37e0b179234b68fc9c8d8454ba06d6cf39e4b10e739844da402c829a588d72ec

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 10:57 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html
Size

20KB
MD5

3018ceead6c10bce1190cd54a00699b7
SHA1

50f2aad309c92c2f16add38d7a43667ebf66f149
SHA256

37e0b179234b68fc9c8d8454ba06d6cf39e4b10e739844da402c829a588d72ec
SHA512

46afcaaebe4e6c27295f59a895eb99e60e62b4ad72ae7c465d083b3c2c2e660c9ac0e71dcc9e97d1da74b099a0979c92184f721dd4cdca357d393d31abb626d5
SSDEEP

384:DGVK6A6jvorPDcFaz7iEUoLzw6dRLWYpY7qt:6VBnqD7iEUwwGEYW7qt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
4940	msedge.exe
4940	msedge.exe
5012	identity_helper.exe
5012	identity_helper.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 3296	4940	msedge.exe	82
PID 4940 wrote to memory of 3296	4940	msedge.exe	82
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1700	4940	msedge.exe	84
PID 4940 wrote to memory of 1716	4940	msedge.exe	85
PID 4940 wrote to memory of 1716	4940	msedge.exe	85
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86
PID 4940 wrote to memory of 744	4940	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe931546f8,0x7ffe93154708,0x7ffe93154718
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6158343662805044070,882974405041481563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

Network

DNS

s3.wordpress.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s3.wordpress.com

IN A

Response

s3.wordpress.com

IN A

192.0.77.33
DNS

s.wordpress.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s.wordpress.com

IN A

Response

s.wordpress.com

IN A

192.0.77.33
DNS

ict4peace.files.wordpress.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ict4peace.files.wordpress.com

IN A

Response

ict4peace.files.wordpress.com

IN CNAME

s7.files.wordpress.com

s7.files.wordpress.com

IN A

192.0.72.28

s7.files.wordpress.com

IN A

192.0.72.29
DNS

public.slideshare.net

msedge.exe

Remote address:

8.8.8.8:53

Request

public.slideshare.net

IN A

Response

public.slideshare.net

IN CNAME

webapp.production.slideshare.net

webapp.production.slideshare.net

IN A

3.229.9.213

webapp.production.slideshare.net

IN A

52.45.218.108

webapp.production.slideshare.net

IN A

54.209.139.161

webapp.production.slideshare.net

IN A

52.207.178.8

webapp.production.slideshare.net

IN A

54.225.24.133
DNS

www.linkedin.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.linkedin.com

IN A

Response

www.linkedin.com

IN CNAME

exp1.www.linkedin.com

exp1.www.linkedin.com

IN CNAME

www-linkedin-com.l-0005.l-msedge.net

www-linkedin-com.l-0005.l-msedge.net

IN CNAME

l-0005.l-msedge.net

l-0005.l-msedge.net

IN A

13.107.42.14
DNS

x.interia.pl

msedge.exe

Remote address:

8.8.8.8:53

Request

x.interia.pl

IN A

Response

x.interia.pl

IN A

217.74.65.42
DNS

interia.hit.gemius.pl

msedge.exe

Remote address:

8.8.8.8:53

Request

interia.hit.gemius.pl

IN A

Response

interia.hit.gemius.pl

IN A

217.74.74.29
GET

http://interia.hit.gemius.pl/xgemius.js

msedge.exe

Remote address:

217.74.74.29:80

Request

GET /xgemius.js HTTP/1.1
Host: interia.hit.gemius.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 09 Jul 2024 13:12:21 GMT
Expires: Wed, 10 Jul 2024 01:12:21 GMT
Server: GHC
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Mon, 17 Jun 2024 08:08:07 GMT
Vary: Accept-Encoding,Origin
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Type: application/x-javascript
Content-Length: 20346
Content-Encoding: gzip
GET

http://x.interia.pl/inpl/inpl.ad.1.4.9.js

msedge.exe

Remote address:

