d15fb6e5194ecb64c46f8d079b403855ab48433c5212d5c165afb00a70852d91

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 16:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html
Size

20KB
MD5

231ab09e0c3f3844864df5e3d144a2e9
SHA1

e72c7609739e8de5c71cbe7595bb8dd23217866c
SHA256

d15fb6e5194ecb64c46f8d079b403855ab48433c5212d5c165afb00a70852d91
SHA512

ddbaee4290dd04742cf39630099bc3f0488f989dc42e8edf5f0ed2a9ff5f93ba075d6b064d4bac18c6e95058edc909e577cca0fdc41d21470401d96ae0ffc393
SSDEEP

192:OYak/aQxR9WB/OFqHsnUqOhJQCLvYKRBXEXQRHJAXfR8UXAkXqtP6dKEx9G+/ZXF:OGtoU6MUqOGYryXotCdKEx9G+/ii

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000004be5050cfeef6a009b3146bfe33ad37faec34d7b73fae2843a899e7e519161b8000000000e80000000020000200000006e8a7c315c648fc654b28962bfb55e362e455467565f240e69cc5657d82bd478900000005c6fe6df90f32af508e611691bbfa5e66a67f707acdfbbabe223cfb218a253ac0d9fe7a00c72a3dd7840cc49fc9c4de1a1eb17d33cbd958c451d3b41e66bfaed7298f5914b1c2b48aab5cc3685923c0ee1f8781a1c0c07465a42e747d86a27a10a519fd8c0f2a07aa95a439c69a3238d6a09fdc70ab064429298dbbd4879d9dfa77349de9f3a38ce310c8de9b8910007400000009e5c73dfbedb2636669ce0035093b48e2dd41dc8a8dd604223b62fe4cfa235d37f61eea9207d3a9928a754ec205dad06b756905be7daf23febcb23532b4b4d0e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426187345"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000ff2b5f9da0994c55c0de7e18961faf55fcfcfb9eb9815030362ee70dc0338d59000000000e8000000002000020000000ca8dde71905cf9a978c468ad6bf19c616076800ba53b119d55801daed16834d62000000017e1758c7f6a800eb839d8a48c84cdea7744df1ec85b06ba3a1a3b59e5e0d9404000000082c939311a9971f5c8aa5d85772a7c81a75234cdbcf573de1862ba350399f134a14a07ade08b39ca8fc7313b2128e0684341d5e713dd4baf64da14ad9bd7b31a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77555C01-395C-11EF-AAAD-627D7EE66EFE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5091574f69cdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2324	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2324	2384	iexplore.exe	28
PID 2384 wrote to memory of 2324	2384	iexplore.exe	28
PID 2384 wrote to memory of 2324	2384	iexplore.exe	28
PID 2384 wrote to memory of 2324	2384	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2324

Network

DNS

s.wordpress.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s.wordpress.com

IN A

Response

s.wordpress.com

IN A

192.0.77.33
DNS

s3.wordpress.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s3.wordpress.com

IN A

Response

s3.wordpress.com

IN A

192.0.77.33
DNS

www.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.linkedin.com

IN A

Response

www.linkedin.com

IN CNAME

exp1.www.linkedin.com

exp1.www.linkedin.com

IN CNAME

www-linkedin-com.l-0005.l-msedge.net

www-linkedin-com.l-0005.l-msedge.net

IN CNAME

l-0005.l-msedge.net

l-0005.l-msedge.net

IN A

13.107.42.14
DNS

x.interia.pl

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x.interia.pl

IN A

Response

x.interia.pl

IN A

217.74.65.42
DNS

interia.hit.gemius.pl

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

interia.hit.gemius.pl

IN A

Response

interia.hit.gemius.pl

IN A

217.74.74.29
DNS

ict4peace.files.wordpress.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ict4peace.files.wordpress.com

IN A

Response

ict4peace.files.wordpress.com

IN CNAME

s7.files.wordpress.com

s7.files.wordpress.com

IN A

192.0.72.29

s7.files.wordpress.com

IN A

192.0.72.28
DNS

public.slideshare.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

public.slideshare.net

IN A

Response

public.slideshare.net

IN CNAME

webapp.production.slideshare.net

webapp.production.slideshare.net

IN A

54.236.160.98

webapp.production.slideshare.net

IN A

35.153.242.1

webapp.production.slideshare.net

IN A

54.209.139.161

webapp.production.slideshare.net

IN A

3.229.9.213

webapp.production.slideshare.net

IN A

52.200.251.100
GET

http://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

IEXPLORE.EXE

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/h4/global.css?m=1214319868a HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 03 Jul 2024 16:51:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a
GET

http://interia.hit.gemius.pl/xgemius.js

IEXPLORE.EXE

Remote address:

217.74.74.29:80

Request

GET /xgemius.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 03 Jul 2024 16:51:19 GMT
Expires: Thu, 04 Jul 2024 04:51:19 GMT
Server: GHC
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Mon, 17 Jun 2024 08:08:07 GMT
Vary: Accept-Encoding,Origin
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Type: application/x-javascript
Content-Length: 20346
Content-Encoding: gzip
GET

http://interia.hit.gemius.pl/fpdata.js?href=

IEXPLORE.EXE

Remote address:

