hxxps://ptoszek[.]pioterontop[.]rf[.]gd

Resubmissions

02/09/2024, 14:56 UTC

240902-sbf4bstejb 3

02/09/2024, 14:52 UTC

240902-r8xlxasfmp 6

02/09/2024, 14:47 UTC

240902-r6chystdjg 6

02/09/2024, 14:46 UTC

240902-r5b6sssepj 6

Analysis

max time kernel
64s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/09/2024, 14:47 UTC

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://ptoszek.pioterontop.rf.gd

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
30	discord.com
14	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{BDAF99C4-E226-4E76-AC58-740A9FDF20FD}	msedge.exe

NTFS ADS 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\media_images_lubieptoszki (1).png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_ptakwspodniach.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_ptakwspodniach (1).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_ptok (1).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_lubieptoszki.png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_ptok.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_lubieptoszki (3).png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_zimowyptoszek.jpeg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_lubieptoszki (2).png:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
1056	msedge.exe
1056	msedge.exe
3664	msedge.exe
3664	msedge.exe
4116	identity_helper.exe
4116	identity_helper.exe
2528	msedge.exe
2528	msedge.exe
5020	msedge.exe
5020	msedge.exe
6032	msedge.exe
6032	msedge.exe
6104	msedge.exe
6104	msedge.exe
5144	msedge.exe
5144	msedge.exe
5660	msedge.exe
5660	msedge.exe
6036	msedge.exe
6036	msedge.exe
5428	msedge.exe
5428	msedge.exe
2596	msedge.exe
2596	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3312	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1460	CredentialUIBroker.exe
5232	CredentialUIBroker.exe
2148	CredentialUIBroker.exe
5220	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2296	1056	msedge.exe	81
PID 1056 wrote to memory of 2296	1056	msedge.exe	81
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 2100	1056	msedge.exe	82
PID 1056 wrote to memory of 3272	1056	msedge.exe	83
PID 1056 wrote to memory of 3272	1056	msedge.exe	83
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84
PID 1056 wrote to memory of 1068	1056	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ptoszek.pioterontop.rf.gd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffced0a3cb8,0x7ffced0a3cc8,0x7ffced0a3cd8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6844 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8988 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9148 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8708 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8868 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9809197731776362850,3079205570628784376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9028 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3312

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3260

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5232

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f8055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5220

Network

DNS

ptoszek.pioterontop.rf.gd

msedge.exe

Remote address:

8.8.8.8:53

Request

ptoszek.pioterontop.rf.gd

IN A

Response

ptoszek.pioterontop.rf.gd

IN A

185.27.134.98
DNS

login.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.akadns.net

www.tm.lg.prod.aadmsa.akadns.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.136

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.14

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.138

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.68

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.22

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.133

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.140

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.20
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.22.144.81

a767.dspw65.akamai.net

IN A

2.22.144.73
DNS

i.pki.goog

msedge.exe

Remote address:

8.8.8.8:53

Request

i.pki.goog

IN A

Response

i.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

ocsp.digicert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

8.8.8.8.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

www.googletagmanager.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googletagmanager.com

IN A

Response

www.googletagmanager.com

IN A

172.217.169.8
DNS

a.nel.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.179.238
DNS

signin.ebay.com

msedge.exe

Remote address:

8.8.8.8:53

Request

signin.ebay.com

IN A

Response

signin.ebay.com

IN CNAME

slot9430.ebay.com.edgekey.net

slot9430.ebay.com.edgekey.net

IN CNAME

e9430.a.akamaiedge.net

e9430.a.akamaiedge.net

IN A

2.22.137.90
DNS

secure.skype.com

msedge.exe

Remote address:

8.8.8.8:53

Request

secure.skype.com

IN A

Response

secure.skype.com

IN CNAME

secure.skype-apps.akadns.net

secure.skype-apps.akadns.net

IN A

52.178.182.128
DNS

191.189.165.18.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

191.189.165.18.in-addr.arpa

IN PTR

Response

191.189.165.18.in-addr.arpa

IN PTR

server-18-165-189-191zrh55r cloudfrontnet
DNS

73.217.138.108.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

73.217.138.108.in-addr.arpa

IN PTR

Response

73.217.138.108.in-addr.arpa

IN PTR

server-108-138-217-73lhr61r cloudfrontnet
DNS

vpassets.infinityfree.net

msedge.exe

Remote address:

8.8.8.8:53

Request

vpassets.infinityfree.net

IN A

Response

vpassets.infinityfree.net

IN CNAME

d1ztlenc56i6ar.cloudfront.net

d1ztlenc56i6ar.cloudfront.net

IN A

18.165.183.26

d1ztlenc56i6ar.cloudfront.net

IN A

18.165.183.118

d1ztlenc56i6ar.cloudfront.net

IN A

18.165.183.122

d1ztlenc56i6ar.cloudfront.net

IN A

18.165.183.13
DNS

10.142.123.92.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

10.142.123.92.in-addr.arpa

IN PTR

Response

10.142.123.92.in-addr.arpa

IN PTR

a92-123-142-10deploystaticakamaitechnologiescom
GET

https://ptoszek.pioterontop.rf.gd/

msedge.exe

Remote address:

185.27.134.98:443

Request

GET / HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: br
GET

https://ptoszek.pioterontop.rf.gd/aes.js

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /aes.js HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:06 GMT
Content-Type: application/javascript
Last-Modified: Mon, 16 Oct 2023 04:25:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652cbb4f-35a5"
Content-Encoding: br
GET

https://ptoszek.pioterontop.rf.gd/?i=1

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /?i=1 HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:24:55 GMT
ETag: W/"a92-62123b4759ea7"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:06 GMT
Content-Encoding: br
GET

https://ptoszek.pioterontop.rf.gd/index.js

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /index.js HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://ptoszek.pioterontop.rf.gd/?i=1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:14 GMT
ETag: W/"7e0e-621237fec3fba"
Cache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate
Expires: Wed, 02 Oct 2024 14:48:06 GMT
Content-Encoding: br
GET

https://ptoszek.pioterontop.rf.gd/media/images/intro.gif

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/intro.gif HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:06 GMT
Content-Type: image/gif
Content-Length: 4490250
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:15 GMT
ETag: "44840a-6212380028edb"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:06 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/ptok.jpg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /ptok.jpg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.0.1725288485.0.0.0

Response

HTTP/1.1 302 Found

Server: nginx
Date: Mon, 02 Sep 2024 14:48:12 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 227
Connection: keep-alive
Location: https://errors.infinityfree.net/errors/404/
Cache-Control: max-age=2592000
Expires: Wed, 02 Oct 2024 14:48:12 GMT
GET

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/videos/kaczuszka.mp4 HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
Accept-Encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: video
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.0.1725288485.0.0.0
Range: bytes=8880128-

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:19 GMT
Content-Type: video/mp4
Content-Length: 8901029
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:41 GMT
ETag: "87d1a5-62123818d3989"
Accept-Ranges: bytes
Cache-Control: no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform
Expires: Mon, 02 Sep 2024 14:48:13 GMT
Pragma: no-cache
GET

http://i.pki.goog/wr1.crt

msedge.exe

Remote address:

142.250.178.3:80

Request

GET /wr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: i.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: https://pki.goog
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1295
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 02 Sep 2024 14:28:23 GMT
Expires: Mon, 02 Sep 2024 15:18:23 GMT
Cache-Control: public, max-age=3000
Age: 1182
Last-Modified: Wed, 13 Dec 2023 15:28:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://i.pki.goog/r1.crt

msedge.exe

Remote address:

142.250.178.3:80

Request

GET /r1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: i.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: https://pki.goog
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1371
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 02 Sep 2024 14:03:20 GMT
Expires: Mon, 02 Sep 2024 14:53:20 GMT
Cache-Control: public, max-age=3000
Age: 2685
Last-Modified: Fri, 27 Oct 2023 09:38:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
DNS

98.134.27.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.134.27.185.in-addr.arpa

IN PTR

Response
DNS

region1.google-analytics.com

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
DNS

174.8.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.8.26.104.in-addr.arpa

IN PTR

Response
DNS

auth.roblox.com

Remote address:

8.8.8.8:53

Request

auth.roblox.com

IN A

Response

auth.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com

edge-term4-fra4.roblox.com

IN A

128.116.44.3
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

x.ss2.us

Remote address:

8.8.8.8:53

Request

x.ss2.us

IN A

Response

x.ss2.us

IN A

13.224.103.22

x.ss2.us

IN A

13.224.103.43

x.ss2.us

IN A

13.224.103.34

x.ss2.us

IN A

13.224.103.11
DNS

3.44.116.128.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.44.116.128.in-addr.arpa

IN PTR

Response
DNS

steamcommunity.com

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

2.22.99.85
DNS

cdn.jsdelivr.net

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.193.229

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229
DNS

26.183.165.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.183.165.18.in-addr.arpa

IN PTR

Response

26.183.165.18.in-addr.arpa

IN PTR

server-18-165-183-26zrh55r cloudfrontnet
DNS

136.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

8.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.169.217.172.in-addr.arpa

IN PTR

Response

8.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f81e100net
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

www.guilded.gg

Remote address:

8.8.8.8:53

Request

www.guilded.gg

IN A

Response

www.guilded.gg

IN CNAME

dcb3a3q5nenlj.cloudfront.net

dcb3a3q5nenlj.cloudfront.net

IN A

13.224.103.41

dcb3a3q5nenlj.cloudfront.net

IN A

13.224.103.105

dcb3a3q5nenlj.cloudfront.net

IN A

13.224.103.54

dcb3a3q5nenlj.cloudfront.net

IN A

13.224.103.53
DNS

www.dropbox.com

Remote address:

8.8.8.8:53

Request

www.dropbox.com

IN A

Response

www.dropbox.com

IN CNAME

www-env.dropbox-dns.com

www-env.dropbox-dns.com

IN A

162.125.64.18
DNS

soundcloud.com

Remote address:

8.8.8.8:53

Request

soundcloud.com

IN A

Response

soundcloud.com

IN A

108.138.217.73

soundcloud.com

IN A

108.138.217.32

soundcloud.com

IN A

108.138.217.110

soundcloud.com

IN A

108.138.217.3
DNS

209.198.28.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.198.28.184.in-addr.arpa

IN PTR

Response

209.198.28.184.in-addr.arpa

IN PTR

a184-28-198-209deploystaticakamaitechnologiescom
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

errors.infinityfree.net

Remote address:

8.8.8.8:53

Request

errors.infinityfree.net

IN A

Response

errors.infinityfree.net

IN A

104.26.8.174

errors.infinityfree.net

IN A

172.67.71.120

errors.infinityfree.net

IN A

104.26.9.174
DNS

www.deviantart.com

Remote address:

8.8.8.8:53

Request

www.deviantart.com

IN A

Response

www.deviantart.com

IN A

3.165.190.127

www.deviantart.com

IN A

3.165.190.4

www.deviantart.com

IN A

3.165.190.31

www.deviantart.com

IN A

3.165.190.55
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.228
DNS

crt.usertrust.com

Remote address:

8.8.8.8:53

Request

crt.usertrust.com

IN A

Response

crt.usertrust.com

IN CNAME

crt.comodoca.com

crt.comodoca.com

IN CNAME

crt.comodoca.com.cdn.cloudflare.net

crt.comodoca.com.cdn.cloudflare.net

IN A

172.64.149.23

crt.comodoca.com.cdn.cloudflare.net

IN A

104.18.38.233
DNS

127.190.165.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.190.165.3.in-addr.arpa

IN PTR

Response

127.190.165.3.in-addr.arpa

IN PTR

server-3-165-190-127zrh55r cloudfrontnet
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

www.google-analytics.com

Remote address:

8.8.8.8:53

Request

www.google-analytics.com

IN A

Response

www.google-analytics.com

IN A

216.58.201.110
DNS

fp.msedge.net

Remote address:

8.8.8.8:53

Request

fp.msedge.net

IN A

Response

fp.msedge.net

IN CNAME

1.perf.msedge.net

1.perf.msedge.net

IN CNAME

a-0019.a-msedge.net

a-0019.a-msedge.net

IN CNAME

a-0019.a.dns.azurefd.net

a-0019.a.dns.azurefd.net

IN CNAME

a-0019.standard.a-msedge.net

a-0019.standard.a-msedge.net

IN A

204.79.197.222
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

36.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.32.239.216.in-addr.arpa

IN PTR

Response
DNS

discord.com

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.138.232
DNS

www.amazon.com

Remote address:

8.8.8.8:53

Request

www.amazon.com

IN A

Response

www.amazon.com

IN CNAME

tp.47cf2c8c9-frontier.amazon.com

tp.47cf2c8c9-frontier.amazon.com

IN CNAME

d3ag4hukkh62yn.cloudfront.net

d3ag4hukkh62yn.cloudfront.net

IN A

18.165.189.191
DNS

mail.google.com

Remote address:

8.8.8.8:53

Request

mail.google.com

IN A

Response

mail.google.com

IN A

142.250.187.229
DNS

232.135.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.135.159.162.in-addr.arpa

IN PTR

Response
DNS

85.99.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.99.22.2.in-addr.arpa

IN PTR

Response

85.99.22.2.in-addr.arpa

IN PTR

a2-22-99-85deploystaticakamaitechnologiescom
DNS

229.193.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.193.101.151.in-addr.arpa

IN PTR

Response
DNS

222.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.197.79.204.in-addr.arpa

IN PTR

Response
GET

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/videos/kaczuszka.mp4 HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
Accept-Encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: video
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f
Range: bytes=0-

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:12 GMT
Content-Type: video/mp4
Content-Length: 8901029
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:41 GMT
ETag: "87d1a5-62123818d3989"
Accept-Ranges: bytes
Cache-Control: no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform
Expires: Mon, 02 Sep 2024 14:48:07 GMT
Pragma: no-cache
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=622

msedge.exe

Remote address:

216.239.32.36:443

Request

POST /g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=622 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://ptoszek.pioterontop.rf.gd
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=scroll&epn.percent_scrolled=90&_et=11&tfd=5646

msedge.exe

Remote address:

216.239.32.36:443

Request

POST /g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=scroll&epn.percent_scrolled=90&_et=11&tfd=5646 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://ptoszek.pioterontop.rf.gd
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://errors.infinityfree.net/errors/404/

msedge.exe

Remote address:

104.26.8.174:443

Request

GET /errors/404/ HTTP/2.0
host: errors.infinityfree.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Mon, 02 Sep 2024 14:48:12 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kJp9Ma8oSUtuBK1iZ5A3UF5LVgkZHoEsBa7NQZBI%2Bu1E6FEffnfzda%2FztNeAAOUUmw95iEMOhicHtibSBmaQ0vkQME0uOzICAgA%2B8JIqllD85lrNB3Rr2D8tJ%2BNL%2BqpWkgc59%2Fc24SRz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8bce4cb7a944635f-LHR
content-encoding: br
GET

https://errors.infinityfree.net/errors/404/

msedge.exe

Remote address:

104.26.8.174:443

Request

GET /errors/404/ HTTP/2.0
host: errors.infinityfree.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Mon, 02 Sep 2024 14:48:25 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BO8APte%2Bw6IUt9aDJ5UqbFgEZxURnF%2FABbuzwQuM7zol8Crpq1bNpS71iQrJR49IR1dZiTQe8xTVIKztf%2FQe79qjc6RB6Ws0rhc%2BIl1DrBS90Uduvn%2F%2B5jg0smlwgJS%2FS7DCsB1DQIGc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8bce4d0498dc635f-LHR
content-encoding: br
GET

https://errors.infinityfree.net/css/app.css

msedge.exe

Remote address:

104.26.8.174:443

Request

GET /css/app.css HTTP/2.0
host: errors.infinityfree.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://errors.infinityfree.net/errors/404/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 02 Sep 2024 14:48:25 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=20415
etag: W/"66781df2-4fbf"
last-modified: Sun, 23 Jun 2024 13:06:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1gfs7NvCj9HUdnXyTF38DWJnZFTptSRSBP%2BwJ%2FGuzBmt36PVZRngEhI%2FB9GYVJHjdpxXFDW8g%2FtZy7XuUmW7uMaiM98Iz6%2FDWW0pU15vlivesw9Jur0fswceVmrlz6WHG3GOjAaWQhYb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8bce4d0579f8635f-LHR
content-encoding: br
GET

https://errors.infinityfree.net/favicon.ico

msedge.exe

Remote address:

104.26.8.174:443

Request

GET /favicon.ico HTTP/2.0
host: errors.infinityfree.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://errors.infinityfree.net/errors/404/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga_CV9VR57THV=GS1.1.1725288504.1.0.1725288504.0.0.0
cookie: _ga=GA1.2.228229517.1725288505
cookie: _gid=GA1.2.1906314439.1725288505
cookie: _gat_gtag_UA_71917162_10=1

Response

HTTP/2.0 200

date: Mon, 02 Sep 2024 14:48:26 GMT
content-type: image/x-icon
etag: W/"66781df2-10be"
last-modified: Sun, 23 Jun 2024 13:06:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5352
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpbKRVt8PxlJxZ4smsXMkZflF8tsohsSD0QKlz%2F3IVvTo1WFf1gc%2BJ%2BGFOZUQdRuYgf5A4aOPue3gdLWsGnDAMjL9XStXxa9cFQXkmpb%2F7V7ETE%2Fqs5NL%2FQ1punn3Rgej7jMQy8clhs7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8bce4d0aba43635f-LHR
content-encoding: br
OPTIONS

https://a.nel.cloudflare.com/report/v4?s=kJp9Ma8oSUtuBK1iZ5A3UF5LVgkZHoEsBa7NQZBI%2Bu1E6FEffnfzda%2FztNeAAOUUmw95iEMOhicHtibSBmaQ0vkQME0uOzICAgA%2B8JIqllD85lrNB3Rr2D8tJ%2BNL%2BqpWkgc59%2Fc24SRz

msedge.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v4?s=kJp9Ma8oSUtuBK1iZ5A3UF5LVgkZHoEsBa7NQZBI%2Bu1E6FEffnfzda%2FztNeAAOUUmw95iEMOhicHtibSBmaQ0vkQME0uOzICAgA%2B8JIqllD85lrNB3Rr2D8tJ%2BNL%2BqpWkgc59%2Fc24SRz HTTP/2.0
host: a.nel.cloudflare.com
origin: https://errors.infinityfree.net
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ptoszek.pioterontop.rf.gd/

msedge.exe

Remote address:

185.27.134.98:443

Request

GET / HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.0.1725288485.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:24:55 GMT
ETag: W/"a92-62123b4759ea7"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:17 GMT
Content-Encoding: br
GET

https://ptoszek.pioterontop.rf.gd/media/images/ptok.jpg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/ptok.jpg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288500.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:24 GMT
Content-Type: image/jpeg
Content-Length: 4743
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:13 GMT
ETag: "1287-621237fea47cd"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:24 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/images/jaczup.jpg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/jaczup.jpg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288500.0.0.0

Response

HTTP/1.1 302 Found

Server: nginx
Date: Mon, 02 Sep 2024 14:48:24 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 227
Connection: keep-alive
Location: https://errors.infinityfree.net/errors/404/
Cache-Control: max-age=2592000
Expires: Wed, 02 Oct 2024 14:48:24 GMT
GET

https://ptoszek.pioterontop.rf.gd/media/images/zimowyptoszek.jpeg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/zimowyptoszek.jpeg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288500.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:24 GMT
Content-Type: image/jpeg
Content-Length: 226965
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:20 GMT
ETag: "37695-621238047a30d"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:24 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/lubieptoszki.png HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288500.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:25 GMT
Content-Type: image/png
Content-Length: 22741
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:17 GMT
ETag: "58d5-6212380244026"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:25 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/images/ptakwspodniach.jpg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/ptakwspodniach.jpg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288500.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:28 GMT
Content-Type: image/jpeg
Content-Length: 47922
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:18 GMT
ETag: "bb32-62123802f6b9f"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:28 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/videos/kaczuszka.mp4 HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
Accept-Encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: video
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288507.0.0.0
Range: bytes=0-

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:51 GMT
Content-Type: video/mp4
Content-Length: 8901029
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:41 GMT
ETag: "87d1a5-62123818d3989"
Accept-Ranges: bytes
Cache-Control: no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform
Expires: Mon, 02 Sep 2024 14:48:47 GMT
Pragma: no-cache
GET

https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/lubieptoszki.png HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.0.1725288485.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:17 GMT
Content-Type: image/png
Content-Length: 22741
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:17 GMT
ETag: "58d5-6212380244026"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:17 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/videos/kaczuszka.mp4 HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
Accept-Encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: video
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.0.1725288485.0.0.0
Range: bytes=32768-

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:27 GMT
Content-Type: video/mp4
Content-Length: 8901029
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:41 GMT
ETag: "87d1a5-62123818d3989"
Accept-Ranges: bytes
Cache-Control: no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform
Expires: Mon, 02 Sep 2024 14:48:21 GMT
Pragma: no-cache
POST

https://discord.com/api/v9/auth/logout

msedge.exe

Remote address:

162.159.135.232:443

Request

POST /api/v9/auth/logout HTTP/2.0
host: discord.com
content-length: 24
cache-control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
origin: https://ptoszek.pioterontop.rf.gd
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 401

date: Mon, 02 Sep 2024 14:48:22 GMT
content-type: application/json
content-length: 43
set-cookie: __dcfduid=66927fc0693a11efbd00b2fab433e723; Expires=Sat, 01-Sep-2029 14:48:22 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
access-control-allow-origin: https://ptoszek.pioterontop.rf.gd
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYf1sbFJsDthNhwBH8L6vbCnaIk0aGIYrdB51lf62a7CA8ve02u4iBCnN28yajen5rMPzu%2Fw1Zf9DPjFxfTQj7qE0FUAONbJMMU%2BM78lYYwmKNmyrr4BQzCfqsof"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none'; default-src 'none'
set-cookie: __sdcfduid=66927fc0693a11efbd00b2fab433e72358703def60809b337c04394d28eaff547b4ffaea5daba2900d5914fb0085d7c5; Expires=Sat, 01-Sep-2029 14:48:22 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
set-cookie: __cfruid=f256b9a457c586635a6fc6f298fddb1931080607-1725288502; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=px8NNl8HGIz6dzowoPKEyTsSdklEQPr9giFtqgvpUno-1725288502214-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8bce4cf1cbb2bd8e-LHR
POST

https://www.guilded.gg/api/logout

msedge.exe

Remote address:

13.224.103.41:443

Request

POST /api/logout HTTP/2.0
host: www.guilded.gg
content-length: 0
cache-control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
origin: https://ptoszek.pioterontop.rf.gd
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

content-type: application/json
content-length: 60
date: Mon, 02 Sep 2024 14:48:22 GMT
server: nginx
x-cache: Error from cloudfront
via: 1.1 d4ab4520827d99650a0d233539c37424.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 21E7A8_q_Ol0zN3yNsVQgPQ_-mVx25zi37e_j3ZtgEIpiqtR6GWbLA==
POST

https://auth.roblox.com/v2/logout

msedge.exe

Remote address:

128.116.44.3:443

Request

POST /v2/logout HTTP/2.0
host: auth.roblox.com
content-length: 0
cache-control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
origin: https://ptoszek.pioterontop.rf.gd
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 401

content-length: 48
content-type: application/json
date: Mon, 02 Sep 2024 14:48:21 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: 3551469e-73fd-b09b-6bb8-37c9c6ae354f
x-roblox-region: us-central_rbx
x-roblox-edge: fra4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
POST

https://www.youtube.com/

msedge.exe

Remote address:

216.58.212.238:443

Request

POST / HTTP/2.0
host: www.youtube.com
content-length: 15
cache-control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
origin: https://ptoszek.pioterontop.rf.gd
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://www.deviantart.com/users/logout

msedge.exe

Remote address:

3.165.190.127:443

Request

POST /users/logout HTTP/2.0
host: www.deviantart.com
content-length: 0
cache-control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
origin: https://ptoszek.pioterontop.rf.gd
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-type: text/html; charset=ISO-8859-1
content-length: 0
location: https://www.deviantart.com
date: Mon, 02 Sep 2024 14:48:22 GMT
x-backend: web_http_back
server: Apache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa OUR STP"
set-cookie: userinfo=__842b76501eeaca98c1fa%3B%7B%22username%22%3A%22%22%2C%22uniqueid%22%3A%226bc66c727a396b027aecb374b2053f22%22%2C%22dvs9-1%22%3A1%7D; expires=Wed, 02-Oct-2024 14:48:22 GMT; Max-Age=2592000; path=/; domain=.deviantart.com; SameSite=Lax
x-cache: Miss from cloudfront
via: 1.1 7b1453554724e38e8ddaa890cda58f10.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P2
x-amz-cf-id: ZD3VYGj6mZ4-fDkfOHcYekN3HmdyBTQheULcizoTTUNWY0M5FcLkKA==
GET

https://www.deviantart.com/

msedge.exe

Remote address:

3.165.190.127:443

Request

GET / HTTP/2.0
host: www.deviantart.com
cache-control: max-age=0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
date: Mon, 02 Sep 2024 14:48:23 GMT
x-seen-by:
x-backend: da_browse_back
cross-origin-opener-policy: same-origin-allow-popups
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-security-policy: object-src wixmp-ed30a86b8c4ca887773594c2.wixmp.com wixmp-395331243bc2089e8c09c8d3.wixmp.com img-deviantart.wixmp.com;script-src 'nonce-8eca1881b2b59fbe22e5d0e03801ec5c' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: ;base-uri 'none';frame-ancestors 'self' sta.sh;upgrade-insecure-requests;block-all-mixed-content
accept-ch: Sec-CH-Viewport-Width, Sec-CH-Viewport-Height
accept-ch-lifetime: 86400
content-language: en
set-cookie: userinfo=__d797d34bb375c9456169%3B%7B%22username%22%3A%22%22%2C%22uniqueid%22%3A%229ff68fdf950ecc5233e687ef15a3b5c7%22%2C%22dvs9-1%22%3A1%7D; expires=Wed, 02-Oct-2024 14:48:23 GMT; Max-Age=2592000; path=/; domain=.deviantart.com; SameSite=Lax
cache-control: no-cache
da-sr: u
server-timing: p;dur=248.7447959985584, r;dur=67.54684299975634, o;dur=17.085875000804663, t;dur=333.3775139991194
vary: Accept-Encoding
content-encoding: br
x-cache: Miss from cloudfront
via: 1.1 7b1453554724e38e8ddaa890cda58f10.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P2
x-amz-cf-id: BcU8H87_IGOPAU4rArIMxxsy7bkNHuRbHZmUgv2MTunPag3h3ZKaIA==
GET

https://www.amazon.com/gp/flex/sign-out.html?action=sign-out

msedge.exe

Remote address:

18.165.189.191:443

Request

GET /gp/flex/sign-out.html?action=sign-out HTTP/2.0
host: www.amazon.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-length: 0
location: https://www.amazon.com/ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin%3Fopenid.pape.max_auth_age%3D900%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%253Faction%253Dsign-out%26openid.assoc_handle%3Dusflex%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.assoc_handle=usflex&openid.mode=logout&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
server: Server
date: Mon, 02 Sep 2024 14:48:22 GMT
x-amz-rid: CCA79DEWT6SNKMSPY2KW
set-cookie: session-id=141-9439082-4874069; Domain=.amazon.com; Expires=Tue, 01 Jan 2036 08:00:01 GMT; Path=/; Secure
set-cookie: session-id-time=2082787201l; Domain=.amazon.com; Expires=Tue, 01 Jan 2036 08:00:01 GMT; Path=/; Secure
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache
cache-control: no-store
content-language: en-US
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Content-Type,Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
via: 1.1 a1822b92cbf5d3516743d4786d5b6020.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: HkyXsn43aztSr8SkmgetPzG4eS0aLSVEb0mX6_5iGtAJUytYdbXkAQ==
GET

https://www.amazon.com/ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin%3Fopenid.pape.max_auth_age%3D900%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%253Faction%253Dsign-out%26openid.assoc_handle%3Dusflex%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.assoc_handle=usflex&openid.mode=logout&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0

msedge.exe

Remote address:

18.165.189.191:443

Request

GET /ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin%3Fopenid.pape.max_auth_age%3D900%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%253Faction%253Dsign-out%26openid.assoc_handle%3Dusflex%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.assoc_handle=usflex&openid.mode=logout&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 HTTP/2.0
host: www.amazon.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

secure.hulu.com

msedge.exe

Remote address:

8.8.8.8:53

Request

secure.hulu.com

IN A

Response

secure.hulu.com

IN CNAME

wildcard-dual.hulu.com.edgekey.net

wildcard-dual.hulu.com.edgekey.net

IN CNAME

e91869.dsca.akamaiedge.net

e91869.dsca.akamaiedge.net

IN A

184.28.198.209

e91869.dsca.akamaiedge.net

IN A

184.28.198.219
DNS

crt.rootg2.amazontrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

crt.rootg2.amazontrust.com

IN A

Response

crt.rootg2.amazontrust.com

IN A

18.165.183.65

crt.rootg2.amazontrust.com

IN A

18.165.183.5

crt.rootg2.amazontrust.com

IN A

18.165.183.30

crt.rootg2.amazontrust.com

IN A

18.165.183.46
DNS

41.103.224.13.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

41.103.224.13.in-addr.arpa

IN PTR

Response

41.103.224.13.in-addr.arpa

IN PTR

server-13-224-103-41zrh50r cloudfrontnet
DNS

128.182.178.52.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

128.182.178.52.in-addr.arpa

IN PTR

Response
DNS

14.25.17.104.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

self.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdwus05.westus.cloudapp.azure.com

onedscolprdwus05.westus.cloudapp.azure.com

IN A

20.189.173.6
DNS

www.netflix.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.netflix.com

IN A

Response

www.netflix.com

IN CNAME

www.dradis.netflix.com

www.dradis.netflix.com

IN CNAME

www.eu-west-1.internal.dradis.netflix.com

www.eu-west-1.internal.dradis.netflix.com

IN CNAME

apiproxy-website-nlb-prod-1-5675d5ecda6efdd8.elb.eu-west-1.amazonaws.com

apiproxy-website-nlb-prod-1-5675d5ecda6efdd8.elb.eu-west-1.amazonaws.com

IN A

54.246.79.9

apiproxy-website-nlb-prod-1-5675d5ecda6efdd8.elb.eu-west-1.amazonaws.com

IN A

54.170.196.176

apiproxy-website-nlb-prod-1-5675d5ecda6efdd8.elb.eu-west-1.amazonaws.com

IN A

52.214.181.141
DNS

238.212.58.216.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

238.212.58.216.in-addr.arpa

IN PTR

Response

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f141e100net

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f238�I

238.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f14�I
DNS

23.149.64.172.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

fonts.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN A

Response

fonts.gstatic.com

IN A

142.250.187.195
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

windowsupdatebg.s.llnwi.net

windowsupdatebg.s.llnwi.net

IN A

87.248.205.0
GET

https://github.com/logout

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /logout HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 02 Sep 2024 14:48:22 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://github.com/
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
set-cookie: _gh_sess=2XAtAB2iiUbWurzp5N03fy7VZScoWCIDtvkCl5230ZOxiThpl2skaQkO3C849rrIHX%2B7Tq%2Frs8aj4xhZMm4rT%2B02u2Q2FWLCTdVgwcZdO2Y%2BYonhksNbxcEXJ%2F4kTtGoPFVo5pxA98xRKaU3G5ZxkgA1B1lBKzX614WBZinkAYF2b6MMzanP1i4eWevFVEo%2FVKjzI%2FiuPFw1%2BID9ezB49%2FTnWgvlkRcoBuH3MzxFnTmV749Lap4s9kwYnzN5m0YBKoBsoxMLrp5IEiTNT35phg%3D%3D--4rG4N7i8wpE0ea9L--91SmePQLKoSBlZTtlA9y4g%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1372968559.1725288502; Path=/; Domain=github.com; Expires=Tue, 02 Sep 2025 14:48:22 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 02 Sep 2025 14:48:22 GMT; HttpOnly; Secure; SameSite=Lax
content-length: 0
x-github-request-id: C2E0:14F9E:13DBF17:16BAD1E:66D5D036
GET

https://github.com/

msedge.exe

Remote address:

20.26.156.215:443

Request

GET / HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://secure.hulu.com/logout

msedge.exe

Remote address:

184.28.198.209:443

Request

GET /logout HTTP/1.1
Host: secure.hulu.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Content-Type: text/html; charset=utf-8
Content-Length: 33
Server: envoy
Vary: Origin
Location: /
Content-Security-Policy: upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com;
strict-transport-security: max-age=31536000
x-frame-options: DENY
Expires: Mon, 02 Sep 2024 14:48:21 GMT
Cache-Control: no-cache
x-envoy-upstream-service-time: 5
x-diproton-route: Envoy
Date: Mon, 02 Sep 2024 14:48:22 GMT
Connection: keep-alive
Set-Cookie: ADFHA=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.hulu.com
Set-Cookie: ADFHA=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.hulu.com
Vary: Origin
Set-Cookie: ak_bmsc=266FA72BE3AB7D8ADBFF2054E5884D3D~000000000000000000000000000000~YAAQ18YcuFLXho+RAQAAgFU1sxjukpuEiFKyiSTWMkwjG58QnE1yfavHK7FpsdV+bYby+cYQ3dp8vE5dvtsk5j16GoekcvsxeeUAkk6AOq17LUAS/jO1WIZcwAFBIjQkpntMelG/MjOq3pyUptb9Rw1yt+TzPe630XSECiygsl8z6gmsyLS7tBHujfegXRshNYE+CtxubLZqC58Rmprg3HgZPYuzvDJyLega9Y0FbZ6P3fVzW3+OQhhD+5+3GNB2jWbNA4CvhWm0J0di1Blw3HZug5ycLjHq1Ztsv9duFbv59JQcqcnyD6aQZtOqBjf1m7y7qn4xCZXdqBWNmzPZpQzNoeo2u1+Pn6ozht1HyeByE7Oq5hiV0OUr+W2mWA==; Domain=.hulu.com; Path=/; Expires=Mon, 02 Sep 2024 16:48:22 GMT; Max-Age=7200
GET

https://secure.hulu.com/

msedge.exe

Remote address:

184.28.198.209:443

Request

GET / HTTP/1.1
Host: secure.hulu.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 166
Server: envoy
Location: https://www.hulu.com/
Content-Security-Policy: upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com;
strict-transport-security: max-age=31536000
x-frame-options: DENY
x-envoy-upstream-service-time: 1
x-diproton-route: Envoy
Date: Mon, 02 Sep 2024 14:48:28 GMT
Connection: keep-alive
Vary: Origin
Set-Cookie: ak_bmsc=B21BEA94488B3736B09EC1C8FAB5BD49~000000000000000000000000000000~YAAQ18YcuIjYho+RAQAAp2s1sxipeB66q5/1DcFlRlGtHUS0l0brACay3xt0yV0hwN6AdfojtUv8dRsGiM6JMVvvq/U2bFORMI7NoFiOwB482gtOHeEeD5voEru5xW1t3WpzYv/Eqgcp6hlyDehoLqlimJONt6+f6T9E0JfszUI+rSeDgCR166+HDsZGkRtESLQ8WSJsw0ncQLZLpuocwz6S0w6p5lC++rmWgVwip7zMcWOnnF4TARh64A/2IkY9+NqNKwheFFZnCmo5XqANOZsPqolrymikVi0ain0Pdj22zqUp0MNVXEf+adVgUQNzbcCambgnrv6JazekxlDWny2Cvv8Id7jeIv7NU+HFXZC+7YqHg7VgWdDmSNEwOw==; Domain=.hulu.com; Path=/; Expires=Mon, 02 Sep 2024 16:48:28 GMT; Max-Age=7200
GET

https://www.google.com/accounts/Logout

msedge.exe

Remote address:

142.250.179.228:443

Request

GET /accounts/Logout HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/search?q=jshop

msedge.exe

Remote address:

142.250.179.228:443

Request

GET /search?q=jshop HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

msedge.exe

Remote address:

2.22.137.90:443

Request

GET /ws/eBayISAPI.dll?SignIn HTTP/2.0
host: signin.ebay.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ch: sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua-full-version
content-security-policy: connect-src 'self' *.ebay.com *.ebay.co.uk *.ebaystatic.com *.ebaystatic.co.uk data: *.quantummetric.com *.googlesyndication.com wss://127.0.0.1:* *.amplitude.com *.gstatic.com *.doubleclick.net *.ravelin.click *.ravelin.com *.ebay-us.com *.cloudfront.net *.bluekai.com *.forter.com *.google-analytics.com *.perfdrive.com *.google.com blob: *.akamaihd.net *.googleapis.com *.analytics.google.com *.ebayrtm.com *.ucweb.com *.trongrid.io *.glance.net *.facebook.net *.puretheweb.com *.online-metrix.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.ebay.com *.ebay.co.uk *.ebaystatic.com *.ebaystatic.co.uk *.googlesyndication.com *.ebaystatic.cn *.ebay-us.com *.forter.com *.paypal.com *.ebayrtm.com *.quantummetric.com *.doubleclick.net *.cloudfront.net *.googletagservices.com *.google-analytics.com *.ucweb.com *.googletagmanager.com *.akamaihd.net *.fidoapi.com *.google.com *.cloudflare.com *.facebook.net *.googleapis.com *.hcaptcha.com *.online-metrix.net puffin: brave: edge:; upgrade-insecure-requests; frame-ancestors 'self' *.ebay.com *.ebay.co.uk; default-src 'self' 'unsafe-inline' blob: data: wss: mediastream: *.ebay.com *.ebay.co.uk *.ebaystatic.com *.ebaystatic.co.uk *.forter.com *.paypal.com *.gstatic.com *.ebayimg.com *.ebayrtm.com *.googlesyndication.com wss://127.0.0.1:* *.ebay-us.com *.cloudfront.net *.google-analytics.com *.online-metrix.net *.google.com *.doubleclick.net *.bluekai.com *.fontawesome.com *.googleusercontent.com *.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.akamaihd.net *.googleapis.com *.ucweb.com *.facebook.net *.reich-web.com *.auctiva.com *.inkfrog.com *.puretheweb.com *.ebaystatic.cn *.hcaptcha.com; report-uri https://monitor.ebay.com/csp-report/sgninui/SigninLegacyView?id=3196165603087501984&rid=t6pbhnmpo4%60jhs9%3Fu%60mlhrj6ehmq%2B1%3A%3C2%3F7f01%3A(r5p7e-191b33555d8-0x2705#pd
content-type: text/html; charset=utf-8
rlogid: t6pbhnmpo4%60jhs9%3Fu%60mlhrj6ehmq%2B1%3A%3C2%3F7f01%3A(r5p7e-191b33555d8-0x2705
vary: Accept-Encoding
x-envoy-upstream-service-time: 130
x-ebay-mesh-server-pod-ip: 10.217.175.253
x-ebay-mesh-server-duration: 96
x-ebay-mesh-server-start: 2024-09-02T14:48:22.742Z
x-ebay-mesh-server-response-flag: -
server: ebay-proxy-server
x-ebay-mesh-gw-name: istioingressgateway-rnpci-lvsaz04-01
x-ebay-mesh-gw-pod-name: istio-ingressgateway-56896c9566-sjlg9
x-ebay-mesh-gw-pod-ip: 10.43.2.237
x-ebay-mesh-gw-upstream-duration: 100
x-ebay-mesh-gw-duration: 100
x-ebay-mesh-gw-start: 2024-09-02T14:48:22.738Z
x-ebay-mesh-gw-response-flag: -
x-ebay-pop-id: lvsaz02rnpcislb02
content-encoding: gzip
expires: Mon, 02 Sep 2024 14:48:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 02 Sep 2024 14:48:22 GMT
content-length: 34365
set-cookie: dp1=bu1p/QEBfX0BAX19AQA**6a983736^pbf/%232000000000000000000000000000468b703b6^tzo/1a466d5de46^bl/GB6a983736^; Domain=.ebay.com; Path=/; Expires=Wed, 02 Sep 2026 14:48:22 GMT; Secure
set-cookie: nonsession=BAQAAAZBR14g6AAaAADMAB2i3A7ZFQzRSMEFOAMoAIGqYNzZiMzM1NTVmMjE5MTBhZDlhZmZkNDQ0MjRmZmZmMWNlYwDLAAFm1dc+MTtB6Zx3ooQCU/DnLj/YQJLWh1Xv; Domain=.ebay.com; Path=/; Expires=Wed, 02 Sep 2026 14:48:22 GMT; HttpOnly; Secure
set-cookie: s=CgAD4ACBm1yG2YjMzNTU1ZjIxOTEwYWQ5YWZmZDQ0NDI0ZmZmZjFjZWOebIXG; Domain=.ebay.com; Path=/; HttpOnly; Secure
set-cookie: ebay=%5Ejs%3D1%5Esbf%3D%23000000%5E; Domain=.ebay.com; Path=/; Secure
set-cookie: cid=Qt8nrCUhgi8yf64u%23993708497; Domain=.ebay.com; Path=/; Expires=Tue, 02 Sep 2025 14:48:22 GMT; HttpOnly; Secure
set-cookie: __deba=itKIoL3jqxehc6a06CGub3Wpnd06IbmYIL84t9fqo7qOStpzV2ljhGiPIJwcqOhIXR8UW1J2_XMwSXzXGqPFGP1IFzhYTwnbHYiQ118QmiwfMaKGslHPu0GMtaotZf7xCsWM9ooyPK7CojAwvo-ioA==; HttpOnly; Secure; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
set-cookie: __uzma=377d6a3a-9cc2-4fc2-af53-e4ea3f31d5d5; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
set-cookie: __uzmb=1725288502; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
set-cookie: __uzmc=347521095700; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
set-cookie: __uzmd=1725288502; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
set-cookie: __uzme=0187; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
set-cookie: __uzmf=7f60003d72ce58-9fdc-4450-99ad-4f21c12449b917252885027310-e1702fd07b75c8e710; Path=/; Domain=.ebay.com; Expires=Sat, 1 Mar 2025 14:48:22 UTC
strict-transport-security: max-age=31536000
set-cookie: ak_bmsc=B3BFA755CAA8E0A4139D585E791F5014~000000000000000000000000000000~YAAQHqrOF62W25aRAQAAoVY1sxiQQYZSdPI2yLDb7P563lVwlOavDNW3zjRT46BTfSTf5AyjO3iC3M5rxr/OGn6cNuT+Ol8bT21t9iB5oaxdrU+xINWC1EokwUqE0hiD9JUaiDAEYNutdnobGZZZJ5ERlO8Ux1X4rEe+kgQvZojeMCF/TehiDmJgVRY5B4EQAqnIzlsBqFP+aRn/ovD1L6eNVYS3wd8Fj7wClN9B12zCtFrEuawuv3tRLbwEAxYlpm4Xj67wT8JwEmlVOabnykRvud1yQCsR5T+9x0HGJjIFgcmiGUMGKc0V2toS034oDD/JF7gFvVxZcXi7lGKTEuY6M3+3euNXHj1tulXYN8JScpszcGIHSOJ/AfFh4cDJpd0CApRHJfQ=; Domain=.ebay.com; Path=/; Expires=Mon, 02 Sep 2024 16:48:22 GMT; Max-Age=7200
GET

https://www.dropbox.com/logout

msedge.exe

Remote address:

162.125.64.18:443

Request

GET /logout HTTP/2.0
host: www.dropbox.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-N6/DBzGTdxkX0qqiGCuf' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob:
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-N6/DBzGTdxkX0qqiGCuf' 'nonce-KMpX0K1EP6otRMI9ThQ+'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MjYyMzI2OTg0OTgyMDU2NzE0OTc3MjA0MDc0NzQzMDIxMjIyOTE4; expires=Sat, 01 Sep 2029 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: locale=en; Domain=dropbox.com; expires=Sat, 01 Sep 2029 14:48:22 GMT; Path=/; SameSite=None; Secure
set-cookie: t=kWvPlZ_X3FYFfXOFgt2ElreX; Domain=dropbox.com; expires=Tue, 02 Sep 2025 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: __Host-js_csrf=kWvPlZ_X3FYFfXOFgt2ElreX; expires=Tue, 02 Sep 2025 14:48:22 GMT; Path=/; SameSite=None; Secure
set-cookie: __Host-ss=4kDkgDlf1U; expires=Tue, 02 Sep 2025 14:48:22 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
set-cookie: bjar=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: blid=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: lid=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: jar=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: oscar=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: grouch=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: baklawa=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: malabi=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: __Secure-reseller_session=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: sm_auth=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: rl_auth=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: toaster=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: giraffe=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: db-help-center-uid=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: __Host-logged-out-session=; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: __Secure-untrusted_session=; Domain=dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie: preauth=; Domain=www.dropbox.com; expires=Mon, 02 Sep 2024 14:48:22 GMT; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 64
x-xss-protection: 1; mode=block
date: Mon, 02 Sep 2024 14:48:22 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: b36e33747867470c9af9eb70e0d5276f
GET

https://mail.google.com/mail/?logout

msedge.exe

Remote address:

142.250.187.229:443

Request

GET /mail/?logout HTTP/2.0
host: mail.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://mail.google.com/mail/?logout&view

msedge.exe

Remote address:

142.250.187.229:443

Request

GET /mail/?logout&view HTTP/2.0
host: mail.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.netflix.com/Logout

msedge.exe

Remote address:

54.246.79.9:443

Request

GET /Logout HTTP/2.0
host: www.netflix.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

msedge.exe

Remote address:

18.165.183.65:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Fri, 30 Aug 2024 03:21:28 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9LBh3bSqyRk_YT.R6.SSdboZ4E_eei1r
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 02 Sep 2024 12:09:55 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 abd012b9637ad93b7c9aa82d2cfb262c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH55-P1
X-Amz-Cf-Id: ojKEB7DX4rzPb5W9OQUILcOXOZu9fUVjvHJhQ_rY51PmQ4hT4WHMiQ==
Age: 9508
GET

https://secure.skype.com/account/logout

msedge.exe

Remote address:

52.178.182.128:443

Request

GET /account/logout HTTP/1.1
Host: secure.skype.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: nginx
Date: Mon, 02 Sep 2024 14:48:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: skypetoken=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
Set-Cookie: signinName=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
Set-Cookie: login_state=9db875337c7b53132ff65a79; path=/; secure; HttpOnly
X-Stratus-Processing-Time: 0.0044
X-Skype-Request-Id: 412651d3
X-Stratus-Request-Id: 412651d3
P3P: CP="CAO PSA OUR"
Location: https://login.skype.com/logout?client_id=360605&redirect_uri=https%3A%2F%2Fsecure.skype.com%2Fportal%2Flogin&response_type=postgrant&state=9db875337c7b53132ff65a79
Vary: Origin
Content-Security-Policy-Report-Only: connect-src https://*.clarity.ms https://browser.events.data.microsoft.com https://web.vortex.data.microsoft.com https://browser.pipe.aria.microsoft.com https://uhf.microsoft.com https://api.skype.com https://a.config.skype.com https://b.config.skype.com https://apps.skypeassets.com https://secure.skype.com https://manager.skype.com https://contacts.skype.com https://edge.skype.com https://config.edge.skype.com https://api.promotions.skype.com https://sso.skypetoken.skype.com https://register.greenid.skype.com https://www.facebook.com https://api.asm.skype.com https://options.skype.com https://login.microsoftonline.com https://displaycatalog.mp.microsoft.com; font-src https://apps.skypeassets.com https://secure.skypeassets.com https://www.microsoft.com https://c.s-microsoft.com data: https://fonts.gstatic.com; form-action https://secure.skype.com https://manager.skype.com https://live.adyen.com https://www.facebook.com https://connect.facebook.net https://www.microsoft.com; frame-src https://secure.skype.com https://manager.skype.com https://login.live.com https://a.lw.skype.com https://fpt.skype.com https://pay.skype.com https://cap.attempts.securecode.com https://live.adyen.com https://www.facebook.com https://connect.facebook.net https://vcas1.visa.com https://aacsw.3ds.verifiedbyvisa.com https://authentication.cardinalcommerce.com https://secure.payu.in https://www.microsoft.com https://login.microsoftonline.com; img-src https://apps.skypeassets.com https://secure.skypeassets.com https://static-asm.secure.skypeassets.com https://avatar.skype.com https://manager.skype.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://uhf.microsoft.com https://web.vortex.data.microsoft.com https://logincdn.msauth.net data: https://www.facebook.com https://ad.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.jp https://www.google.co.uk https://adservice.google.ca https://googleads.g.doubleclick.net https://www.google.com; script-src https://www.clarity.ms https://js.monitor.azure.com https://wcpstatic.microsoft.com https://apps.skypeassets.com https://secure.skypeassets.com https://az725175.vo.msecnd.net https://web.vortex.data.microsoft.com https://c.s-microsoft.com https://www.microsoft.com https://www.googleadservices.com https://connect.facebook.net https://cdnssl.clicktale.net 'unsafe-inline'; style-src https://apps.skypeassets.com https://secure.skypeassets.com https://c.s-microsoft.com https://www.microsoft.com https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net 'unsafe-inline'; default-src 'none'; base-uri 'none'; object-src 'none'; block-all-mixed-content; report-uri https://edge.skype.com/r/c
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Processing-Time: 0.007
GET

https://soundcloud.com/logout

msedge.exe

Remote address:

108.138.217.73:443

Request

GET /logout HTTP/2.0
host: soundcloud.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ptoszek.pioterontop.rf.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 401

content-type: text/html
content-length: 20004
x-pants: distant-towel
x-xss-protection: 1; mode=block
cache-control: private, max-age=0, no-cache, no-store
x-frame-options: SAMEORIGIN
server-timing: enabledFeatures; dur=8.183455; desc="api-v2/enabledFeatures", experiments; dur=6.362905; desc="api-v2/experiments", geoip; dur=1.258258; desc="geoip/geoip", privacySettings; dur=7.500089; desc="api-v2/privacySettings"
date: Mon, 02 Sep 2024 14:48:23 GMT
server: am/2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-cache: Error from cloudfront
via: 1.1 dd14c137c3edcb7d91394cbb3ac93a7a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: QkuoE-xLbfizzMnoYg9CD2ePoScRBI3qaFCBbNULgfRitYkCeLohZg==
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

errors.infinityfree.net

Remote address:

8.8.8.8:53

Request

errors.infinityfree.net

IN A

Response

errors.infinityfree.net

IN A

172.67.71.120

errors.infinityfree.net

IN A

104.26.8.174

errors.infinityfree.net

IN A

104.26.9.174
DNS

95.166.233.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.166.233.64.in-addr.arpa

IN PTR

Response

95.166.233.64.in-addr.arpa

IN PTR

wm-in-f951e100net
DNS

228.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.179.250.142.in-addr.arpa

IN PTR

Response

228.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f41e100net
DNS

www.gstatic.com

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.178.3
DNS

fonts.googleapis.com

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

64.233.166.95
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f14�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I
DNS

18.64.125.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.64.125.162.in-addr.arpa

IN PTR

Response
DNS

store.steampowered.com

Remote address:

8.8.8.8:53

Request

store.steampowered.com

IN A

Response

store.steampowered.com

IN A

95.100.245.51
DNS

cdnjs.cloudflare.com

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN A

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

92.123.142.10

e86303.dscx.akamaiedge.net

IN A

92.123.142.8

e86303.dscx.akamaiedge.net

IN A

2.17.209.64

e86303.dscx.akamaiedge.net

IN A

92.123.142.9

e86303.dscx.akamaiedge.net

IN A

2.17.209.58

e86303.dscx.akamaiedge.net

IN A

2.17.209.66

e86303.dscx.akamaiedge.net

IN A

2.17.209.59

e86303.dscx.akamaiedge.net

IN A

92.123.142.11

e86303.dscx.akamaiedge.net

IN A

92.123.142.16
DNS

229.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.187.250.142.in-addr.arpa

IN PTR

Response

229.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f51e100net
DNS

90.137.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.137.22.2.in-addr.arpa

IN PTR

Response

90.137.22.2.in-addr.arpa

IN PTR

a2-22-137-90deploystaticakamaitechnologiescom
DNS

secure.globalsign.com

Remote address:

8.8.8.8:53

Request

secure.globalsign.com

IN A

Response

secure.globalsign.com

IN CNAME

global.prd.cdn.globalsign.com

global.prd.cdn.globalsign.com

IN CNAME

cdn.globalsigncdn.com.cdn.cloudflare.net

cdn.globalsigncdn.com.cdn.cloudflare.net

IN A

104.18.21.226

cdn.globalsigncdn.com.cdn.cloudflare.net

IN A

104.18.20.226
DNS

51.245.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.245.100.95.in-addr.arpa

IN PTR

Response

51.245.100.95.in-addr.arpa

IN PTR

a95-100-245-51deploystaticakamaitechnologiescom
DNS

195.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

9.79.246.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.79.246.54.in-addr.arpa

IN PTR

Response

9.79.246.54.in-addr.arpa

IN PTR

ec2-54-246-79-9 eu-west-1compute amazonawscom
DNS

22.103.224.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.103.224.13.in-addr.arpa

IN PTR

Response

22.103.224.13.in-addr.arpa

IN PTR

server-13-224-103-22zrh50r cloudfrontnet
DNS

65.183.165.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.183.165.18.in-addr.arpa

IN PTR

Response

65.183.165.18.in-addr.arpa

IN PTR

server-18-165-183-65zrh55r cloudfrontnet
GET

https://steamcommunity.com/?action=doLogout

msedge.exe

Remote address:

2.22.99.85:443

Request

GET /?action=doLogout HTTP/1.1
Host: steamcommunity.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 8487
Date: Mon, 02 Sep 2024 14:48:23 GMT
Connection: keep-alive
Set-Cookie: sessionid=8793da9732e1b3694f592ee6; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7C0cca5b35055ce513436d8b708d875660; Path=/; Secure; HttpOnly; SameSite=None
GET

https://store.steampowered.com/logout/

msedge.exe

Remote address:

95.100.245.51:443

Request

GET /logout/ HTTP/1.1
Host: store.steampowered.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/ https://store.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ https://help.steampowered.com/;
Location: https://store.steampowered.com/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=10368000
Content-Length: 20
Date: Mon, 02 Sep 2024 14:48:24 GMT
Connection: keep-alive
Set-Cookie: steamCountry=GB%7C0cca5b35055ce513436d8b708d875660; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: LKGBillingCountry=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
GET

https://store.steampowered.com/

msedge.exe

Remote address:

95.100.245.51:443

Request

GET / HTTP/1.1
Host: store.steampowered.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: steamCountry=GB%7C0cca5b35055ce513436d8b708d875660

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none';
X-Frame-Options: DENY
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=10368000
Date: Mon, 02 Sep 2024 14:48:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: sessionid=1f242a04030fdb970110ef08; Path=/; Secure; SameSite=None
GET

https://ptoszek.pioterontop.rf.gd/media/videos/v09044g40000cgr968jc77u1t2krb89g.mov

