4f7322ae2847a6b4b10c3c8c4dae64517c942b9be39499176016db322292efdb

Analysis

max time kernel
132s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 17:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html
Size

12KB
MD5

9297739a99ceefeb71db023e8a251cb4
SHA1

d71e9ba32f08ba7232214cd5db9aa912212d47f3
SHA256

4f7322ae2847a6b4b10c3c8c4dae64517c942b9be39499176016db322292efdb
SHA512

0679ebba9696b2f17ca2877de5aa0861e73cffd70529f35aef415efd15d99f549c20644083022b28d5b47c8d65655924ddde19f87be8bef4c9c31d60b3c35465
SSDEEP

192:j6rOYCqnvZ/B8/FO5r6SQNrmffmnP0WF7Z3uGdeNdj:BY3vpC/FY6SQNrnHuGkNN

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efc06d23f74f9c4391b0a55e92476c9600000000020000000000106600000001000020000000fd2b835038ae1a1f17f923c8f3769f7b9f4121b93202da3c6af0ee112fb886fa000000000e8000000002000020000000497d0bf37e475117fcb546275ae4c0df0c9b08cbb420e9fc890aa8905dbd15a590000000440e9726e60a0a65858afc295f64190e83b5fad42db5ee3bde852488e4d4558d6c4952d5e61a6e9b0431a55a41765aa24b1ef3272bd8b8ed5eab87801d0d138cdafc4cf2752b99dbd02104f39b5559218649cf583b43650fe9b44b5a2b4636ac5c07c2aab98e2146066873da269a014b8591635f3b992516249b7c04a5bad2651148f96bf2d61c31921614d8a12e44c84000000014837aab6a23ad08678e5330c85cef95822ea039a3b84a2e4f002edbd3ff06d667f714801f8db87971ff01c2a51ec5ac7ecbf1ccd4f213e74ee6442fb0b2ec21	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001e4dc3dab5da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efc06d23f74f9c4391b0a55e92476c9600000000020000000000106600000001000020000000b5acacd496092cbf70b0c0029cf6dd5d23093298d1c672ffd74f477e140327c3000000000e8000000002000020000000cef55e7faafe70390824f55cac45c410a2e7fc065f40fd56f595530f9fbe443520000000ef638f1b64e49cb425532b0ca48b0b529e129db989158970f11403fac07b059b400000006959cfe3d4eaea26634fe73f317ba76de7390e332cffbdb879071a46a2e4dd8adc80cbe036b18705010d163eace1789477aa11e6aab6e5740e1c6a9a79173711	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E906F3F1-21CD-11EF-9988-CEEE273A2359} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423597241"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2532	2172	iexplore.exe	28
PID 2172 wrote to memory of 2532	2172	iexplore.exe	28
PID 2172 wrote to memory of 2532	2172	iexplore.exe	28
PID 2172 wrote to memory of 2532	2172	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2532

Network

DNS

pscposty.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pscposty.cz

IN A

Response

pscposty.cz

IN A

172.67.212.254

pscposty.cz

IN A

104.21.85.250
DNS

vydelek-emailem.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

vydelek-emailem.cz

IN A

Response

vydelek-emailem.cz

IN A

80.79.17.21
DNS

authedmine.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

authedmine.com

IN A

Response
GET

http://pscposty.cz/img/1.png

IEXPLORE.EXE

Remote address:

172.67.212.254:80

Request

GET /img/1.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 03 Jun 2024 17:22:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 03 Jun 2024 18:22:55 GMT
Location: https://pscposty.cz/img/1.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UaeEBNSSa90LCxwyDiKEjYyBclyahJP9W7pC%2FjO4FCSauX1SB82K22wcp%2FtLYzTRf79l4GeLvJAARrhphTBn2vEvL2uFzndJOsH7f%2Flpy613o9P7bOlB8YG8Bdsbcg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3a0fb0631c-LHR
alt-svc: h3=":443"; ma=86400
GET

http://pscposty.cz/img/logo.png

IEXPLORE.EXE

Remote address:

172.67.212.254:80

Request

GET /img/logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 03 Jun 2024 17:22:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 03 Jun 2024 18:22:55 GMT
Location: https://pscposty.cz/img/logo.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BnlgRaO6BsQJ2IdAP%2BdEPhX048ajAhUw91aY7WT5i8DsYMDd0bP2PGSEgs08PRxEZQh8jUdW8cL62mjlbKnjvQogXjQe9pz3m0ZkZtc2vmHgEYGSyxuFbYEuUufdWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3a0ca79589-LHR
alt-svc: h3=":443"; ma=86400
GET

http://pscposty.cz/script.js

IEXPLORE.EXE

Remote address:

172.67.212.254:80

Request

GET /script.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 03 Jun 2024 17:22:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 03 Jun 2024 18:22:55 GMT
Location: https://pscposty.cz/script.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mhE0pYnMOn7d62%2BlDPhyQ6fX9nUgBg3S2rzaiNXOqv%2FeOz90NGYDqw7QV8WbOvztpwnRZR8pujGWUnHxkOuDrxo3t5a3uSKBV%2Bm%2FIzLZNhvILV7nwFzzyCsusId%2BoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3a0a8b71fb-LHR
alt-svc: h3=":443"; ma=86400
GET

http://pagead2.googlesyndication.com/pagead/show_ads.js

IEXPLORE.EXE

Remote address:

142.250.180.2:80

Request

GET /pagead/show_ads.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Mon, 03 Jun 2024 17:22:55 GMT
Expires: Mon, 03 Jun 2024 17:22:55 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 14357823300377790061
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 14484
X-XSS-Protection: 0
GET

http://pscposty.cz/img/0.png

IEXPLORE.EXE

Remote address:

172.67.212.254:80

Request

GET /img/0.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 03 Jun 2024 17:22:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 03 Jun 2024 18:22:55 GMT
Location: https://pscposty.cz/img/0.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1cn90u4a%2BlQdKJDFr8xGwWidMFquoB4PwnFjAxuY941OwYOfM8NcvkYjD8fLdfgp7Ng0qYpMVlImikW2Vh8hAUHZJf5g6aumtARbMNNWgg7FW%2Fo%2FcQlgg48R73WwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3a086d9538-LHR
alt-svc: h3=":443"; ma=86400
GET

http://pscposty.cz/style.css?1

IEXPLORE.EXE

Remote address:

172.67.212.254:80

Request

GET /style.css?1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 03 Jun 2024 17:22:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 03 Jun 2024 18:22:55 GMT
Location: https://pscposty.cz/style.css?1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k2gzYmTvjueh8dzLkHNniUD7NPAHjUhnk0qljxGpiAp9lbYXo96o9BDKvktb%2F4nWUuq6pcUKo7fK5vl4IBAGHwHSZxnfmIpdMhTt0menOcCtWz02KjN%2FlD1zvAXA%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3a0d44527d-LHR
alt-svc: h3=":443"; ma=86400
GET

http://vydelek-emailem.cz/ank1.gif

IEXPLORE.EXE

Remote address:

80.79.17.21:80

Request

GET /ank1.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vydelek-emailem.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 03 Jun 2024 17:22:55 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://vydelek-emailem.cz/ank1.gif
GET

https://pscposty.cz/img/1.png

IEXPLORE.EXE

Remote address:

172.67.212.254:443

Request

GET /img/1.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: image/png
Content-Length: 781
Connection: keep-alive
Last-Modified: Wed, 23 May 2012 16:13:30 GMT
ETag: "4fbd0caa-30d"
Expires: Wed, 03 Jul 2024 17:22:56 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qQM3RM8kR4qPUhlGlMOc%2FqcOql%2FnhG%2F4TQZmczZbA4wPvydhiAXAhLv08VxpY%2Fqornmplr9CwbKPROLLtLZUIKZCiU6rhOnE6seK%2B2fcizJmy6SpEFsMyihDwD56jw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3d7cca7321-LHR
alt-svc: h3=":443"; ma=86400
GET

https://pscposty.cz/img/0.png

IEXPLORE.EXE

Remote address:

172.67.212.254:443

Request

GET /img/0.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: image/png
Content-Length: 894
Connection: keep-alive
Last-Modified: Wed, 23 May 2012 16:13:43 GMT
ETag: "4fbd0cb7-37e"
Expires: Wed, 03 Jul 2024 17:22:56 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uKFiAyoFMZBcHs3ewdoS298LKcxR7RQw5HBok3korkbbqSEUkEjGq046QVP2tPp%2BBMOdjhFXQ9YUpOUK%2BNNp0MGlbQwZaXpRYQridGbBMf62DCQUk9XtHpEOyY1nrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3d6f733860-LHR
alt-svc: h3=":443"; ma=86400
GET

https://pscposty.cz/script.js

IEXPLORE.EXE

Remote address:

172.67.212.254:443

Request

GET /script.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K39Dl3Fn6xD1DWiRRqSLbHuDxg3OUjRXNkUrPERLDMQ%2B3zej8bW7csqE3PrqkNYPmEfUdvJ0igsccsYQtb7C0baYkBkivw73yEvDnG5PK%2F6yxsr5Ag4ZNxZtPvGiNA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3d8bc8637d-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://pscposty.cz/style.css?1

IEXPLORE.EXE

Remote address:

172.67.212.254:443

Request

GET /style.css?1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9dPGzkV3ro8CHd3j1Xps%2FPyLtRbxBsAjMb8oHDBjzn4%2B2n13UePGM0HMzW6DAM%2FnTmLQf%2Bb5p4C627Kbr7CURUfIUqZLj%2BBSNyQCY0khW75WKhMCAaMlOtmj1aD0gA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3d7a1f0483-CDG
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://pscposty.cz/img/logo.png

IEXPLORE.EXE

Remote address:

172.67.212.254:443

Request

GET /img/logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pscposty.cz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: image/png
Content-Length: 12152
Connection: keep-alive
Last-Modified: Wed, 23 May 2012 15:24:09 GMT
ETag: "4fbd0119-2f78"
Expires: Wed, 03 Jul 2024 17:22:56 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5a1vUMWX%2BybQUMQl9J7WmCIf3eIXhvOAaf1zd1dSG6wfk89Gd6Molf5ku0yLsmqqbXYwhQRLmgrCGf5jxbGTnb%2BsrWiV90Sv8erlsPAMP57RuqCalPMjow1wGtwNGA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88e15e3d7e926408-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vydelek-emailem.cz/ank1.gif

IEXPLORE.EXE

Remote address:

80.79.17.21:443

Request

GET /ank1.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: vydelek-emailem.cz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: image/gif
Content-Length: 32276
Last-Modified: Fri, 14 Feb 2014 17:38:06 GMT
Connection: keep-alive
ETag: "52fe547e-7e14"
Expires: Wed, 03 Jul 2024 17:22:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
DNS

connect.facebook.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
GET

http://connect.facebook.net/cs_CZ/all.js

IEXPLORE.EXE

Remote address:

163.70.151.21:80

Request

GET /cs_CZ/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://connect.facebook.net/cs_CZ/all.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 03 Jun 2024 17:22:56 GMT
Connection: keep-alive
Content-Length: 0
GET

https://connect.facebook.net/cs_CZ/all.js

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /cs_CZ/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: d45c6a6382337f262e62ca5a308550f4
ETag: "641e103c7ecadcdfb67c0295f77012b4"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
Expires: Mon, 03 Jun 2024 17:42:44 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
X-Content-Type-Options: nosniff
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
content-md5: ewuSGa4FfkD29ybzqlfHZg==
X-FB-Debug: NPSTf+E2vZzukBOghtzeYMKFTK4/xZbkh1hgipybTYZYuGINgK4SOQV1FEPNfwPSJM7qyGpZUgQEEuGrSbwHvA==
Date: Mon, 03 Jun 2024 17:22:59 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=38, rtx=2, c=15, mss=1357, tbw=3225, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1687
GET

https://connect.facebook.net/cs_CZ/all.js?hash=744210ad291fbcaf0fe8c81c3ef96bba

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /cs_CZ/all.js?hash=744210ad291fbcaf0fe8c81c3ef96bba HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: e05e91957ad9ca9159757c8784624098
ETag: "4fc50f8f7e8927777bb053bcc4a3b990"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
Expires: Tue, 03 Jun 2025 16:08:12 GMT
Cache-Control: public,max-age=31536000,stale-while-revalidate=3600,immutable
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
X-Content-Type-Options: nosniff
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
content-md5: Zukxa0/yhHpUrwnBEf+oxg==
X-FB-Debug: SN9DHiuPCMARs2jsCSm6CW+SzdX7CBOOEVICrT6grLUoQ0vNWXy0svAvQXBlb8drw0KkR/Ocz32Mvms2YU3Akw==
Date: Mon, 03 Jun 2024 17:22:59 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=44, rtx=2, c=19, mss=1357, tbw=7799, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 88691
DNS