217.74.74.29:80

Request

GET /fpdata.js?href= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 03 Jul 2024 16:51:20 GMT
Expires: Tue, 02 Jul 2024 16:51:20 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Location: https://interia.hit.gemius.pl/_sslredir/fpdata.js?href=
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0
GET

http://interia.hit.gemius.pl/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:80

Request

GET /_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 03 Jul 2024 16:51:21 GMT
Expires: Tue, 02 Jul 2024 16:51:21 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Location: https://interia.hit.gemius.pl/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0
GET

http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

IEXPLORE.EXE

Remote address:

13.107.42.14:80

Request

GET /img/webpromo/btn_linkedin_120x30.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.linkedin.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Set-Cookie: bcookie="v=2&46a8af1b-7db7-4d9d-8866-7cf981497892"; Domain=.linkedin.com; Expires=Thu, 03-Jul-2025 16:51:19 GMT; Path=/; Secure; SameSite=None
Set-Cookie: li_gc=MTswOzE3MjAwMjU0Nzk7MjswMjGcy3vYdnTNZrm/rBCdts451JXjFliNYFQ8+wmYeSthIg==; Domain=.linkedin.com; Expires=Mon, 30 Dec 2024 16:51:19 GMT; Path=/; Secure; SameSite=None
X-Li-Fabric: prod-lor1
X-Li-Pop: afd-prod-lor1-x
X-Li-Proto: http/1.1
X-LI-UUID: AAYcWqO4B/uBamqu3KARtQ==
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 3275764805CE4DC8A345F0295E35F144 Ref B: LON04EDGE1120 Ref C: 2024-07-03T16:51:19Z
Date: Wed, 03 Jul 2024 16:51:19 GMT
Content-Length: 0
DNS

IEXPLORE.EXE

Remote address:

217.74.65.42:80

Response

HTTP/1.1 408 Request Time-out

content-length: 110
cache-control: no-cache
content-type: text/html
connection: close
GET

http://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

IEXPLORE.EXE

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/pub/simpla/style.css?m=1219803973a HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 03 Jul 2024 16:51:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a
GET

http://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png

IEXPLORE.EXE

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/pub/simpla/images/bg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 03 Jul 2024 16:51:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png
GET

http://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

IEXPLORE.EXE

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/pub/simpla/images/user.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 03 Jul 2024 16:51:25 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif
GET

http://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

IEXPLORE.EXE

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/pub/simpla/images/post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 03 Jul 2024 16:51:25 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif
GET

http://x.interia.pl/inpl/inpl.ad.1.4.9.js

IEXPLORE.EXE

Remote address:

217.74.65.42:80

Request

GET /inpl/inpl.ad.1.4.9.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: x.interia.pl
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

content-type: text/javascript
last-modified: Wed, 01 Jul 2009 11:49:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
p3p: CP="CAO PSA OUR"
date: Wed, 03 Jul 2024 15:50:54 GMT
content-length: 1749
vary: Accept-Encoding
content-encoding: gzip
expires: Wed, 03 Jul 2024 16:50:54 GMT
cache-control: max-age=1814400
server: IPL/2.2
accept-ranges: bytes
GET

http://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

IEXPLORE.EXE

Remote address:

192.0.72.29:80

Request

GET /2008/09/un-on-youtube.png?w=425&h=332 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ict4peace.files.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 03 Jul 2024 16:51:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332
GET

http://public.slideshare.net/images/badge85_62.gif

IEXPLORE.EXE

Remote address:

54.236.160.98:80

Request

GET /images/badge85_62.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: public.slideshare.net
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: awselb/2.0
Date: Wed, 03 Jul 2024 16:51:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://public.slideshare.net:443/images/badge85_62.gif
GET

https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

IEXPLORE.EXE

Remote address:

192.0.72.29:443

Request

GET /2008/09/un-on-youtube.png?w=425&h=332 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ict4peace.files.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: nginx
Date: Wed, 03 Jul 2024 16:51:20 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332
X-nc: lhr 29 np
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=86400
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

IEXPLORE.EXE

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/style.css?m=1219803973a HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 03 Jul 2024 16:51:20 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/6784-1684461279092.7097
Content-Encoding: gzip
Expires: Thu, 19 Jun 2025 21:16:26 GMT
Cache-Control: max-age=31536000
X-ac: 4.lhr _dca MISS
Strict-Transport-Security: max-age=15552000
Alt-Svc: h3=":443"; ma=86400
X-nc: HIT lhr 2
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png

IEXPLORE.EXE

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/images/bg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 03 Jul 2024 16:51:20 GMT
Content-Type: image/png
Content-Length: 147
Connection: keep-alive
Last-Modified: Fri, 19 May 2023 01:49:11 GMT
ETag: "6466d597-93"
Expires: Mon, 08 Jul 2024 16:27:35 GMT
Cache-Control: max-age=31536000
X-ac: 4.lhr _dca MISS
Strict-Transport-Security: max-age=15552000
Alt-Svc: h3=":443"; ma=86400
X-nc: HIT lhr 2
Accept-Ranges: bytes
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

IEXPLORE.EXE

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/images/post.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 03 Jul 2024 16:51:25 GMT
Content-Type: image/gif
Content-Length: 276
Connection: keep-alive
Last-Modified: Fri, 19 May 2023 01:49:11 GMT
ETag: "6466d597-114"
Expires: Mon, 08 Jul 2024 16:27:35 GMT
Cache-Control: max-age=31536000
X-ac: 4.lhr _dca MISS
Strict-Transport-Security: max-age=15552000
Alt-Svc: h3=":443"; ma=86400
X-nc: HIT lhr 2
Accept-Ranges: bytes
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