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/videos/v09044g40000cgr968jc77u1t2krb89g.mov HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
Accept-Encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: video
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288507.0.0.0
Range: bytes=0-

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:29 GMT
Content-Type: video/quicktime
Content-Length: 1480569
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:51 GMT
ETag: "169779-62123822ea340"
Accept-Ranges: bytes
Cache-Control: no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform
Expires: Mon, 02 Sep 2024 14:48:28 GMT
Pragma: no-cache
GET

https://ptoszek.pioterontop.rf.gd/media/images/ptakwspodniach.jpg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/ptakwspodniach.jpg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288507.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:45 GMT
Content-Type: image/jpeg
Content-Length: 47922
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:18 GMT
ETag: "bb32-62123802f6b9f"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:45 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/images/ptok.jpg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/ptok.jpg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288507.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:47 GMT
Content-Type: image/jpeg
Content-Length: 4743
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:13 GMT
ETag: "1287-621237fea47cd"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:47 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/videos/kaczuszka.mp4 HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
Accept-Encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: video
Referer: https://ptoszek.pioterontop.rf.gd/
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288525.0.0.0
Range: bytes=8880128-

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:56 GMT
Content-Type: video/mp4
Content-Length: 8901029
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:41 GMT
ETag: "87d1a5-62123818d3989"
Accept-Ranges: bytes
Cache-Control: no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform
Expires: Mon, 02 Sep 2024 14:48:51 GMT
Pragma: no-cache
GET

https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/lubieptoszki.png HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288525.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:57 GMT
Content-Type: image/png
Content-Length: 22741
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:17 GMT
ETag: "58d5-6212380244026"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:57 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/lubieptoszki.png HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288525.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:58 GMT
Content-Type: image/png
Content-Length: 22741
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:17 GMT
ETag: "58d5-6212380244026"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:58 GMT
Accept-Ranges: bytes
GET

https://ptoszek.pioterontop.rf.gd/media/images/zimowyptoszek.jpeg

msedge.exe

Remote address:

185.27.134.98:443

Request

GET /media/images/zimowyptoszek.jpeg HTTP/1.1
Host: ptoszek.pioterontop.rf.gd
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Referer: https://ptoszek.pioterontop.rf.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __test=16ec1e5efc48ddfbdeeaadd1bf6c354f; _ga=GA1.1.93920737.1725288486; _ga_6S5388LRGM=GS1.1.1725288485.1.1.1725288525.0.0.0

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 02 Sep 2024 14:48:59 GMT
Content-Type: image/jpeg
Content-Length: 226965
Connection: keep-alive
Last-Modified: Mon, 02 Sep 2024 14:10:20 GMT
ETag: "37695-621238047a30d"
Cache-Control: max-age=2592000, public, proxy-revalidate
Expires: Wed, 02 Oct 2024 14:48:59 GMT
Accept-Ranges: bytes
GET

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css

msedge.exe

Remote address:

151.101.193.229:443

Request

GET /npm/bootstrap@3.3.7/dist/css/bootstrap.min.css HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://errors.infinityfree.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://errors.infinityfree.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.3.7
x-jsd-version-type: version
etag: W/"1d970-ZSfYvz4ek2i6uMe2D1a8Afo6/Wg"
content-encoding: br
accept-ranges: bytes
date: Mon, 02 Sep 2024 14:48:25 GMT
age: 3390116
x-served-by: cache-fra-eddf8230076-FRA, cache-lon420114-LON
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21190
GET

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

msedge.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/font-awesome/5.15.4/css/all.min.css HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://errors.infinityfree.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 02 Sep 2024 14:48:25 GMT
content-type: text/css; charset=utf-8
content-length: 10462
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613fa20b-28de"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 929484
expires: Sat, 23 Aug 2025 14:48:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eIy1bj%2FzNdlpac%2BvIK5n4dbC22MHesngKn1f4DzhgMEa50KOm3zDLeciHVHpu9nUBZfjES9YJ09g3%2BxKiEht3UeO%2F7ZnbsiBtDaWSnGVFwcZ4F%2FJQdpKKq%2FqeOuSKeVd8lMV%2Bmoy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8bce4d06989477b8-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

msedge.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2 HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://errors.infinityfree.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 02 Sep 2024 14:48:25 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78268
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "613fa20b-131bc"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 926976
expires: Sat, 23 Aug 2025 14:48:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l1k0XPL8LJUco3EwtIowX57pvyp5nOO8%2BrDWz027pDxzJmKUd5f20Svi6ep3hbSFUzE66aGx8X3fllLl8USRA%2BhpB30rEchbBwYywi9bSVmmUI5yWxjCimbGrqPgDi0MH4xhpCe6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8bce4d0779aa77b8-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vpassets.infinityfree.net/welcome2017/logo.png

msedge.exe

Remote address:

18.165.183.26:443

Request

GET /welcome2017/logo.png HTTP/2.0
host: vpassets.infinityfree.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://errors.infinityfree.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/jpeg
content-length: 393775
last-modified: Sun, 23 Jun 2024 11:08:09 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Sep 2024 14:47:05 GMT
etag: "e6c66532ab2b33a59216e338a7028e2c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ca6974974a9175b71fb6a84145111ed2.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
x-amz-cf-id: 6kZK2HFQAzkX0RQ_CwvjLt_CEAn1DVBE_vBosfxMMP9IR3gCgQz45g==
age: 401
GET

https://vpassets.infinityfree.net/welcome2017/background.jpg

msedge.exe

Remote address:

18.165.183.26:443

Request

GET /welcome2017/background.jpg HTTP/2.0
host: vpassets.infinityfree.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://errors.infinityfree.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 4770
last-modified: Sun, 23 Jun 2024 11:08:09 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Sep 2024 14:48:25 GMT
etag: "a426c3bc6ef80c545000f0fe00e1134b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ca6974974a9175b71fb6a84145111ed2.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
x-amz-cf-id: fneeAQiJxplA7K4bDxaxGKP9lTIx_dCbWMpTrOC70BIrHMrdA1ohaA==
age: 26

185.27.134.98:443

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

tls, http

msedge.exe

104.8kB
6.4MB
2102
4613

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/aes.js

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/?i=1

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/index.js

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/intro.gif

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/ptok.jpg

HTTP Response

302

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

HTTP Response

200
142.250.178.3:80

http://i.pki.goog/r1.crt

http

msedge.exe

551 B
4.4kB
7
6

HTTP Request

GET http://i.pki.goog/wr1.crt

HTTP Response

200

HTTP Request

GET http://i.pki.goog/r1.crt

HTTP Response

200
185.27.134.98:443

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

tls, http

msedge.exe

4.2kB
97.2kB
62
76

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

HTTP Response

200
216.239.32.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=scroll&epn.percent_scrolled=90&_et=11&tfd=5646

tls, http2

msedge.exe

2.6kB
6.5kB
17
17

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=622

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-6S5388LRGM&gtm=45je48s0v9137156704za200&_p=1725288485668&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=93920737.1725288486&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725288485&sct=1&seg=0&dl=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dr=https%3A%2F%2Fptoszek.pioterontop.rf.gd%2F&dt=Ptoszek&en=scroll&epn.percent_scrolled=90&_et=11&tfd=5646
104.26.8.174:443

https://errors.infinityfree.net/favicon.ico

tls, http2

msedge.exe

2.5kB
13.4kB
20
27

HTTP Request

GET https://errors.infinityfree.net/errors/404/

HTTP Response

404

HTTP Request

GET https://errors.infinityfree.net/errors/404/

HTTP Response

404

HTTP Request

GET https://errors.infinityfree.net/css/app.css

HTTP Response

200

HTTP Request

GET https://errors.infinityfree.net/favicon.ico

HTTP Response

200
35.190.80.1:443

https://a.nel.cloudflare.com/report/v4?s=kJp9Ma8oSUtuBK1iZ5A3UF5LVgkZHoEsBa7NQZBI%2Bu1E6FEffnfzda%2FztNeAAOUUmw95iEMOhicHtibSBmaQ0vkQME0uOzICAgA%2B8JIqllD85lrNB3Rr2D8tJ%2BNL%2BqpWkgc59%2Fc24SRz

tls, http2

msedge.exe

1.8kB
4.6kB
15
14

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v4?s=kJp9Ma8oSUtuBK1iZ5A3UF5LVgkZHoEsBa7NQZBI%2Bu1E6FEffnfzda%2FztNeAAOUUmw95iEMOhicHtibSBmaQ0vkQME0uOzICAgA%2B8JIqllD85lrNB3Rr2D8tJ%2BNL%2BqpWkgc59%2Fc24SRz
185.27.134.98:443