maps.google.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

maps.google.cz

IN A

Response

maps.google.cz

IN CNAME

maps-cctld.l.google.com

maps-cctld.l.google.com

IN A

142.250.200.35
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Mon, 03 Jun 2024 17:23:02 GMT
Expires: Mon, 03 Jun 2024 17:23:02 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "f9177ff6f5150176"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 56667
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 28 May 2024 16:51:55 GMT
Expires: Wed, 28 May 2025 16:51:55 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 06 May 2024 15:31:30 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 520268
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 35064
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 28 May 2024 16:51:55 GMT
Expires: Wed, 28 May 2025 16:51:55 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 06 May 2024 15:31:30 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 520268
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://maps.google.cz/maps?f=q&source=s_q&hl=cs&z=18&geocode=&q=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&aq=&&brcurrent=10,0,0&ie=UTF8&hq=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&t=h&output=embed

IEXPLORE.EXE

Remote address:

142.250.200.35:80

Request

GET /maps?f=q&source=s_q&hl=cs&z=18&geocode=&q=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&aq=&&brcurrent=10,0,0&ie=UTF8&hq=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&t=h&output=embed HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: maps.google.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.google.com/maps/embed?origin=mfe&pb=!1m4!2m1!1sCZ,50325+%C4%8D.p.+184,+50325,+Dob%C5%99enice+Dob%C5%99enice!5e1!6i18!3m1!1scs!5m1!1scs
Vary: Origin
Vary: X-Origin
Vary: Referer
Date: Mon, 03 Jun 2024 17:22:56 GMT
Content-Type: text/html
Server: scaffolding on HTTPServer2
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/maps/embed?origin=mfe&pb=!1m4!2m1!1sCZ,50325+%C4%8D.p.+184,+50325,+Dob%C5%99enice+Dob%C5%99enice!5e1!6i18!3m1!1scs!5m1!1scs

IEXPLORE.EXE

Remote address:

142.250.187.196:443

Request

GET /maps/embed?origin=mfe&pb=!1m4!2m1!1sCZ,50325+%C4%8D.p.+184,+50325,+Dob%C5%99enice+Dob%C5%99enice!5e1!6i18!3m1!1scs!5m1!1scs HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, must-revalidate
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-e3u-7Hj42A3WiIT1x1NtXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
X-Robots-Tag: noindex,nofollow
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Mon, 03 Jun 2024 17:22:57 GMT
Server: scaffolding on HTTPServer2
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.google.com/recaptcha/api2/aframe

IEXPLORE.EXE

Remote address:

142.250.187.196:443

Request

GET /recaptcha/api2/aframe HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Expires: Mon, 03 Jun 2024 17:23:05 GMT
Date: Mon, 03 Jun 2024 17:23:05 GMT
Cache-Control: private, max-age=300
Content-Security-Policy: script-src 'nonce-ytlmzR222JOgNg_tyjndkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

maps.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

maps.googleapis.com

IN A

Response

maps.googleapis.com

IN A

172.217.16.234

maps.googleapis.com

IN A

142.250.200.10

maps.googleapis.com

IN A

142.250.200.42

maps.googleapis.com

IN A

216.58.201.106

maps.googleapis.com

IN A

216.58.204.74

maps.googleapis.com

IN A

216.58.213.10

maps.googleapis.com

IN A

216.58.212.234

maps.googleapis.com

IN A

172.217.169.42

maps.googleapis.com

IN A

142.250.179.234

maps.googleapis.com

IN A

142.250.180.10

maps.googleapis.com

IN A

142.250.187.202

maps.googleapis.com

IN A

142.250.187.234

maps.googleapis.com

IN A

142.250.178.10
GET

https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=cs&callback=onApiLoad

IEXPLORE.EXE

Remote address:

172.217.16.234:443

Request

GET /maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=cs&callback=onApiLoad HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.google.com/maps/embed?origin=mfe&pb=!1m4!2m1!1sCZ,50325+%C4%8D.p.+184,+50325,+Dob%C5%99enice+Dob%C5%99enice!5e1!6i18!3m1!1scs!5m1!1scs
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: maps.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: public, max-age=1800
Timing-Allow-Origin: *
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Mon, 03 Jun 2024 17:22:57 GMT
Server: scaffolding on HTTPServer2
Content-Length: 75623
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.169.66
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=1853814465&adk=3534284470&adf=2872144290&pi=t.ma~as.1853814465&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375606&bpp=769&bdt=955&idt=1092&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&correlator=3780417308032&frm=20&pv=2&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=210&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=1166

IEXPLORE.EXE

Remote address:

172.217.169.66:443

Request

GET /pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=1853814465&adk=3534284470&adf=2872144290&pi=t.ma~as.1853814465&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375606&bpp=769&bdt=955&idt=1092&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&correlator=3780417308032&frm=20&pv=2&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=210&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=1166 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2024 17:22:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2024 17:37:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&adk=1812271804&adf=3025194257&abgtt=1&lmt=1708524244&plat=1%3A1049600%2C2%3A17826816%2C3%3A3145728%2C4%3A3145728%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=28_13~30_23~29_11&aiixl=28_4~30_6~29_5&dt=1717435379335&bpp=4&bdt=4670&idt=5&shv=r20240529&mjsv=m202405280101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465%2C4997003804&nras=1&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&fsapi=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=3&uci=a!3&dtd=48

IEXPLORE.EXE

Remote address:

172.217.169.66:443

Request

GET /pagead/ads?client=ca-pub-0536509390766746&output=html&adk=1812271804&adf=3025194257&abgtt=1&lmt=1708524244&plat=1%3A1049600%2C2%3A17826816%2C3%3A3145728%2C4%3A3145728%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=28_13~30_23~29_11&aiixl=28_4~30_6~29_5&dt=1717435379335&bpp=4&bdt=4670&idt=5&shv=r20240529&mjsv=m202405280101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465%2C4997003804&nras=1&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&fsapi=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=3&uci=a!3&dtd=48 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2024 17:23:00 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
Set-Cookie: IDE=AHWqTUnaj8smtUMGurmzPDoRdS8Ut7_AYBNNRj9NKXNmhYpmRvZwj8RquJ7-EgeQ; expires=Wed, 03-Jun-2026 17:23:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Mon, 03 Jun 2024 17:23:00 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=4997003804&adk=1453952903&adf=4263625385&pi=t.ma~as.4997003804&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375643&bpp=733&bdt=978&idt=1137&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=985&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=2&uci=a!2&btvi=1&dtd=1149

IEXPLORE.EXE

Remote address:

172.217.169.66:443

Request

GET /pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=4997003804&adk=1453952903&adf=4263625385&pi=t.ma~as.4997003804&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375643&bpp=733&bdt=978&idt=1137&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=985&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=2&uci=a!2&btvi=1&dtd=1149 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2024 17:22:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2024 17:37:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/html/r20240529/r20110914/zrt_lookup.html

IEXPLORE.EXE

Remote address:

172.217.169.66:443

Request

GET /pagead/html/r20240529/r20110914/zrt_lookup.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 4638
X-XSS-Protection: 0
Date: Mon, 03 Jun 2024 01:48:01 GMT
Expires: Mon, 17 Jun 2024 01:48:01 GMT
Cache-Control: public, max-age=1209600
Age: 56097
ETag: 15751305469897878808
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

web.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

web.facebook.com

IN A

Response

web.facebook.com

IN CNAME

star.c10r.facebook.com

star.c10r.facebook.com

IN A

163.70.151.23
GET

https://web.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df5f700c7f2746c%26domain%3D%26is_canvas%3Dfalse%26origin%3Dfile%253A%252F%252F%252Ff1aa30211fa235%26relation%3Dparent.parent&container_width=1247&font=arial&href=http%3A%2F%2Fpscposty.cz%2F50325%2F&locale=cs_CZ&sdk=joey&send=false&show_faces=true&width=450

IEXPLORE.EXE

Remote address:

163.70.151.23:443

Request

GET /plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df5f700c7f2746c%26domain%3D%26is_canvas%3Dfalse%26origin%3Dfile%253A%252F%252F%252Ff1aa30211fa235%26relation%3Dparent.parent&container_width=1247&font=arial&href=http%3A%2F%2Fpscposty.cz%2F50325%2F&locale=cs_CZ&sdk=joey&send=false&show_faces=true&width=450 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: web.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html;charset=utf-8
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
reporting-endpoints: coop_report="https://web.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://web.facebook.com/browser_reporting/coep/?minimize=0", default="https://web.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/web.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-FB-Debug: Z6FxYTiqKmQ9LDNBf8V0uroNpB65eIZy89Jb6kfEUCK99qHYKjkfffxKKYhPEhu2BST7waEDZdEVIv343ZjJSQ==
Date: Mon, 03 Jun 2024 17:23:00 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=0, c=10, mss=1357, tbw=3224, tp=-1, tpl=-1, uplat=16, ullat=0
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 0
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&hl=cs&origin=file%3A%2F%2F&url=http%3A%2F%2Fpscposty.cz%2F50325%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&hl=cs&origin=file%3A%2F%2F&url=http%3A%2F%2Fpscposty.cz%2F50325%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Date: Mon, 03 Jun 2024 17:22:57 GMT
Expires: Mon, 03 Jun 2024 17:52:57 GMT
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=UTF-8
Age: 6
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Mon, 03 Jun 2024 17:23:04 GMT
Expires: Mon, 03 Jun 2024 17:23:04 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "101700247f013dff"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 23998
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 28 May 2024 16:51:56 GMT
Expires: Wed, 28 May 2025 16:51:56 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 06 May 2024 15:31:30 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 520268
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.27.84
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A
DNS

developers.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

216.58.201.110
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: d19684b80b7617b29d1a5d937c23ab4a
Date: Mon, 03 Jun 2024 17:23:03 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 28 May 2024 21:23:16 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.274190016.1717435385; Expires=Wed, 03 Jun 2026 17:23:05 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-WjjVhO+iy5mMaQvsLK79fZPUIUXosa' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: c7efe5faf9de9709b68dc09bdf381c08
Date: Mon, 03 Jun 2024 17:23:05 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.27.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2024 17:23:04 GMT
Cross-Origin-Resource-Policy: same-site
Content-Security-Policy: script-src 'nonce-JiZ3r5zVEE1JEK7May770g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.169.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

IEXPLORE.EXE

Remote address:

172.217.169.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 4846
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 03 Jun 2024 15:06:53 GMT
Expires: Tue, 03 Jun 2025 15:06:53 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 30 May 2024 16:07:45 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 8171
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

tpc.googlesyndication.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /sodar/sodar2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Date: Mon, 03 Jun 2024 17:23:05 GMT
Expires: Mon, 03 Jun 2024 17:23:05 GMT
Cache-Control: private, max-age=3000
ETag: "1637097310169751"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /sodar/sodar2/225/runner.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Content-Length: 5046
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 03 Jun 2024 15:58:18 GMT
Expires: Tue, 03 Jun 2025 15:58:18 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 21 Jun 2021 20:47:05 GMT
Content-Type: text/html
Vary: Accept-Encoding
Age: 5087
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/generate_204?gCRdXw

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /generate_204?gCRdXw HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 03 Jun 2024 17:23:06 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

fe0.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.27.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2024 17:24:05 GMT
Content-Security-Policy: script-src 'nonce-Vxau1GXr2pegXCf8E7HBWw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.27.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2024 17:25:07 GMT
Content-Security-Policy: script-src 'nonce-hdR410kgq3KpEXPQFVfkrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