217.74.65.42:80

Request

GET /inpl/inpl.ad.1.4.9.js HTTP/1.1
Host: x.interia.pl
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

content-type: text/javascript
last-modified: Wed, 01 Jul 2009 11:49:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
p3p: CP="CAO PSA OUR"
date: Tue, 09 Jul 2024 13:12:21 GMT
content-length: 1749
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 09 Jul 2024 14:12:21 GMT
cache-control: max-age=1814400
server: IPL/2.2
accept-ranges: bytes
GET

http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

msedge.exe

Remote address:

13.107.42.14:80

Request

GET /img/webpromo/btn_linkedin_120x30.gif HTTP/1.1
Host: www.linkedin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif
Set-Cookie: bcookie="v=2&7f64a349-ce5e-4883-8e97-5a3bfb985c4c"; Domain=.linkedin.com; Expires=Wed, 09-Jul-2025 13:12:21 GMT; Path=/; Secure; SameSite=None
Set-Cookie: li_gc=MTswOzE3MjA1MzA3NDE7MjswMjGo66IgVin2hgJj+hPSgLQKbUJNuLfw3hcyHohyhCLwNA==; Domain=.linkedin.com; Expires=Sun, 05 Jan 2025 13:12:21 GMT; Path=/; Secure; SameSite=None
X-Li-Fabric: prod-ltx1
X-Li-Pop: afd-prod-ltx1-x
X-Li-Proto: http/1.1
X-LI-UUID: AAYc0EepHToLfsCGWKBpFw==
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 33238A4704404DCF8526950B07DD26C1 Ref B: LON04EDGE0716 Ref C: 2024-07-09T13:12:21Z
Date: Tue, 09 Jul 2024 13:12:21 GMT
Content-Length: 0
GET

http://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

msedge.exe

Remote address:

192.0.72.28:80

Request

GET /2008/09/un-on-youtube.png?w=425&h=332 HTTP/1.1
Host: ict4peace.files.wordpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 09 Jul 2024 13:12:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332
GET

http://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

msedge.exe

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/pub/simpla/style.css?m=1219803973a HTTP/1.1
Host: s3.wordpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 09 Jul 2024 13:12:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a
GET

http://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

msedge.exe

Remote address:

192.0.77.33:80

Request

GET /wp-content/themes/h4/global.css?m=1214319868a HTTP/1.1
Host: s.wordpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 09 Jul 2024 13:12:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a
GET

http://public.slideshare.net/images/badge85_62.gif

msedge.exe

Remote address:

3.229.9.213:80

Request

GET /images/badge85_62.gif HTTP/1.1
Host: public.slideshare.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: awselb/2.0
Date: Tue, 09 Jul 2024 13:12:21 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://public.slideshare.net:443/images/badge85_62.gif
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

msedge.exe

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/style.css?m=1219803973a HTTP/2.0
host: s3.wordpress.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: text/css
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/6784-1695422216921.9656
content-encoding: br
expires: Thu, 19 Jun 2025 22:56:53 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png

msedge.exe

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/images/bg.png HTTP/2.0
host: s3.wordpress.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: image/png
content-length: 147
last-modified: Fri, 22 Sep 2023 22:36:56 GMT
etag: "650e1708-93"
expires: Sat, 09 Nov 2024 15:18:58 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
accept-ranges: bytes
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

msedge.exe

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/images/user.gif HTTP/2.0
host: s3.wordpress.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: image/gif
content-length: 287
last-modified: Fri, 19 May 2023 01:49:11 GMT
etag: "6466d597-11f"
expires: Sat, 09 Nov 2024 15:18:58 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
accept-ranges: bytes
GET

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

msedge.exe

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/pub/simpla/images/post.gif HTTP/2.0
host: s3.wordpress.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: image/gif
content-length: 276
last-modified: Fri, 22 Sep 2023 22:36:56 GMT
etag: "650e1708-114"
expires: Sat, 09 Nov 2024 15:18:58 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
accept-ranges: bytes
GET

https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

msedge.exe

Remote address:

192.0.72.28:443

Request

GET /2008/09/un-on-youtube.png?w=425&h=332 HTTP/2.0
host: ict4peace.files.wordpress.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: text/html
content-length: 138
location: https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332
x-nc: lhr 28 np
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
GET

https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

msedge.exe

Remote address:

192.0.77.33:443

Request

GET /wp-content/themes/h4/global.css?m=1214319868a HTTP/2.0
host: s.wordpress.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: text/css
content-length: 311
x-minify: t
x-minify-cache: hit
etag: W/471-1684461197956.71
expires: Wed, 18 Jun 2025 06:57:22 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
GET

https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

msedge.exe

Remote address:

13.107.42.14:443

Request

GET /img/webpromo/btn_linkedin_120x30.gif HTTP/2.0
host: www.linkedin.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=604800,private
content-length: 2153
content-type: image/gif
expires: Tue, 16 Jul 2024 13:12:21 GMT
last-modified: Tue, 16 Apr 2024 21:22:37 GMT
accept-ranges: bytes
etag: "661eec1d-869"
set-cookie: bcookie="v=2&7953f1e5-d342-4c11-893c-198b0496643a"; Domain=.linkedin.com; Expires=Wed, 09-Jul-2025 13:12:21 GMT; Path=/; Secure; SameSite=None
set-cookie: bscookie="v=1&202407091312216a619d50-9215-4d9a-8927-4d2082620ba8AQEgFjoxT6dBBe8YhUn0D62ldPggkB-i"; Domain=.www.linkedin.com; Expires=Wed, 09-Jul-2025 13:12:21 GMT; Path=/; HttpOnly; Secure; SameSite=None
set-cookie: li_gc=MTswOzE3MjA1MzA3NDE7MjswMjFikMz80QkRH75R7QrO6dHJuM22SIIo3Rn30yLd8dUAqw==; Domain=.linkedin.com; Expires=Sun, 05 Jan 2025 13:12:21 GMT; Path=/; Secure; SameSite=None
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYc0EeuEM1TFn4GgY+xnw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: EC33508EBE96470CBDF4D6080F002356 Ref B: LON04EDGE1222 Ref C: 2024-07-09T13:12:21Z
date: Tue, 09 Jul 2024 13:12:21 GMT
GET

https://public.slideshare.net/images/badge85_62.gif

msedge.exe

Remote address:

3.229.9.213:443

Request

GET /images/badge85_62.gif HTTP/2.0
host: public.slideshare.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: text/html
content-length: 162
location: https://www.slideshare.net/images/badge85_62.gif
server: envoy
p3p: CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
x-content-type-options: nosniff
cache-control: private, no-store
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-envoy-upstream-service-time: 1
DNS

ict4peace.wordpress.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ict4peace.wordpress.com

IN A

Response

ict4peace.wordpress.com

IN CNAME

lb.wordpress.com

lb.wordpress.com

IN A

192.0.78.13

lb.wordpress.com

IN A

192.0.78.12
GET

https://interia.hit.gemius.pl/fpdata.js?href=

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /fpdata.js?href= HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:21 GMT
expires: Thu, 08 Aug 2024 13:12:21 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
content-length: 269
GET

https://interia.hit.gemius.pl/_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Tue, 09 Jul 2024 13:12:22 GMT
expires: Mon, 08 Jul 2024 13:12:22 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:22 GMT
set-cookie: Gtest=KlGnnRGGQMQGje9X1kKboTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:22 GMT
set-cookie: Gdynp=N617IgP1Oi2UYpaConIFyd.DNOPaUyztKW9T3JGGsEf.I7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:22 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740
content-length: 0
GET

https://interia.hit.gemius.pl/__/_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /__/_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:22 GMT
expires: Mon, 08 Jul 2024 13:12:22 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:22 GMT
set-cookie: Gtest=KlxxgMGGQMQG541M2rHboTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:22 GMT
set-cookie: Gdynp=wqJ6CAnIW_TiBMoiUqyCpXFfxV4NzhYGNwKgMJGaqeb.07; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:22 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
content-length: 167
GET

https://interia.hit.gemius.pl/_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Tue, 09 Jul 2024 13:12:39 GMT
expires: Mon, 08 Jul 2024 13:12:39 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:39 GMT
set-cookie: Gtest=KlQ-fRGGQMQGRNys-xDyoTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:39 GMT
set-cookie: Gdynp=iCMWbml8Oa_FoC_8qToXR3TxqezeIjLXt0Lo7GSMg_z.J7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:39 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758
content-length: 0
GET