IEXPLORE.EXE

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/images/user.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s3.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 03 Jul 2024 16:51:25 GMT
Content-Type: image/gif
Content-Length: 287
Connection: keep-alive
Last-Modified: Fri, 19 May 2023 02:59:11 GMT
ETag: "6466e5ff-11f"
Expires: Mon, 08 Jul 2024 16:27:35 GMT
Cache-Control: max-age=31536000
X-ac: 4.lhr _dca MISS
Strict-Transport-Security: max-age=15552000
Alt-Svc: h3=":443"; ma=86400
X-nc: HIT lhr 2
Accept-Ranges: bytes
GET

https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

IEXPLORE.EXE

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/h4/global.css?m=1214319868a HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 03 Jul 2024 16:51:20 GMT
Content-Type: text/css
Content-Length: 311
Connection: keep-alive
x-minify: t
x-minify-cache: hit
etag: W/471-1684461197956.71
Expires: Fri, 20 Jun 2025 00:29:15 GMT
Cache-Control: max-age=31536000
X-ac: 4.lhr _dca MISS
Strict-Transport-Security: max-age=15552000
Alt-Svc: h3=":443"; ma=86400
X-nc: HIT lhr 1
GET

https://public.slideshare.net/images/badge85_62.gif

IEXPLORE.EXE

Remote address:

54.236.160.98:443

Request

GET /images/badge85_62.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: public.slideshare.net
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 03 Jul 2024 16:51:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
server: envoy
location: https://www.slideshare.net/images/badge85_62.gif
p3p: CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
x-content-type-options: nosniff
cache-control: private, no-store
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-envoy-upstream-service-time: 1
GET

https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

IEXPLORE.EXE

Remote address:

13.107.42.14:443

Request

GET /img/webpromo/btn_linkedin_120x30.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.linkedin.com
Connection: Keep-Alive
Cookie: bcookie="v=2&46a8af1b-7db7-4d9d-8866-7cf981497892"; li_gc=MTswOzE3MjAwMjU0Nzk7MjswMjGcy3vYdnTNZrm/rBCdts451JXjFliNYFQ8+wmYeSthIg==

Response

HTTP/1.1 200 OK

Cache-Control: max-age=604800,private
Content-Length: 2153
Content-Type: image/gif
Expires: Wed, 10 Jul 2024 16:51:20 GMT
Last-Modified: Tue, 16 Apr 2024 21:20:55 GMT
Accept-Ranges: bytes
ETag: "661eebb7-869"
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Set-Cookie: bscookie="v=1&20240703165120e60da6cd-abf1-475b-8c16-fedfae8e1a28AQGPEELyZnGWddeTsOIeELm08FlQI82a"; domain=.www.linkedin.com; Path=/; Secure; Expires=Thu, 03-Jul-2025 16:51:20 GMT; HttpOnly; SameSite=None
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Security-Policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d
X-Li-Fabric: prod-ltx1
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
X-Li-Pop: afd-prod-ltx1-x
X-Li-Proto: http/1.1
X-LI-UUID: AAYcWqO/r6MrHJebs6sP9g==
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 84AE3621659C4EC69AA924E2BFC569B8 Ref B: LON04EDGE1111 Ref C: 2024-07-03T16:51:20Z
Date: Wed, 03 Jul 2024 16:51:19 GMT
DNS

ict4peace.wordpress.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ict4peace.wordpress.com

IN A

Response

ict4peace.wordpress.com

IN CNAME

lb.wordpress.com

lb.wordpress.com

IN A

192.0.78.12

lb.wordpress.com

IN A

192.0.78.13
GET

https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332

IEXPLORE.EXE

Remote address:

192.0.78.12:443

Request

GET /wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ict4peace.wordpress.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 03 Jul 2024 16:51:20 GMT
Content-Type: image/png
Content-Length: 133771
Connection: keep-alive
Last-Modified: Mon, 29 Sep 2008 00:49:21 GMT
Expires: Sun, 14 Jul 2024 23:05:54 GMT
X-Orig-Src: 0_imageresize
Vary: Accept
X-ac: 1.lhr _dfw HIT
Strict-Transport-Security: max-age=31536000
Alt-Svc: h3=":443"; ma=86400
Accept-Ranges: bytes
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Wed, 03 Jul 2024 15:31:01 GMT
Expires: Wed, 03 Jul 2024 17:31:01 GMT
Cache-Control: public, max-age=7200
Age: 4819
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://interia.hit.gemius.pl/_sslredir/fpdata.js?href=

IEXPLORE.EXE

Remote address:

217.74.74.29:443

Request

GET /_sslredir/fpdata.js?href= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 03 Jul 2024 16:51:21 GMT
Expires: Fri, 02 Aug 2024 16:51:21 GMT
Server: GHC
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
ETag: PRIVATE7520710249
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=100
Content-Type: application/x-javascript
Content-Length: 269
GET

https://interia.hit.gemius.pl/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:443