172.67.212.254:80

http://pscposty.cz/img/1.png

http

IEXPLORE.EXE

498 B
1.0kB
5
4

HTTP Request

GET http://pscposty.cz/img/1.png

HTTP Response

301
172.67.212.254:80

http://pscposty.cz/img/logo.png

http

IEXPLORE.EXE

501 B
1.0kB
5
4

HTTP Request

GET http://pscposty.cz/img/logo.png

HTTP Response

301
172.67.212.254:80

http://pscposty.cz/script.js

http

IEXPLORE.EXE

481 B
1.0kB
5
4

HTTP Request

GET http://pscposty.cz/script.js

HTTP Response

301
142.250.180.2:80

http://pagead2.googlesyndication.com/pagead/show_ads.js

http

IEXPLORE.EXE

830 B
15.7kB
12
15

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/show_ads.js

HTTP Response

200
142.250.180.2:80

pagead2.googlesyndication.com

IEXPLORE.EXE

190 B
132 B
4
3
172.67.212.254:80

http://pscposty.cz/img/0.png

http

IEXPLORE.EXE

498 B
1.0kB
5
4

HTTP Request

GET http://pscposty.cz/img/0.png

HTTP Response

301
172.67.212.254:80

http://pscposty.cz/style.css?1

http

IEXPLORE.EXE

561 B
1.9kB
7
5

HTTP Request

GET http://pscposty.cz/style.css?1

HTTP Response

301
80.79.17.21:80

http://vydelek-emailem.cz/ank1.gif

http

IEXPLORE.EXE

550 B
609 B
6
5

HTTP Request

GET http://vydelek-emailem.cz/ank1.gif

HTTP Response

301
80.79.17.21:80

vydelek-emailem.cz

IEXPLORE.EXE

242 B
144 B
5
3
172.67.212.254:443

https://pscposty.cz/img/1.png

tls, http

IEXPLORE.EXE

1.2kB
7.6kB
13
13

HTTP Request

GET https://pscposty.cz/img/1.png

HTTP Response

200
172.67.212.254:443

https://pscposty.cz/img/0.png

tls, http

IEXPLORE.EXE

1.2kB
7.4kB
12
12

HTTP Request

GET https://pscposty.cz/img/0.png

HTTP Response

200
172.67.212.254:443

https://pscposty.cz/script.js

tls, http

IEXPLORE.EXE

1.1kB
6.5kB
11
10

HTTP Request

GET https://pscposty.cz/script.js

HTTP Response

404
172.67.212.254:443

https://pscposty.cz/style.css?1

tls, http

IEXPLORE.EXE

1.1kB
6.6kB
11
11

HTTP Request

GET https://pscposty.cz/style.css?1

HTTP Response

404
172.67.212.254:443

https://pscposty.cz/img/logo.png

tls, http

IEXPLORE.EXE

1.4kB
19.4kB
17
22

HTTP Request

GET https://pscposty.cz/img/logo.png

HTTP Response

200
80.79.17.21:443

https://vydelek-emailem.cz/ank1.gif

tls, http

IEXPLORE.EXE

2.5kB
37.3kB
32
35

HTTP Request

GET https://vydelek-emailem.cz/ank1.gif

HTTP Response

200
163.70.151.21:80

http://connect.facebook.net/cs_CZ/all.js

http

IEXPLORE.EXE

539 B
388 B
6
4

HTTP Request

GET http://connect.facebook.net/cs_CZ/all.js

HTTP Response

301
163.70.151.21:80

connect.facebook.net

IEXPLORE.EXE

190 B
92 B
4
2
163.70.151.21:443

https://connect.facebook.net/cs_CZ/all.js?hash=744210ad291fbcaf0fe8c81c3ef96bba

tls, http

IEXPLORE.EXE

4.1kB
105.2kB
59
87

HTTP Request

GET https://connect.facebook.net/cs_CZ/all.js

HTTP Response

200

HTTP Request

GET https://connect.facebook.net/cs_CZ/all.js?hash=744210ad291fbcaf0fe8c81c3ef96bba

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

3.1kB
88.9kB
43
71

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs

tls, http

IEXPLORE.EXE

2.1kB
42.6kB
26
37

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs

HTTP Response

200
142.250.200.35:80

http://maps.google.cz/maps?f=q&source=s_q&hl=cs&z=18&geocode=&q=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&aq=&&brcurrent=10,0,0&ie=UTF8&hq=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&t=h&output=embed

http

IEXPLORE.EXE

802 B
1.1kB
7
5

HTTP Request

GET http://maps.google.cz/maps?f=q&source=s_q&hl=cs&z=18&geocode=&q=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&aq=&&brcurrent=10,0,0&ie=UTF8&hq=CZ%2C50325+%C4%8D.p.+184%2C+50325%2C+Dob%C5%99enice+Dob%C5%99enice&t=h&output=embed

HTTP Response

301
142.250.200.35:80

maps.google.cz

IEXPLORE.EXE

290 B
88 B
6
2
142.250.187.196:443

https://www.google.com/recaptcha/api2/aframe

tls, http

IEXPLORE.EXE

1.7kB
8.7kB
15
17

HTTP Request

GET https://www.google.com/maps/embed?origin=mfe&pb=!1m4!2m1!1sCZ,50325+%C4%8D.p.+184,+50325,+Dob%C5%99enice+Dob%C5%99enice!5e1!6i18!3m1!1scs!5m1!1scs

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/aframe

HTTP Response

200
142.250.187.196:443

www.google.com

tls

IEXPLORE.EXE

745 B
4.7kB
10
10
172.217.16.234:443

maps.googleapis.com

tls

IEXPLORE.EXE

704 B
5.0kB
9
8
172.217.16.234:443

https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=cs&callback=onApiLoad

tls, http

IEXPLORE.EXE

3.0kB
85.2kB
45
67

HTTP Request

GET https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=cs&callback=onApiLoad

HTTP Response

200
172.217.169.66:443

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&adk=1812271804&adf=3025194257&abgtt=1&lmt=1708524244&plat=1%3A1049600%2C2%3A17826816%2C3%3A3145728%2C4%3A3145728%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=28_13~30_23~29_11&aiixl=28_4~30_6~29_5&dt=1717435379335&bpp=4&bdt=4670&idt=5&shv=r20240529&mjsv=m202405280101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465%2C4997003804&nras=1&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&fsapi=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=3&uci=a!3&dtd=48

tls, http

IEXPLORE.EXE

4.3kB
6.9kB
16
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=1853814465&adk=3534284470&adf=2872144290&pi=t.ma~as.1853814465&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375606&bpp=769&bdt=955&idt=1092&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&correlator=3780417308032&frm=20&pv=2&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=210&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=1&uci=a!1&dtd=1166