https://interia.hit.gemius.pl/__/_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /__/_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:39 GMT
expires: Mon, 08 Jul 2024 13:12:39 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:39 GMT
set-cookie: Gtest=KlGDXMXGQMGGjsM1mt4yoTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:39 GMT
set-cookie: Gdynp=7rq87NcqOjzD.osNbHrfgicuC8ymYMPVcKtlfO.OMWX._7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:39 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
content-length: 2
GET

https://interia.hit.gemius.pl/_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Tue, 09 Jul 2024 13:12:40 GMT
expires: Mon, 08 Jul 2024 13:12:40 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:40 GMT
set-cookie: Gtest=Klx4dMaGQMQGaHI91RHyoTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:40 GMT
set-cookie: Gdynp=tRLKS3smCE6eumJkj1goBVqCRsGUMuJKKqRTFc0X_SL.G7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759
content-length: 0
GET

https://interia.hit.gemius.pl/__/_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /__/_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:40 GMT
expires: Mon, 08 Jul 2024 13:12:40 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:40 GMT
set-cookie: Gtest=KlxDdRGGQMQG5vmaNMHyoTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:40 GMT
set-cookie: Gdynp=RYZgIDYsGV6.y_Js7_LUouucd5Ms9MRw_i0YEL_cBfb.W7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
content-length: 2
GET

https://interia.hit.gemius.pl/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Tue, 09 Jul 2024 13:12:47 GMT
expires: Mon, 08 Jul 2024 13:12:47 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:47 GMT
set-cookie: Gtest=KlShEMXGQMGGi836OP4yoTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:47 GMT
set-cookie: Gdynp=Wo.cmFzdpMOKvgsznPKFMe5n9FvCXVq_9o7LfsCWEBv.t7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:47 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766
content-length: 0
GET

https://interia.hit.gemius.pl/__/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766

msedge.exe

Remote address:

217.74.74.29:443

Request

GET /__/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766 HTTP/2.0
host: interia.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:47 GMT
expires: Mon, 08 Jul 2024 13:12:47 GMT
server: GHC
accept-ranges: none
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
set-cookie: receive-cookie-deprecation=1; Domain=hit.gemius.pl; Path=/; HttpOnly; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:47 GMT
set-cookie: Gtest=KlxKXRaGQMGGtFu5TPgyoTMUssGMXP8cfRbG; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Expires=Tue, 16 Jul 2024 13:12:47 GMT
set-cookie: Gdynp=f4iH7Rc.p5S_lnV3_CAM5EyrhzNJEGRGlJrSZygNFBX.A7; Domain=hit.gemius.pl; Path=/; SameSite=None; Secure; Partitioned; Expires=Fri, 08 Aug 2025 13:12:47 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
content-length: 2
DNS

ls.hit.gemius.pl

msedge.exe

Remote address:

8.8.8.8:53

Request

ls.hit.gemius.pl

IN A

Response

ls.hit.gemius.pl

IN A

146.59.30.108

ls.hit.gemius.pl

IN A

146.59.30.104

ls.hit.gemius.pl

IN A

145.239.237.56

ls.hit.gemius.pl

IN A

146.59.30.96

ls.hit.gemius.pl

IN A

146.59.30.100
GET

https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332

msedge.exe

Remote address:

192.0.78.13:443

Request

GET /wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332 HTTP/2.0
host: ict4peace.wordpress.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 09 Jul 2024 13:12:21 GMT
content-type: image/webp
content-length: 93704
last-modified: Mon, 29 Sep 2008 00:49:21 GMT
expires: Wed, 17 Jul 2024 15:17:09 GMT
x-orig-src: 0_imageresize
vary: Accept
x-ac: 1.lhr _dfw HIT
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
GET

http://ls.hit.gemius.pl/lsget.html

msedge.exe

Remote address:

146.59.30.108:80

Request

GET /lsget.html HTTP/1.1
Host: ls.hit.gemius.pl
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 09 Jul 2024 13:12:21 GMT
Expires: Thu, 08 Aug 2024 13:12:21 GMT
Server: GHC
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
ETag: PRIVATE7520710249
Vary: Accept-Encoding,Origin,User-Agent
Cross-Origin-Resource-Policy: cross-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Type: text/html;charset=utf-8
Content-Length: 2809
Content-Encoding: gzip
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

216.58.204.78:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Tue, 09 Jul 2024 11:35:27 GMT
Expires: Tue, 09 Jul 2024 13:35:27 GMT
Cache-Control: public, max-age=7200
Age: 5814
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

wovens.info

msedge.exe

Remote address:

8.8.8.8:53

Request

wovens.info

IN A

Response
GET

https://ls.hit.gemius.pl/lsget.html

msedge.exe

Remote address:

146.59.30.108:443

Request

GET /lsget.html HTTP/2.0
host: ls.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:21 GMT
expires: Thu, 08 Aug 2024 13:12:21 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2800
content-encoding: gzip
GET

https://ls.hit.gemius.pl/lsset.html

msedge.exe

Remote address:

146.59.30.108:443

Request

GET /lsset.html HTTP/2.0
host: ls.hit.gemius.pl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 09 Jul 2024 13:12:22 GMT
expires: Thu, 08 Aug 2024 13:12:22 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 1980
content-encoding: gzip
DNS

www.slideshare.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.slideshare.net

IN A

Response

www.slideshare.net

IN CNAME

scribd.map.fastly.net

scribd.map.fastly.net

IN A

151.101.66.152

scribd.map.fastly.net

IN A

151.101.2.152

scribd.map.fastly.net

IN A

151.101.130.152

scribd.map.fastly.net

IN A

151.101.194.152
DNS

15.164.165.52.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

14.42.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.42.107.13.in-addr.arpa

IN PTR

Response
DNS

28.72.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.72.0.192.in-addr.arpa

IN PTR

Response
DNS

33.77.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.77.0.192.in-addr.arpa

IN PTR

Response

33.77.0.192.in-addr.arpa

IN PTR

wordpresscom
DNS

29.74.74.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.74.74.217.in-addr.arpa

IN PTR

Response

29.74.74.217.in-addr.arpa

IN PTR

interiahitgemiuspl
DNS

42.65.74.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.65.74.217.in-addr.arpa

IN PTR

Response

42.65.74.217.in-addr.arpa

IN PTR

xinteriapl
DNS

213.9.229.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.9.229.3.in-addr.arpa

IN PTR

Response

213.9.229.3.in-addr.arpa

IN PTR

ec2-3-229-9-213 compute-1 amazonawscom
DNS

13.78.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.78.0.192.in-addr.arpa

IN PTR

Response
DNS

108.30.59.146.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.30.59.146.in-addr.arpa

IN PTR

Response

108.30.59.146.in-addr.arpa

IN PTR

ip108ip-146-59-30eu
DNS

78.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.204.58.216.in-addr.arpa

IN PTR

Response

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f141e100net

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f78�H

78.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f14�H
DNS

68.255.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.255.239.18.in-addr.arpa

IN PTR

Response

68.255.239.18.in-addr.arpa

IN PTR

server-18-239-255-68bud50r cloudfrontnet
GET

https://www.slideshare.net/images/badge85_62.gif

msedge.exe

Remote address:

151.101.66.152:443

Request

GET /images/badge85_62.gif HTTP/2.0
host: www.slideshare.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
server: envoy
last-modified: Thu, 13 Jun 2024 19:51:27 GMT
etag: "666b4dbf-905"
expires: Sat, 14 Jun 2025 11:35:29 GMT
cache-control: max-age=31536000
p3p: CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
accept-ranges: bytes
age: 2165813
date: Tue, 09 Jul 2024 13:12:22 GMT
via: 1.1 varnish
x-served-by: cache-lon420121-LON
x-cache: HIT
x-cache-hits: 0
x-timer: S1720530742.364147,VS0,VE1
set-cookie: browser_id=65ebe205-0599-42e9-92d4-2dde3b1053ea; Domain=.slideshare.net; Path=/; Expires=Sun, 08 Jul 2029 13:12:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2309
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.135.104

a1952.dscq.akamai.net

IN A

88.221.134.137
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

88.221.135.104:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 09 Jul 2024 14:12:22 GMT
Date: Tue, 09 Jul 2024 13:12:22 GMT
Connection: keep-alive
DNS