Request

GET /_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 03 Jul 2024 16:51:21 GMT
Expires: Tue, 02 Jul 2024 16:51:21 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
Set-Cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:51:21 GMT
Set-Cookie: Gtest=KlQCTMGGQMQGQiRiIRsR6HGUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Wed, 10 Jul 2024 16:51:21 GMT
Set-Cookie: Gdynp=2Ixh5ao_P_Yx2WY5epfR6TZYx0SNgEgZNAuXiysGMgn.17; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:51:21 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Location: /__/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=
Connection: keep-alive
Keep-Alive: timeout=100
Content-Length: 0
GET

https://interia.hit.gemius.pl/__/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:443

Request

GET /__/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive
Cookie: receive-cookie-deprecation=1; Gtest=KlQCTMGGQMQGQiRiIRsR6HGUssGMXP8cfRbG; Gdynp=2Ixh5ao_P_Yx2WY5epfR6TZYx0SNgEgZNAuXiysGMgn.17

Response

HTTP/1.1 200 OK

Date: Wed, 03 Jul 2024 16:51:21 GMT
Expires: Tue, 02 Jul 2024 16:51:21 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
Set-Cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:51:21 GMT
Set-Cookie: Gtestem=~; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Fri, 1 Jan 2010 00:00:00 GMT
Set-Cookie: Gdyn=KlGzBRGGQMQGQiRiIRsR6HGUssGMXP8c25nSGssIIm78EMxnGoG1oSV5L1BGGBPDGtGaEFQpmsMQGs..; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Sat, 02 Aug 2025 16:51:21 GMT
Set-Cookie: Gdynp=o_FmzrF3BSmdif8Aw00Fv1baFWUXVAJ2WNp2omVspWT.d7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:51:21 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=100
Content-Type: application/x-javascript
Content-Length: 167
DNS

wovens.info

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

wovens.info

IN A

Response
DNS

ocsp.r2m02.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

143.204.67.183
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAZGWZAMnSKW5OXbIFYv0bo%3D

IEXPLORE.EXE

Remote address:

143.204.67.183:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAZGWZAMnSKW5OXbIFYv0bo%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 03 Jul 2024 16:01:58 GMT
Last-Modified: Wed, 03 Jul 2024 15:46:51 GMT
Server: ECAcc (lhd/3587)
X-Cache: Hit from cloudfront
Via: 1.1 801f161811c7af839461382eb62af1dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P1
X-Amz-Cf-Id: 6O3AZdlvzBd8obwDD7cyDBIWuKmSmy5Z2xD1KR_T9VcNiJlYvq_cZw==
Age: 3870
DNS

www.slideshare.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.slideshare.net

IN A

Response

www.slideshare.net

IN CNAME

scribd.map.fastly.net

scribd.map.fastly.net

IN A

151.101.66.152

scribd.map.fastly.net

IN A

151.101.130.152

scribd.map.fastly.net

IN A

151.101.2.152

scribd.map.fastly.net

IN A

151.101.194.152
GET

http://interia.hit.gemius.pl/_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:80

Request

GET /_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 03 Jul 2024 16:52:47 GMT
Expires: Tue, 02 Jul 2024 16:52:47 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Location: https://interia.hit.gemius.pl/_sslredir/_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap=
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0
GET

http://interia.hit.gemius.pl/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:80

Request

GET /_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 03 Jul 2024 16:52:57 GMT
Expires: Tue, 02 Jul 2024 16:52:57 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Location: https://interia.hit.gemius.pl/_sslredir/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0
GET

https://interia.hit.gemius.pl/_sslredir/_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:443

Request

GET /_sslredir/_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive
Cookie: receive-cookie-deprecation=1; Gtest=KlQCTMGGQMQGQiRiIRsR6HGUssGMXP8cfRbG; Gdynp=o_FmzrF3BSmdif8Aw00Fv1baFWUXVAJ2WNp2omVspWT.d7; Gdyn=KlGzBRGGQMQGQiRiIRsR6HGUssGMXP8c25nSGssIIm78EMxnGoG1oSV5L1BGGBPDGtGaEFQpmsMQGs..

Response

HTTP/1.1 200 OK

Date: Wed, 03 Jul 2024 16:52:47 GMT
Expires: Tue, 02 Jul 2024 16:52:47 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
Set-Cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:52:47 GMT
Set-Cookie: Gtest=; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Fri, 1 Jan 2010 00:00:00 GMT
Set-Cookie: Gdyn=KlQ3tRaGQMQGQiRiIRsR6HGUssGM-14oL6nxmG88eu7oLFxSG7lrGS6GkDstFlM1YH8PlexaG0FcQssa; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Sat, 02 Aug 2025 16:52:47 GMT
Set-Cookie: Gdynp=5tAWpZAdiASTdr6Bfv2lDG5uRFiTeragW84UMVhwG37.y7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:52:47 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=100
Content-Type: application/x-javascript
Content-Length: 2
GET

https://interia.hit.gemius.pl/_sslredir/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=

IEXPLORE.EXE

Remote address:

217.74.74.29:443

Request

GET /_sslredir/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: interia.hit.gemius.pl
Connection: Keep-Alive
Cookie: receive-cookie-deprecation=1; Gdynp=5tAWpZAdiASTdr6Bfv2lDG5uRFiTeragW84UMVhwG37.y7; Gdyn=KlQ3tRaGQMQGQiRiIRsR6HGUssGM-14oL6nxmG88eu7oLFxSG7lrGS6GkDstFlM1YH8PlexaG0FcQssa