HTTP Response

403

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&adk=1812271804&adf=3025194257&abgtt=1&lmt=1708524244&plat=1%3A1049600%2C2%3A17826816%2C3%3A3145728%2C4%3A3145728%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=28~30~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=28_13~30_23~29_11&aiixl=28_4~30_6~29_5&dt=1717435379335&bpp=4&bdt=4670&idt=5&shv=r20240529&mjsv=m202405280101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465%2C4997003804&nras=1&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&fsapi=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&bz=1.01&ifi=3&uci=a!3&dtd=48

HTTP Response

200
172.217.169.66:443

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=4997003804&adk=1453952903&adf=4263625385&pi=t.ma~as.4997003804&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375643&bpp=733&bdt=978&idt=1137&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=985&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=2&uci=a!2&btvi=1&dtd=1149

tls, http

IEXPLORE.EXE

2.5kB
6.3kB
14
14

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0536509390766746&output=html&h=90&slotname=4997003804&adk=1453952903&adf=4263625385&pi=t.ma~as.4997003804&w=728&lmt=1708524244&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&wgl=1&dt=1717435375643&bpp=733&bdt=978&idt=1137&shv=r20240529&mjsv=m202405280101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=1853814465&correlator=3780417308032&frm=20&pv=1&ga_vid=2140478287.1717435377&ga_sid=1717435377&ga_hid=421884369&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=8&ady=985&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44798934%2C95331687%2C95334510%2C95334571%2C95334581%2C95334828%2C95334052%2C95334158%2C95334311&oid=2&pvsid=394571770635892&tmod=196218683&nvt=1&top=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F9297739a99ceefeb71db023e8a251cb4_JaffaCakes118.html&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=2&uci=a!2&btvi=1&dtd=1149

HTTP Response

403
172.217.169.66:443

https://googleads.g.doubleclick.net/pagead/html/r20240529/r20110914/zrt_lookup.html

tls, http

IEXPLORE.EXE

1.3kB
10.5kB
12
14

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/html/r20240529/r20110914/zrt_lookup.html

HTTP Response

200
163.70.151.23:443

https://web.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df5f700c7f2746c%26domain%3D%26is_canvas%3Dfalse%26origin%3Dfile%253A%252F%252F%252Ff1aa30211fa235%26relation%3Dparent.parent&container_width=1247&font=arial&href=http%3A%2F%2Fpscposty.cz%2F50325%2F&locale=cs_CZ&sdk=joey&send=false&show_faces=true&width=450

tls, http

IEXPLORE.EXE

1.4kB
7.0kB
11
11

HTTP Request

GET https://web.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df5f700c7f2746c%26domain%3D%26is_canvas%3Dfalse%26origin%3Dfile%253A%252F%252F%252Ff1aa30211fa235%26relation%3Dparent.parent&container_width=1247&font=arial&href=http%3A%2F%2Fpscposty.cz%2F50325%2F&locale=cs_CZ&sdk=joey&send=false&show_faces=true&width=450

HTTP Response

200
163.70.151.23:443

web.facebook.com

tls

IEXPLORE.EXE

701 B
3.6kB
9
8
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

3.4kB
35.5kB
30
34

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&hl=cs&origin=file%3A%2F%2F&url=http%3A%2F%2Fpscposty.cz%2F50325%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

HTTP Response

301

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

HTTP Response

200
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

584 B
690 B
7
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
216.58.201.110:80

developers.google.com

IEXPLORE.EXE

190 B
92 B
4
2
216.58.201.110:443

https://developers.google.com/

tls, http

IEXPLORE.EXE

2.1kB
41.1kB
34
37

HTTP Request

GET https://developers.google.com/

HTTP Response

200
142.250.27.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.3kB
6.3kB
11
12

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

HTTP Response

200
142.250.27.84:443

accounts.google.com

tls

IEXPLORE.EXE

704 B
4.7kB
9
8
172.217.169.3:443

ssl.gstatic.com

tls

IEXPLORE.EXE

758 B
4.9kB
10
10
172.217.169.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.5kB
10.7kB
14
13

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Response

200
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
172.217.16.225:443

tpc.googlesyndication.com

tls

IEXPLORE.EXE

710 B
4.7kB
9
8
172.217.16.225:443

https://tpc.googlesyndication.com/generate_204?gCRdXw

tls, http

IEXPLORE.EXE

2.1kB
18.9kB
18
23

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/generate_204?gCRdXw

HTTP Response

204
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
142.250.27.84:443

accounts.google.com

tls

IEXPLORE.EXE

523 B
355 B
6
5
142.250.27.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.1kB
2.0kB
9
9

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

HTTP Response

200
142.250.27.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.1kB
1.9kB
8
8

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

HTTP Response

200
142.250.27.84:443

accounts.google.com

tls

IEXPLORE.EXE

431 B
315 B
4
4

8.8.8.8:53

pscposty.cz

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

pscposty.cz

DNS Response

172.67.212.254

104.21.85.250
8.8.8.8:53

vydelek-emailem.cz

dns

IEXPLORE.EXE

64 B
80 B
1
1

DNS Request

vydelek-emailem.cz

DNS Response

80.79.17.21
8.8.8.8:53

authedmine.com

dns

IEXPLORE.EXE

60 B
119 B
1
1

DNS Request

authedmine.com
8.8.8.8:53

connect.facebook.net

dns

IEXPLORE.EXE

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

maps.google.cz

dns

IEXPLORE.EXE

60 B
113 B
1
1

DNS Request

maps.google.cz

DNS Response

142.250.200.35
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

maps.googleapis.com

dns

IEXPLORE.EXE

65 B
273 B
1
1

DNS Request

maps.googleapis.com

DNS Response

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

216.58.212.234

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.169.66
8.8.8.8:53

web.facebook.com

dns

IEXPLORE.EXE

62 B
102 B
1
1

DNS Request

web.facebook.com

DNS Response

163.70.151.23
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

130 B
81 B
2
1

DNS Request

accounts.google.com

DNS Request

accounts.google.com

DNS Response

142.250.27.84
8.8.8.8:53

developers.google.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

216.58.201.110
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.169.3
8.8.8.8:53

tpc.googlesyndication.com

dns

IEXPLORE.EXE

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
8.8.8.8:53

fe0.google.com

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

fe0.google.com
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
4704dfe58d12875c69acce9674591a74