152.66.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.66.101.151.in-addr.arpa

IN PTR

Response
DNS

104.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.135.221.88.in-addr.arpa

IN PTR

Response

104.135.221.88.in-addr.arpa

IN PTR

a88-221-135-104deploystaticakamaitechnologiescom
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

217.74.74.29:80

http://interia.hit.gemius.pl/xgemius.js

http

msedge.exe

1.1kB
21.7kB
16
18

HTTP Request

GET http://interia.hit.gemius.pl/xgemius.js

HTTP Response

200
217.74.65.42:80

http://x.interia.pl/inpl/inpl.ad.1.4.9.js

http

msedge.exe

636 B
2.4kB
7
6

HTTP Request

GET http://x.interia.pl/inpl/inpl.ad.1.4.9.js

HTTP Response

200
13.107.42.14:80

http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

http

msedge.exe

613 B
1.1kB
5
5

HTTP Request

GET http://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

HTTP Response

301
192.0.72.28:80

http://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

http

msedge.exe

719 B
669 B
7
6

HTTP Request

GET http://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

HTTP Response

301
192.0.77.33:80

http://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

http

msedge.exe

686 B
671 B
7
6

HTTP Request

GET http://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

HTTP Response

301
192.0.77.33:80

http://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

http

msedge.exe

678 B
663 B
7
6

HTTP Request

GET http://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

HTTP Response

301
3.229.9.213:80

http://public.slideshare.net/images/badge85_62.gif

http

msedge.exe

695 B
626 B
7
6

HTTP Request

GET http://public.slideshare.net/images/badge85_62.gif

HTTP Response

301
192.0.77.33:443

https://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

tls, http2

msedge.exe

2.5kB
10.7kB
23
24

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/style.css?m=1219803973a

HTTP Response

200

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/images/bg.png

HTTP Response

200

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/images/user.gif

HTTP Request

GET https://s3.wordpress.com/wp-content/themes/pub/simpla/images/post.gif

HTTP Response

200

HTTP Response

200
192.0.72.28:443

https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

tls, http2

msedge.exe

1.6kB
5.5kB
14
16

HTTP Request

GET https://ict4peace.files.wordpress.com/2008/09/un-on-youtube.png?w=425&h=332

HTTP Response

302
192.0.77.33:443

https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

tls, http2

msedge.exe

1.7kB
7.7kB
16
19

HTTP Request

GET https://s.wordpress.com/wp-content/themes/h4/global.css?m=1214319868a

HTTP Response

200
13.107.42.14:443

https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

tls, http2

msedge.exe

1.8kB
11.1kB
16
20

HTTP Request

GET https://www.linkedin.com/img/webpromo/btn_linkedin_120x30.gif

HTTP Response

200
3.229.9.213:443

https://public.slideshare.net/images/badge85_62.gif

tls, http2

msedge.exe

1.8kB
7.0kB
16
17

HTTP Request

GET https://public.slideshare.net/images/badge85_62.gif

HTTP Response

301
217.74.74.29:443

https://interia.hit.gemius.pl/__/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766

tls, http2

msedge.exe

6.4kB
11.4kB
34
29

HTTP Request

GET https://interia.hit.gemius.pl/fpdata.js?href=

HTTP Response

200

HTTP Request

GET https://interia.hit.gemius.pl/_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740

HTTP Response

301

HTTP Request

GET https://interia.hit.gemius.pl/__/_1720530740873/rexdot.js?l=100&sendf=24&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530740

HTTP Response

200

HTTP Request

GET https://interia.hit.gemius.pl/_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758

HTTP Response

301

HTTP Request

GET https://interia.hit.gemius.pl/__/_1720530758074/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530758