Response

HTTP/1.1 200 OK

Date: Wed, 03 Jul 2024 16:52:57 GMT
Expires: Tue, 02 Jul 2024 16:52:57 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
Set-Cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:52:57 GMT
Set-Cookie: Gdyn=KlG49RXGQMQGQiRiIRsR6HGUssGMg14oL6nxmG88eu7oLFxSG7lrGS6GkDstFlM1YH8PlexaG0Fcxssa; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Sat, 02 Aug 2025 16:52:57 GMT
Set-Cookie: Gdynp=NqnVD4UWs0BiuMbhCUAzCxdsl8t47KeW5VMPozsFO9f.E7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Sat, 02 Aug 2025 16:52:57 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=100
Content-Type: application/x-javascript
Content-Length: 2

192.0.77.33:80

http://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

http

IEXPLORE.EXE

547 B
611 B
6
5

HTTP Request

GET http://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

HTTP Response

301
217.74.74.29:80

http://interia.hit.gemius.pl/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

http

IEXPLORE.EXE

2.3kB
23.6kB
23
20

HTTP Request

GET http://interia.hit.gemius.pl/xgemius.js

HTTP Response

200

HTTP Request

GET http://interia.hit.gemius.pl/fpdata.js?href=

HTTP Response

301

HTTP Request

GET http://interia.hit.gemius.pl/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

HTTP Response

301
13.107.42.14:80

http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

http

IEXPLORE.EXE

484 B
1.0kB
4
4

HTTP Request

GET http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

HTTP Response

301
217.74.65.42:80

x.interia.pl

http

IEXPLORE.EXE

236 B
365 B
5
3

HTTP Response

408
192.0.77.33:80

s3.wordpress.com

IEXPLORE.EXE

190 B
132 B
4
3
13.107.42.14:80

www.linkedin.com

IEXPLORE.EXE

144 B
132 B
3
3
217.74.74.29:80

interia.hit.gemius.pl

IEXPLORE.EXE

236 B
172 B
5
4
192.0.77.33:80

http://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

http

IEXPLORE.EXE

1.3kB
1.5kB
10
7

HTTP Request

GET http://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

HTTP Response

301

HTTP Request

GET http://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png

HTTP Response

301

HTTP Request

GET http://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

HTTP Response

301
192.0.77.33:80

http://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

http

IEXPLORE.EXE

636 B
1.1kB
7
6

HTTP Request

GET http://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

HTTP Response

301
217.74.65.42:80

http://x.interia.pl/inpl/inpl.ad.1.4.9.js

http

IEXPLORE.EXE

540 B
2.4kB
6
5

HTTP Request

GET http://x.interia.pl/inpl/inpl.ad.1.4.9.js

HTTP Response

200
192.0.72.29:80

http://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

http

IEXPLORE.EXE

688 B
1.1kB
8
7

HTTP Request

GET http://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

HTTP Response

301
192.0.72.29:80

ict4peace.files.wordpress.com

IEXPLORE.EXE

190 B
132 B
4
3
54.236.160.98:80

http://public.slideshare.net/images/badge85_62.gif

http

IEXPLORE.EXE

566 B
574 B
6
5

HTTP Request

GET http://public.slideshare.net/images/badge85_62.gif

HTTP Response

301
54.236.160.98:80

public.slideshare.net

IEXPLORE.EXE

190 B
132 B
4
3
192.0.72.29:443

https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

tls, http

IEXPLORE.EXE

1.3kB
5.3kB
14
12

HTTP Request

GET https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

HTTP Response

302
192.0.77.33:443

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

tls, http

IEXPLORE.EXE

2.6kB
10.7kB
20
19

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

HTTP Response

200

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png

HTTP Response

200

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

HTTP Response

200

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

HTTP Response

200
192.0.77.33:443

https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

tls, http

IEXPLORE.EXE

1.4kB
7.8kB
16
15

HTTP Request

GET https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

HTTP Response

200
54.236.160.98:443

https://public.slideshare.net/images/badge85_62.gif

tls, http

IEXPLORE.EXE

1.3kB
6.9kB
14
14

HTTP Request

GET https://public.slideshare.net/images/badge85_62.gif

HTTP Response

301
13.107.42.14:443

https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

tls, http

IEXPLORE.EXE

1.3kB
11.5kB
10
16

HTTP Request

GET https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

HTTP Response

200
192.0.78.12:443

https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332

tls, http

IEXPLORE.EXE

3.5kB
144.2kB
63
112

HTTP Request

GET https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332

HTTP Response

200
192.0.78.12:443

ict4peace.wordpress.com

tls

IEXPLORE.EXE

754 B
4.2kB
10
9
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
217.74.74.29:443

https://interia.hit.gemius.pl/__/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

tls, http

IEXPLORE.EXE

2.9kB
7.9kB
14
13

HTTP Request

GET https://interia.hit.gemius.pl/_sslredir/fpdata.js?href=

HTTP Response

200

HTTP Request

GET https://interia.hit.gemius.pl/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

HTTP Response

301

HTTP Request

GET https://interia.hit.gemius.pl/__/_sslredir/_1720025480388/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025480&fpcap=

HTTP Response

200
143.204.67.183:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAZGWZAMnSKW5OXbIFYv0bo%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAZGWZAMnSKW5OXbIFYv0bo%3D