SHA1
e0883bfd0d7b87e301aa6b591ac89a574949b14e

SHA256
e2969b2d35b9ff0efe21fe83d9ca1a15a1d4d86ceb0fdfa1be90cd5c9b583532

SHA512
1bd10d7e2ccd0c645af25ef46686b34423cf4468df303c0cc76ef35ee7419665828fbe85f9255d2f4a3d0629710fccbe9c2fd1dda0b1ad983c071ee468e12d7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
33e3e48230777baa300245c1d49ce0dd

SHA1
7ca5543bfaffb8259db83fe77fbb05a484d80080

SHA256
81bc9e2d0f369d9fe9c3d6958187086a71dbb92d308f2edfec573d599d1f55b0

SHA512
20f1532f476c512b7940e52b13e494f8ecc931f4f1b6eb0f58dcd9a670724b97485b250e81c86da3f0d690b069f81e8df61bebc380cac0075985a4f05e2c0de8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed33173395dbda5672bd9ee9ef4de3ae

SHA1
152d251e2bd1b81204dbd95a056282f19a8348f9

SHA256
7ad4406bedb75ce5de9802277dc76592bcc0c91dfc1ebae910afb427c0e217bf

SHA512
3ddf9c0e21d426b87251b102d216de2a0cc0a798b1ea0f1ff453a156f05ef2d9484adb8724e9fe4be802b45c09ac47b044045f3031201f0602549f29a4707d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf5191352f06597c14f18741f65cb3b6

SHA1
2835f4fb36b32e0548f0d19df005ecd815e981a8

SHA256
fdafec74789e57641ebb4fdc96adf2ee24514dc2b113b1099ee7589d1fda56b7

SHA512
e814488cd6dba42634565aff4a1fa94a8b2390caffcd825156dd55e6d075be35359c86acf4ee1e1f7e7bbd7c834d64ff95c2a246b4a1229f45fe970d968c08fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1aea8ccc14e10a86ce76cf804f5e714

SHA1
f613d61d1589ba15eb8dd6152f3872897f77486b

SHA256
b5f2702b3481f3fad4984c4205e2552fe842dd9bf0334fdb384509499765ee38

SHA512
3a1045f6b3e0dc4a4c8ea844fb807d6cd43289010b025edc367ae9cfcc7ef02c39e88ffed8a20fd59ac2e9e45bb64eab1f76b5db0d2da22577ec8c1eebb98ae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f996f0d921fd4cfdbf15ec3ef4e9f49e

SHA1
1d4824d12641cc93b0697b374c033e49a3fd68ac

SHA256
42d57872d23eb1212418164430a69c17542023456773fdd7ad682e9f24b6e6c5

SHA512
fd86f1755206ac2c0c5eb45d727b8b84f6ac51cb789c596bb9576913964e6940d33df9cf0f0bdc11cb021abd7b398fa462836685bd1bdfe1725f116a0255a6f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
653f2a0533a60e864e13f7a501dbe1be

SHA1
60d51b08513451c2f684958e35fef335f757f459

SHA256
66bc2d481c2ca0668127e82db22997f466b2c8d61b3d448ab92f045d9353c684

SHA512
af9d8812b62774aad58d007147b2345deab37caef051bda20b6babefa374cb5af0bfbad0c10fce1611de37048eb9186fef7d7a76648423efd8ce575aed27ff11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6b7173e107fa35deaa2ed979264fd51

SHA1
ef0ca1a92ff2a6cf1c5eebfe5c3e2f91d546258b

SHA256
bdc2a3ec77c14701ccb3d2ca5273425f0c7e32b3c23850056f0e8570691a4320

SHA512
ada70e2affc28d6d7d1561c74b2fff4e1f591449cae86e0cc35382044cd18c5e88dbdc8fc9d6020d1418f563fb2937942b5597cd7c387237c38cc2d10212f6b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a346419f1c4bd569a087289206cdf1d2

SHA1
43473aa7cd77204baf0772c9b4fe7e46401864b1

SHA256
1614ea95dc0c934123599454728295c9799eb7ff6f26c678bdee3a76de27dc38

SHA512
5bf35555c2b5095e002ae8459fa00023fbdd727ceff24614615eb8834f2a787d48cfc391b3891355af083c19d089cac95e9dea1576da46b2663d9a096ba9709f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae5b9a19c6ab5e86d2711e9fa06f747d

SHA1
fb8604bed355cd0fb46018efd9123abd180bf3ad

SHA256
58a009f2e3c1fac6ed8c4c019712323084f4cb2c36f8e1e28b08bb66a0e91027

SHA512
af837516d5b9e7143d4a63d340e134f3c9a805d2200d2f88a1845e21aa9b219ac0f0b3e43d8141a502af1c05d4531812af592ae76465aee3e2c69e7869d26ce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
416ccb26e9ba53643f88490bd3a12f0c

SHA1
2d1392f5829a3dd4ad133907419486a836e89706

SHA256
80920e72bbf57c4fe9fb1f1f23e8f86338f60dcc8fde8d0ff619cf9244a8f5b0

SHA512
0cf35eb4b5be5b3283ff57ca43da9c4536bdf7ec8547a6127ebd1ae2725f0eea1cf01e18bb6b072e121d08f9c04a462a18a45c3e5b955d3de39014ba18d8a3e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
484290792421f70657701a3eec1a6212

SHA1
8a572661a35a12ed04718e4b33e9e9594254466d

SHA256
275b44191651eb5b7e6ed34892b6938f83690f2d7eb6a11f63cfae71567e1f83

SHA512
d5348b4b294364170276f87fbe4b7c9984133386257d00cd17711c11b1698512bc5b38125ef27883b54a75b8b09524e4454789c7641a34fc2e18bc81aea555ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
755d0d477fc1f3df50feb66e31fdec7b

SHA1
aaeacc001a442413c72d1bf7caddb40569af1fea

SHA256
c22862709d07abba40be42395190e5eb848f666af88b098dbe30c6c7ee38a8fe

SHA512
9844fb4aef8b8aeb09c860f7460909bd205b5dd75b355f7e8c776b57273fda6e6a72d9cd8706b72c6fe6e51f32c6e314f9d3e0f238ffe9af4b8dfc4f6884a843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c43e9b94462352ab368f5963488b5e1e