HTTP Response

200

HTTP Request

GET https://interia.hit.gemius.pl/_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759

HTTP Response

301

HTTP Request

GET https://interia.hit.gemius.pl/__/_1720530759073/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530759

HTTP Response

200

HTTP Request

GET https://interia.hit.gemius.pl/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766

HTTP Response

301

HTTP Request

GET https://interia.hit.gemius.pl/__/_1720530766084/redot.js?l=109&sendf=16&id=0nJF._e.GUanfXqR4NZDC8Wnj_gZxRscrVlo4ElDjIT.a7&et=smpsonar&hsrc=0&extra=_ASF%3D40&eventid=1720530742&tz=0&fv=-&href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3018ceead6c10bce1190cd54a00699b7_JaffaCakes118.html&screen=1280x720r1000&col=24&window=1280x609&vis=1&lsdata=-SETERR&fpdata=-TURNEDOFF&ltime=108&fr=1&ref=&inner=_ver%3D351%7C_lsd%3DSecurityError%3A%20Failed%20to%20read%20%7C_ch_arch%3Dx86%7C_ch_pm%3DWindows%7C_ch_pver%3D10.0&exid=668d37340b5ba1dd&brts=1720530766

HTTP Response

200
192.0.78.13:443

https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332

tls, http2

msedge.exe

3.6kB
103.2kB
57
87

HTTP Request

GET https://ict4peace.wordpress.com/wp-content/uploads/2008/09/un-on-youtube.png?w=425&h=332