HTTP Response

200
151.101.66.152:443

www.slideshare.net

tls

IEXPLORE.EXE

399 B
219 B
5
5
151.101.66.152:443

www.slideshare.net

tls

IEXPLORE.EXE

399 B
219 B
5
5
151.101.66.152:443

www.slideshare.net

tls

IEXPLORE.EXE

361 B
219 B
5
5
151.101.66.152:443

www.slideshare.net

tls

IEXPLORE.EXE

361 B
219 B
5
5
151.101.66.152:443

www.slideshare.net

tls

IEXPLORE.EXE

288 B
219 B
5
5
151.101.66.152:443

www.slideshare.net

tls

IEXPLORE.EXE

288 B
219 B
5
5
151.101.66.152:443

www.slideshare.net

IEXPLORE.EXE

190 B
172 B
4
4
151.101.66.152:443

www.slideshare.net

IEXPLORE.EXE

190 B
132 B
4
3
192.0.77.33:443

s3.wordpress.com

tls

IEXPLORE.EXE

636 B
506 B
8
7
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.8kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.7kB
9
12
217.74.74.29:80

interia.hit.gemius.pl

IEXPLORE.EXE

98 B
52 B
2
1
217.74.74.29:80

http://interia.hit.gemius.pl/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=

http

IEXPLORE.EXE

1.9kB
2.5kB
8
5

HTTP Request

GET http://interia.hit.gemius.pl/_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap=

HTTP Response

301

HTTP Request

GET http://interia.hit.gemius.pl/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=

HTTP Response

301
217.74.74.29:443

https://interia.hit.gemius.pl/_sslredir/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=

tls, http

IEXPLORE.EXE

2.6kB
2.8kB
8
5

HTTP Request

GET https://interia.hit.gemius.pl/_sslredir/_1720025566630/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025566&fpcap=

HTTP Response

200

HTTP Request

GET https://interia.hit.gemius.pl/_sslredir/_1720025576629/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720025481&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F231ab09e0c3f3844864df5e3d144a2e9_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x626&vis=1&lsdata=-NOTSUP&fpdata=ovRhFcaP38p2jouSYxeN3WQhZdZ5EgQWmPAkKwZNHsv.X7%7C1720025481&ltime=0&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DnoLoStrg&exid=668581873246c99f&brts=1720025576&fpcap=

HTTP Response

200

8.8.8.8:53

s.wordpress.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

s.wordpress.com

DNS Response

192.0.77.33
8.8.8.8:53

s3.wordpress.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

s3.wordpress.com

DNS Response

192.0.77.33
8.8.8.8:53

www.linkedin.com

dns

IEXPLORE.EXE

62 B
161 B
1
1

DNS Request

www.linkedin.com

DNS Response

13.107.42.14
8.8.8.8:53

x.interia.pl

dns

IEXPLORE.EXE

58 B
74 B
1
1

DNS Request

x.interia.pl

DNS Response

217.74.65.42
8.8.8.8:53

interia.hit.gemius.pl

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

interia.hit.gemius.pl

DNS Response

217.74.74.29
8.8.8.8:53

ict4peace.files.wordpress.com

dns

IEXPLORE.EXE

75 B
124 B
1
1

DNS Request

ict4peace.files.wordpress.com

DNS Response

192.0.72.29

192.0.72.28
8.8.8.8:53

public.slideshare.net

dns

IEXPLORE.EXE

67 B
179 B
1
1

DNS Request

public.slideshare.net

DNS Response

54.236.160.98

35.153.242.1

54.209.139.161

3.229.9.213

52.200.251.100
8.8.8.8:53

ict4peace.wordpress.com

dns

IEXPLORE.EXE

69 B
118 B
1
1

DNS Request

ict4peace.wordpress.com

DNS Response

192.0.78.12

192.0.78.13
8.8.8.8:53

wovens.info

dns

IEXPLORE.EXE

57 B
136 B
1
1

DNS Request

wovens.info
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

143.204.67.183
8.8.8.8:53

www.slideshare.net

dns

IEXPLORE.EXE

64 B
160 B
1
1

DNS Request

www.slideshare.net

DNS Response

151.101.66.152

151.101.130.152

151.101.2.152

151.101.194.152

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5784487f3d059535c4b93a13e193ac66

SHA1
d96dd2caf1fc4589967abd855d1d639b198a8ac8

SHA256
38d7b9f27d7e37c55b14bd92e3dd90c735c5cd74d8c6bd73df79e1404b0416de

SHA512
a7fc02037635bf953f67efb83e3bd3254e5b78fb9cb5dda291259b1a56adf0d2e74f5528b5a6b564a4a79bcb12fa9e1ff2e9f14e6fd60295cd95b0ca5c311e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc5de6379297766f57acf9a750a23125

SHA1
930d8a6cbb834ad0fe015a2cbb3f3fb925bdae4c

SHA256
e0ab4eea2d69e4a240585b4f7f6c513dcd46752665b736ad44ef4829be650608

SHA512
86f94e7044c2dbab167c04cc640591ecbb13c81dc61b6a1419fa6356c77c091191141467bcb89b7acee26ebb0eb0b6e03e42e6bd27a6e882ab8935d281bfd1df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37cc31dd58259400db2eb33fe0574ec7

SHA1
3e7a843014c31200dc38ebf0f50ddb28fbc65096

SHA256
5efa5ec30fdfc62b0c1555c9fa1c12db53d97622bfecc28579e92f210738e36a

SHA512
5329f8cb7445506557c865ed73a79963387943544cf18d8b9d07815a7669dca360a79e50206995b337f9470aaf191f6e642324448cc1921b89e208a989e57475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b42dc95f7ff1b22b43be38bdb374b952