SHA1
8845b65ddee7bfde7cdf18119319b44c57b25e22

SHA256
65d5b62ed32682f46859c7b52386de0a4bc8d12da5d45e6989976f862038a7ea

SHA512
f17e3a7051b17a12a29152798332b7e98882ed16a0acb9e0b5150e36d2c4151f0363477bba58adbe2ca69d31c32bf32c5bdffe10fcc01ddc338d471034805f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0eaa5137b7c3d57d5e55e4af2af6d6f

SHA1
84900d705136f36086c728b13d7f99f6c841c51f

SHA256
666eeda1d4b73d68f0b894b8bc3e2c310bc7272a62c8b5894c6dca4c7d5810f0

SHA512
1824b109be9422e1b6cc3e76a2b67ea6c5302e3ab4f8ceb8debc1e0a7eae293da23db6cda4480ca28fcea366fdd9137d3e6f6d4f0c2aed5e5912ba07f9b0430a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
029e9ed9e3fc56b32c1a05a6ab9c1a6a

SHA1
a78a1e2c0944dc1ae5371db998b99ee948476bd2

SHA256
3d402cac5da66930805e80b0f1f7a60d7dba33075a541677f25a55efe64daee3

SHA512
7532bd07b1fdbfabbd66dac55da0baa0e89548cdf11ecfcb9bea38c1dab8428f5cefa33232c58f38e8dbef8ad5be05a10dd3f476fe8aadcfe7274b68aa0940e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34f18db0659a7f37d3b15f97e1e085a7

SHA1
b61075d2e892510a3f6c51fb01e9a2a2cc27de8c

SHA256
3ac245d48958ae7f882dd17d34cda5c904345a0b472a052a6a5ae901202d7d5b

SHA512
5bde2f7cbbf57726620121093b79dfa2195e2c582481404eb2adc2e71d41bf15597b141503dd2b53024f9cdf21e858a3ca0be6bbd3f3be6c6edc9263688bf224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d0d3f135fa5cc74a2dec1173ff35ee3

SHA1
a6fd587d71aad799e29e34b1ea8eed19d84faaae

SHA256
0aa087ddcb4b8b17c90d1a455d8b9823b0b396cc2f7da00d7a08204bf9acb0f5

SHA512
d7d8854b91396fddbf891e550734f9afb9e73992ddee52d5a4e5be08a20202bab434054b66a862a4e1b46f181add7589b28a1718738a219edd3402b7923a3052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
061213f158ab88c63995540b5e578b06

SHA1
e22b3158caacc0e1f8c95090f7604a7677570914

SHA256
1869b3bc0c5e484bfe0a2649d6317fa266c951b3d040ddce68de33f9c66898a6

SHA512
8d1418fc1c2e66d9e07975650c484b12ebd45da66c019d0c42f7c759e841c8594a10499fa9038bdf7d7b7044c7dd8cf2ea01b80d75c0a1091a806eca539b2064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
379ec92647336ad0f727db0a837f8b8e

SHA1
93e324f4e93e9ab502149bd1b92950cbaab9710b

SHA256
bd614ab1fcbf721f833f9e3fd05d85164d9d9775080984a8de32120db46687b7

SHA512
0be6927a4a7fd742ba36c0612935faed1aee9fc8d7c0c2609a6b7d6a7c1f416e8db781d448caf6b76af396320fe65462f1e5547319f91ea5fe6838c27979ad34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f51a5ba708624467d12e4515d3071bd

SHA1
e6cd72f6f5458c6e32eaf7aaf3e9426bb4c26d09

SHA256
3adcbcf13196533fdad9ff692bcf67dfac981b35b8fdf558285ab12847186b65

SHA512
297155a2e7ac63e6f3c98246cf6f22756855f220cb8b7acf305bcb356996a23820fcaa5bde145be108333f55089244a53e91921759f80c9eda2b61cb27fa6f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3796fdb7b052368721225de2bf3ff11

SHA1
7e0bc9f3a1ef224f10313e6944ae699026b34583

SHA256
9a2c5b1f91536a717ea58b2e1a702e58612e74548c7e84f62a28dab20bf5a44a

SHA512
e8eddd8b38967e4848e92792c7bcfd34c0965307c76481bb27d0dc79a7887d8dddc41f32074359fba3a6eaf063040769f89c7ffb6d8b1311c863ed79c21effc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
f3598f1b61925c2457dc137319d9635b

SHA1
3a759d2d88de128bebc48e0be64a3ea8fd1fa880

SHA256
2858cbe17a356c5338db60d263b865fefd3a509de4fb6768dd4f9f3cdde8b69a

SHA512
ed823660ae30b951d645b461061dce92c5cc822ccf7d50e99c0528e3ffe41bff590d7810705e347f2a1418a1650b01a4223150aaa80ecb55b45f0b0e4a31dc13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ca9716d2da64ed15eba771814d339ee6

SHA1
728ad5d8d04f4e2972f6560d951c8999f34116a8

SHA256
7fca6a186f422d4834d2fe4da182188226f4a527ce6820c01200d67f35408837

SHA512
1df9da9d0202e299f4a318939d8ab3cf658439c876b786cade060dc224fa1c17723130ec7cbbadef049fa877d8fdfbc3ee9041d0b387c3078a802e37e410c468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\rpc_shindig_random[1].js

Filesize
14KB

MD5
6a90a8e611705b6e5953757cc549ce8c

SHA1
3e7416db7afe4cfdf3980daba308df560b4bede6

SHA256
51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679

SHA512
583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\3604799710-postmessagerelay[1].js

Filesize
11KB

MD5
40aaadf2a7451d276b940cddefb2d0ed

SHA1
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

SHA256
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

SHA512
6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\style[1].htm

Filesize
167B

MD5
0104c301c5e02bd6148b8703d19b3a73

SHA1
7436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

SHA512
84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cb=gapi[1].js

Filesize
66KB

MD5
0fe383a7ddb9bbaefc3105b3297f5583

SHA1
f80c9d789f251909c7560bd91a9e1b9a10c26362

SHA256
d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683

SHA512
31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FAA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3675.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request