HTTP Response

200
146.59.30.108:80

http://ls.hit.gemius.pl/lsget.html

http

msedge.exe

826 B
3.7kB
8
5

HTTP Request

GET http://ls.hit.gemius.pl/lsget.html

HTTP Response

200
216.58.204.78:80

http://www.google-analytics.com/ga.js

http

msedge.exe

1.0kB
18.3kB
13
17

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
146.59.30.108:443

https://ls.hit.gemius.pl/lsset.html

tls, http2

msedge.exe

2.1kB
10.0kB
18
18

HTTP Request

GET https://ls.hit.gemius.pl/lsget.html

HTTP Response

200

HTTP Request

GET https://ls.hit.gemius.pl/lsset.html

HTTP Response

200
151.101.66.152:443

https://www.slideshare.net/images/badge85_62.gif

tls, http2

msedge.exe

1.6kB
8.9kB
14
17

HTTP Request

GET https://www.slideshare.net/images/badge85_62.gif

HTTP Response

200
88.221.135.104:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

468 B
1.7kB
7
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200

8.8.8.8:53

s3.wordpress.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

s3.wordpress.com

DNS Response

192.0.77.33
8.8.8.8:53

s.wordpress.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

s.wordpress.com

DNS Response

192.0.77.33
8.8.8.8:53

ict4peace.files.wordpress.com

dns

msedge.exe

75 B
124 B
1
1

DNS Request

ict4peace.files.wordpress.com

DNS Response

192.0.72.28

192.0.72.29
8.8.8.8:53

public.slideshare.net

dns

msedge.exe

67 B
179 B
1
1

DNS Request

public.slideshare.net

DNS Response

3.229.9.213

52.45.218.108

54.209.139.161

52.207.178.8

54.225.24.133
8.8.8.8:53

www.linkedin.com

dns

msedge.exe

62 B
161 B
1
1

DNS Request

www.linkedin.com

DNS Response

13.107.42.14
8.8.8.8:53

x.interia.pl

dns

msedge.exe

58 B
74 B
1
1

DNS Request

x.interia.pl

DNS Response

217.74.65.42
8.8.8.8:53

interia.hit.gemius.pl

dns

msedge.exe

67 B
83 B
1
1

DNS Request

interia.hit.gemius.pl

DNS Response

217.74.74.29
8.8.8.8:53

ict4peace.wordpress.com

dns

msedge.exe

69 B
118 B
1
1

DNS Request

ict4peace.wordpress.com

DNS Response

192.0.78.13

192.0.78.12
8.8.8.8:53

ls.hit.gemius.pl

dns

msedge.exe

62 B
142 B
1
1

DNS Request

ls.hit.gemius.pl

DNS Response

146.59.30.108

146.59.30.104

145.239.237.56

146.59.30.96

146.59.30.100
8.8.8.8:53

wovens.info

dns

msedge.exe

57 B
136 B
1
1

DNS Request

wovens.info
8.8.8.8:53

www.slideshare.net

dns

msedge.exe

136 B
306 B
2
2

DNS Request

www.slideshare.net

DNS Response

151.101.66.152

151.101.2.152

151.101.130.152

151.101.194.152

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

14.42.107.13.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

14.42.107.13.in-addr.arpa
8.8.8.8:53

28.72.0.192.in-addr.arpa

dns

70 B
135 B
1
1

DNS Request

28.72.0.192.in-addr.arpa
8.8.8.8:53

33.77.0.192.in-addr.arpa

dns

70 B
97 B
1
1

DNS Request

33.77.0.192.in-addr.arpa
8.8.8.8:53

29.74.74.217.in-addr.arpa

dns

71 B
106 B
1
1

DNS Request

29.74.74.217.in-addr.arpa
8.8.8.8:53

42.65.74.217.in-addr.arpa

dns

71 B
97 B
1
1

DNS Request

42.65.74.217.in-addr.arpa
8.8.8.8:53

213.9.229.3.in-addr.arpa

dns

70 B
123 B
1
1

DNS Request

213.9.229.3.in-addr.arpa
8.8.8.8:53

13.78.0.192.in-addr.arpa

dns

70 B
135 B
1
1

DNS Request

13.78.0.192.in-addr.arpa
8.8.8.8:53

108.30.59.146.in-addr.arpa

dns

72 B
107 B
1
1

DNS Request

108.30.59.146.in-addr.arpa
8.8.8.8:53

78.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

78.204.58.216.in-addr.arpa
8.8.8.8:53

68.255.239.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

68.255.239.18.in-addr.arpa
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.135.104

88.221.134.137
8.8.8.8:53

152.66.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

152.66.101.151.in-addr.arpa
8.8.8.8:53

104.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

104.135.221.88.in-addr.arpa
224.0.0.251:5353

459 B
7
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
928B

MD5
6a0610cab1891bcf6c7995f1a10c3e82

SHA1
66b4f879e008a745aa585a2d1f07eecbacbdd82e

SHA256
b2afc0250f3b0ca9620c90ed99a91293eaeed2e1a320122437a1939af8befa86

SHA512
26f20bf905002571c77615e8755243237ecacdd780befa2e4fd77646cda7d5e1ffbdbccdc024a33e1c599fd6f40e9cf9263f63acdf6f1f719a4b0ff3948aba5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b32601429d2e9f3a973d5d1a8efb31da

SHA1
f2fe7c895cf3924870dc52c2f9a6c9bf4db00e19

SHA256
53c9089932830574148ae1803b47cc263d43864a3f5c5e70ac8c73fcfd9cc8fe

SHA512
0e0c48681b1e3d2c6d7379ca61f0f188c1b9ed7c109b107ea47962ddffe0a9f011424d067f91ec7e9b5db49450f04b9327c61bed4f24febd8090c859cad27d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3362f6684f79883ca178254d5cfe3ef

SHA1
3bb328fc612d7a48dcf1294f29cd8bed258ad405

SHA256
43356100d86766efacdb65d06209dbbde0615eeb99262f0f8ebc698d38e8b54c

SHA512
f2d11c16cd0fdac7fdb9c97113539aef26cb5be4b189e25155b61f303afd99a8af9ef4ca54dfd2a732ff74555ded450dc7d8cf7a45d08d0182905e6148cf4542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
36d23fe4cbd2be234ff7e500bc507c3c

SHA1
d14ac65cf612501a839df6a270116e3640af2840

SHA256
5456e60199e1d917ac632905fff11a3bed557231367b67727a4948a3a29f9498

SHA512
8bdc9c819356df1c8beb1e2fc0fe879d52972e1d52ac8a1c494d99dc5335d77c928eeb18306ccea85a17aa0baa6150190c40894475bc3b034b3841264a6df68c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request