SHA1
1883a60af43a0ac91bbdbeb5bbd4f7e3be61a9eb

SHA256
1a63a592fc9176ad43afb8ce7e71e862479bf5084178267a76bde7d8171ba173

SHA512
55f5d3e319898532efb054287cbf5fc8b08c3bdd05332cf53a945861893adf36a9215eb90265301f022550656be66ac8369d22e7802f5cc4634174bd8715d2bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09027a1e21827e51970e2b929be9260a

SHA1
01a864fcc4265beed516621edd98b8185ba4e252

SHA256
2baa43bfa4b1c4db68425287b5e2cf5d86798249421416cc96d5c10dbe2cc2c3

SHA512
611d69502fed84b4d7c83dbdd9d076a5454907bbefbbd82765aafaa6a47f78b68310413685c289a2975e5aafc907894a1af2f7251f3cfa612bcd3f3482908fa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66b7ddf6bb282bfb228989269ab45c3f

SHA1
e0b1244bf7f8d68a9aba4b78fc941a0029e61ce3

SHA256
b731ac729b75c20fe55aafc78bf2901b24b03eb4f96d9c9f4106578877a7dfef

SHA512
50466f323248d079f3b0eea8ade0d40f4217b19ac9ad9af57886e5421477fb090af3edb9e3ac0a271d5f6f2a8bbb0cfd749d9322aad1802d2e4b2bb567b86d35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e3e4685f117d85dcb96e0bdf0f64922

SHA1
d4f8f35099c9114bf464eebabb7914b00f9cfc6a

SHA256
842f590e606ffd0dd011c381fd131e6886da3ad0a1286d0761c26f95a539001e

SHA512
6db4e13d2d306d9cb9f3537ef84fa4922712772e6ff15bb3224fd265af970b0daf28c1ec93f3f547be961992b2f11b7586dd4d33bd7bcb8ebdf9649854389ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01b1a8ae6e71706ead19df472a03916d

SHA1
5c803e15177dcecd4c113969f05c94f88b171918

SHA256
03d0a04d7e1b7abae247b6d676622fc3a417f18e911232f2965840bb4891cf9c

SHA512
25786900db9b8d03a0b9f3106dffe6901cf1853e31a2038b0bc29f38fc13014c46ef86940d0996e28237afeabab6e77598ccb6d9388b192052ba8b0d5e2e0cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2114320817f116b36e0deef10ccef2da

SHA1
6f60c41132a05fbd02718df3d9ac5b17f42d4be9

SHA256
34d2217b21ec376f827ebeb42e41743c854ece5a06267647b80415c922fd0583

SHA512
a8ae176f545ef60e654ddde995d91ee3fefb58f3a6104d9aaab9fdf744af0fec458754f1845f2d3fcb9d0fe6863fc6cf4951851488d3d832f625bcf52f1caabb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5647130a0477cfdb9b8bc045cd5910b8

SHA1
e400d85092ece00cdb18a3c97f688afe51533328

SHA256
a71a75023c4d9078f5233e65e497dbe664a85b6c3d2b331bdc30df9d4cf3f2b0

SHA512
a05fe9454f4e00bae417076524ee3a69db21191eccce0aa918de46c1376259778d606842905fd307ac8b60c4a36df845dd48647de8761a1360c4c28283fd97ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55e48e07a1e5a01f1ccfc45136431eeb

SHA1
c5b7a55fba88b10d9b90e34eaa94c9070e262917

SHA256
95a17ba49dd48d7ef3f5b348153a550a54be7d66d8f57d2032a5a723e8e7ab9e

SHA512
ffe977a7efb1bbc7783a197530cf0826f34886b5d9b8d2a77eaa315a15a5df426317047064ec540d63ad1d55e87451a4f2fa80698cfe4d042a8fece395cb0808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f029d0114dccf39d04a1f3c6d42dba7

SHA1
de536eb9f89f05303ed175c19a5cbc1cc2110363

SHA256
81b1825336415ccb042af64788a768908b2c3e8965990f83c2e0dcf7c95ca2d0

SHA512
6f7d9b41d5f78246d31e99632a01b72cdf17237664a04dd07d64351a2f510e4a6ca3dc9f975280ff90184382c7d145de86400fcdb4845529430d977f2368dd6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cb05e8570366bfd2559666d7cfae3df

SHA1
41b8dc355eaba9a8c886580a5f9c61ed46e7dd3b

SHA256
b71125bc20e4d74e2022706c157ec09639b133ac169ac08cb0878bb6c481a233

SHA512
91ff6a337b3e43908f06ee8f75b6248ab7218902d1417d15100dd761d046e7c4e3df323b6a2f5b11d0cc795342f41e897ad7a0a9d4ff0c3fd50dffa0f382f140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0034f8ae4f0018cf0094921fc7795cb

SHA1
9b44373ab9f11c930dbd846ccee464135fe0b922

SHA256
81ca708c57c6e3ea5620303060ab0a0bb92159c07f762c5e4d5197f1a0956be0

SHA512
12ff5119832b24d87dbb9a4275de93e49804185a5d504c821bb832b446bc4dc7a3ee7e2e66f464f092bd400b24dce15d77ee34089d18fe278fa4a173fc02bd81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c64cbe0f7654df1225943372e4d40975

