797fdcded5a20311008
SHA256eec7ecf3c39571d6667f19106b2b24e207b08c563c25954fbbc02336446dc36b
SHA512119284c2f5bc031ec2a7a3071caf7cc7a7ea15b358992d79a7f0d77246b1e982012aaaab1336dae851e76bd889ebf472dbd7b4bb7cd29307a61d58e7c0aff563
-
Filesize
2KB
MD5da3da8e313cbe3890796aa97d4167492
SHA15c6ea53e5a842dab7e48ac6326b56ef27bd31cc0
SHA256f99865d367d8d8aa0a2329a6887e496d9cfef1036e4e0e63f30b67744cf99769
SHA512556176bcacfb6156827d6893c6916b812182a045ebdad3cbe022ae613935986ca4b2330ee1e9ab204a53263efd8954db905f064cdcfd0ee7eaf451f872ee6205
-
Filesize
5KB
MD59f96fe5b7923dba795b14cc6e92a4b02
SHA12cd0fe6f3e7a2c85bdd9aff5873b8c621440d9d4
SHA2562ab6463ff40c44a64b1cc7182a8b3f593e64f398615f75bad88c59802e692f3e
SHA5129e38fe993998c1cde44ad66a407e7b1c9e476b1cea90f368bfd828dd6ba5ad2a71359fd588a016068cf3dcf6b0e75e21f07155198318d4ca69e9619810733794
-
Filesize
7KB
MD5525a4871d5f081135842823ae2bfe61d
SHA137829f4b5c7df8d21609ddf0eb719b3990df31e8
SHA256772ff5b007de708146ca1249f8ccf9bc4df4689361efb2b65cda45f616d24157
SHA5120de204f864e88b888b805de96eb3fed7a2402f591202a69c0ef413a61bacdfc98a1eb5693c888286c6e223cd8ecc9185451fa4e9dc45936ef07a2d2f0847c931
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5484c63f874e77cf482fc253b943bf970
SHA1528490c269cc4a54f59232b633e7f2fe1178f160
SHA256cca5e64c03a3bf67ac920f05f9d41b542808942d716e6e53a46dbf469aafb8bf
SHA512ec639e20948ca2df3eb5c28160039a0e85e052f14bef6550034aaed49bc0f756df06c55515ec414970b1472a4805ddfede37cb5ce04d4d0d4ae1484c6a0efedb