SHA1
55bfb86b8b88e9205ca89b90509d008f4be12d69

SHA256
51564abe09e140f0d2b9cb895e3e25dd3f3d7f5607c2ba91d27c4705a5435cb8

SHA512
c465588f8a2b6e8efbbc333d919a59b1aea460c5770311fffbe2b10c07dfa63114507a144910fe894441393c5ba54fb5df290bfcfada8405a600ac5ff24a3148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e1a85ff88c7289891d156538cd54c46

SHA1
9643573ee4a9c02d716ea741c3041e4ee94854ec

SHA256
db5fe6597dbe7b57bdde3a963963d7de482022aa763b85ea9bb67a38382d3b5a

SHA512
81d7069ac5d67a18955a66394c9b197cb0d53bdda731bab81680073a35b8cea7bc49c3bb5d33782e2134081e71790f5e9dfd1bacdfdbb1a82e63e77de266a974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da07396cdea3c4077b139e667664765c

SHA1
3c76b4c7124fe3a5b3735dff99631d0b556bbfe3

SHA256
1a6bb041b4e66cb214fe4d4e2697efd5de7300e254869ee8e53187d366755cde

SHA512
92f3f759f5e01f9243a61ad8de548273bf0229c61d4f9b2e084318d1a472d3055fb0c08de6e7249c784517a6090e80074581c9e6cf7b2144bec48058325469cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3eb7fe45c0af211d58590d4bec925a87

SHA1
57a4d9050a424cab006d9808a1f6260fd35ba7a0

SHA256
b8aab8f27ef16df76bf6ce9576de7d96991049953c516388dd4dd0751d94236d

SHA512
103a20d972f4728cb00804b7bd834d0919c3590047b100953f6943de4e925999b1a327153439ad88ba8fd97fc6ddcd8b7390ab543c9ad30b4e1adca3aa3a8c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8560de62b53ded33e152d02e5ee3bee1

SHA1
e0ac509d7698e7be0f8daa3f49af0241c08dff63

SHA256
8c0fb0da9d45c5d4daf3d7b9f718101665696dcef371d69c939902fa159f724f

SHA512
e1495d68cfbb35517ee051fc3eda5bc076fbc1a288e9c423d4fa34c4dc49d26890f517af04d2bc2a028fdba2e08a1b23f0d6eb6a1f0acbe86e1f299faf3aaf11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26059873abbc008b43185e449d9a4c90

SHA1
dd2cc68cb4d77e51293a74099b676397c0cfa399

SHA256
deca2d2517738275ac36f12b163f235b4162b3a902addc290aeae6c1afb1f382

SHA512
3b23755394dc58e5b0544016e4a1ec03f3c7d9ec6e9066d7a3f9adffba4e8fb3e5fbe02e143b70e594c070e62feaf4f0440f6169d4fed3c0d5dcb98822bffb2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25f8a770029833635f1a33042f6980bf

SHA1
72f1011dcabbd0efb82967fef449812cb741e2f7

SHA256
ac915b27f04c8a832d54ff7d47aa790c4603be67cc10a133c14d3a90c07d2d01

SHA512
176379b3ec17719cb643ded4003ef0956eda8745d91e7616e03298411c7d701d3191c0024e729a3967a8ab9d2a23dea7ae4f6925e93aab870cf251f1f064bef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d20a22cced5e7cefe64b2311f668627d

SHA1
f3a49d004361bf05c6b1b4081a27e39e559a12b7

SHA256
06a6026615dd2123d7020558abb2022a4b97c2d6bce4308152c86842a629b771

SHA512
43727b38d8ebd9b026f77219d26dc90d8e346e7221990c37cc7566de6584252fd9ac726f49757d0780a7097f668b52924d1a3df5ea889ff601e0a62306019099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cf2c284339d10f2e11fae3d615f1729

SHA1
84b11176b54f8f0a1218714ee080ec78101c6c0d

SHA256
f2fe5c86aca50a5d07e2dd8ff93bf7aff15376295e01fa28240a92b91143986d

SHA512
d585ea0b9f8b1e532bbd308b2f5a7e6fdcdec29c5db8a37ae8b4683774cf29ef2630fc63b2867306c4be76abb8132c46100caab589df3948903439f59c378f5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0a8ca0e0f931c907a8d18579067e21e

SHA1
a6be5fc16e7d6e13188aff2e437d436b4de21db3

SHA256
383216ebcb58158aced7cf8f6ae8b25a67d85e07e2f3b7ca75e8b879796aaf1d

SHA512
d2da51bd41e4ca02ec5cb0ffb7df745f92c3bcfec26f25e158367a2f56446f80a9faea101c2ee923f0a65cbf6f1f28a1a8b8b37cf7f069dbba9a02601daa6b53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d365378498b2e5602ba8010e67b06848

SHA1
59ccbeb97b74ae31340e806f5974c65c30976ad4

SHA256
89b40caf2ed1a5c05bdcdac4c14fc4fbe8a63d7288641ced8b4419e5f26f6fd1

SHA512
5a4ecfbf2f783fd1efd4ddf67a14e0a97e7d20af131e73a7deb3e2c26ef014b001558851270fcbac34ffd7e0ce1a815efbcd1cd915c6f2cb6c65529184d37ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\user[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1507.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar150C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response