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

tls, http

msedge.exe

11.7kB
467.8kB
141
360

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/ptok.jpg

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/jaczup.jpg

HTTP Response

302

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/zimowyptoszek.jpeg

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/ptakwspodniach.jpg

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

HTTP Response

200
185.27.134.98:443

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

tls, http

msedge.exe

11.7kB
919.9kB
209
670

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

HTTP Response

200
162.159.135.232:443

https://discord.com/api/v9/auth/logout

tls, http2

msedge.exe

1.9kB
4.8kB
13
14

HTTP Request

POST https://discord.com/api/v9/auth/logout

HTTP Response

401
13.224.103.41:443

https://www.guilded.gg/api/logout

tls, http2

msedge.exe

1.8kB
7.2kB
13
16

HTTP Request

POST https://www.guilded.gg/api/logout

HTTP Response

400
128.116.44.3:443

https://auth.roblox.com/v2/logout

tls, http2

msedge.exe

1.8kB
7.5kB
13
15

HTTP Request

POST https://auth.roblox.com/v2/logout

HTTP Response

401
216.58.212.238:443

https://www.youtube.com/

tls, http2

msedge.exe

2.0kB
10.9kB
15
19

HTTP Request

POST https://www.youtube.com/
3.165.190.127:443

https://www.deviantart.com/

tls, http2

msedge.exe

2.0kB
13.9kB
15
22

HTTP Request

POST https://www.deviantart.com/users/logout

HTTP Response

302

HTTP Request

GET https://www.deviantart.com/

HTTP Response

200
18.165.189.191:443

https://www.amazon.com/ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin%3Fopenid.pape.max_auth_age%3D900%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%253Faction%253Dsign-out%26openid.assoc_handle%3Dusflex%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.assoc_handle=usflex&openid.mode=logout&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0

tls, http2

msedge.exe

2.1kB
7.4kB
14
15

HTTP Request

GET https://www.amazon.com/gp/flex/sign-out.html?action=sign-out

HTTP Response

302

HTTP Request

GET https://www.amazon.com/ap/signin?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin%3Fopenid.pape.max_auth_age%3D900%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%253Faction%253Dsign-out%26openid.assoc_handle%3Dusflex%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.assoc_handle=usflex&openid.mode=logout&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
20.26.156.215:443

https://github.com/

tls, http2

msedge.exe

1.8kB
8.9kB
14
18

HTTP Request

GET https://github.com/logout

HTTP Response

302

HTTP Request

GET https://github.com/
184.28.198.209:443

https://secure.hulu.com/

tls, http

msedge.exe

2.4kB
9.5kB
14
16

HTTP Request

GET https://secure.hulu.com/logout

HTTP Response

302

HTTP Request

GET https://secure.hulu.com/

HTTP Response

301
142.250.179.228:443

https://www.google.com/accounts/Logout

tls, http2

msedge.exe

1.8kB
6.2kB
14
17

HTTP Request

GET https://www.google.com/accounts/Logout
142.250.179.228:443

https://www.google.com/search?q=jshop

tls, http2

msedge.exe

1.8kB
7.1kB
13
16

HTTP Request

GET https://www.google.com/search?q=jshop
142.250.179.228:443

www.google.com

tls, http2

msedge.exe

943 B
5.0kB
8
8
2.22.137.90:443

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

tls, http2

msedge.exe

2.5kB
46.3kB
29
47

HTTP Request

GET https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

HTTP Response

200
162.125.64.18:443

https://www.dropbox.com/logout

tls, http2

msedge.exe

1.9kB
35.9kB
18
35

HTTP Request

GET https://www.dropbox.com/logout

HTTP Response

200
142.250.187.229:443

https://mail.google.com/mail/?logout&view

tls, http2

msedge.exe

1.9kB
5.7kB
14
15

HTTP Request

GET https://mail.google.com/mail/?logout

HTTP Request

GET https://mail.google.com/mail/?logout&view
54.246.79.9:443

https://www.netflix.com/Logout

tls, http2

msedge.exe

1.8kB
5.9kB
14
14

HTTP Request

GET https://www.netflix.com/Logout
18.165.183.65:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

msedge.exe

367 B
1.9kB
5
4

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
52.178.182.128:443

https://secure.skype.com/account/logout

tls, http

msedge.exe

2.2kB
8.8kB
11
14

HTTP Request

GET https://secure.skype.com/account/logout

HTTP Response

302
108.138.217.73:443

https://soundcloud.com/logout

tls, http2

msedge.exe

1.8kB
26.9kB
16
29

HTTP Request

GET https://soundcloud.com/logout

HTTP Response

401
2.22.99.85:443

https://steamcommunity.com/?action=doLogout

tls, http

msedge.exe

1.7kB
15.8kB
11
19

HTTP Request

GET https://steamcommunity.com/?action=doLogout

HTTP Response

200
95.100.245.51:443

https://store.steampowered.com/

tls, http

msedge.exe

3.2kB
34.7kB
30
32

HTTP Request

GET https://store.steampowered.com/logout/

HTTP Response

302

HTTP Request

GET https://store.steampowered.com/

HTTP Response

200
185.27.134.98:443

https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

tls, http

msedge.exe

48.2kB
4.0MB
882
2882

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/videos/v09044g40000cgr968jc77u1t2krb89g.mov

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/ptakwspodniach.jpg

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/ptok.jpg

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/videos/kaczuszka.mp4

HTTP Response

200
185.27.134.98:443

https://ptoszek.pioterontop.rf.gd/media/images/zimowyptoszek.jpeg

tls, http

msedge.exe

4.3kB
285.2kB
38
216

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/lubieptoszki.png

HTTP Response

200

HTTP Request

GET https://ptoszek.pioterontop.rf.gd/media/images/zimowyptoszek.jpeg

HTTP Response

200
151.101.193.229:443

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css

tls, http2

msedge.exe

2.0kB
28.4kB
19
31

HTTP Request

GET https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css

HTTP Response

200
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

tls, http2

msedge.exe

2.2kB
97.3kB
20
86

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

HTTP Response

200

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

HTTP Response

200
18.165.183.26:443

https://vpassets.infinityfree.net/welcome2017/background.jpg

tls, http2

msedge.exe

7.3kB
418.5kB
133
309

HTTP Request

GET https://vpassets.infinityfree.net/welcome2017/logo.png

HTTP Request

GET https://vpassets.infinityfree.net/welcome2017/background.jpg

HTTP Response

200

HTTP Response

200
18.165.183.26:443

vpassets.infinityfree.net

tls

msedge.exe

885 B
5.8kB
8
8
104.86.110.114:443

www.bing.com

tls

5.0kB
75.7kB
71
68
92.123.142.10:443

r.bing.com

tls

1.1kB
5.1kB
14
11
92.123.142.10:443

r.bing.com

tls

1.1kB
5.1kB
14
11
92.123.142.10:443

r.bing.com

tls

1.1kB
5.1kB
14
11
92.123.142.10:443

r.bing.com

tls

1.1kB
5.1kB
14
11
92.123.142.10:443

r.bing.com

tls

57.4kB
1.6MB
1194
1175
92.123.142.10:443

r.bing.com

tls

1.1kB
5.1kB
14
11
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
11
8
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
11
8
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
11
8
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
12
8
92.123.142.10:443

r.bing.com

tls

1.4kB
1.0kB
13
9
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
11
8
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
11
8
92.123.142.10:443

r.bing.com

tls

1.3kB
959 B
11
8
92.123.142.10:443

r.bing.com

tls

1.9kB
959 B
12
8

8.8.8.8:53

ptoszek.pioterontop.rf.gd

dns

msedge.exe

994 B
2.4kB
15
15

DNS Request

ptoszek.pioterontop.rf.gd

DNS Response

185.27.134.98

DNS Request

login.live.com

DNS Response

40.126.32.136

20.190.160.14

40.126.32.138

40.126.32.68

20.190.160.22

40.126.32.133

40.126.32.140

20.190.160.20

DNS Request

ctldl.windowsupdate.com

DNS Response

2.22.144.81

2.22.144.73

DNS Request

i.pki.goog

DNS Response

142.250.178.3

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

www.googletagmanager.com

DNS Response

172.217.169.8

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1

DNS Request

www.youtube.com

DNS Response

216.58.212.238

172.217.16.238

142.250.200.14

142.250.187.238

216.58.212.206

216.58.204.78

172.217.169.46

216.58.201.110

142.250.200.46

142.250.178.14

142.250.187.206

142.250.180.14

142.250.179.238

DNS Request

signin.ebay.com

DNS Response

2.22.137.90

DNS Request

secure.skype.com

DNS Response

52.178.182.128

DNS Request

191.189.165.18.in-addr.arpa

DNS Request

73.217.138.108.in-addr.arpa

DNS Request

vpassets.infinityfree.net

DNS Response

18.165.183.26

18.165.183.118

18.165.183.122

18.165.183.13

DNS Request

10.142.123.92.in-addr.arpa
8.8.8.8:53

98.134.27.185.in-addr.arpa

dns

657 B
1.2kB
10
10

DNS Request

98.134.27.185.in-addr.arpa

DNS Request

region1.google-analytics.com

DNS Response

216.239.32.36

216.239.34.36

DNS Request

174.8.26.104.in-addr.arpa

DNS Request

auth.roblox.com

DNS Response

128.116.44.3

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

x.ss2.us

DNS Response

13.224.103.22

13.224.103.43

13.224.103.34

13.224.103.11

DNS Request

3.44.116.128.in-addr.arpa

DNS Request

steamcommunity.com

DNS Response

2.22.99.85

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.193.229

151.101.1.229

151.101.65.229

151.101.129.229

DNS Request

26.183.165.18.in-addr.arpa
8.8.8.8:53

136.32.126.40.in-addr.arpa

dns

468 B
928 B
7
7

DNS Request

136.32.126.40.in-addr.arpa

DNS Request

8.169.217.172.in-addr.arpa

DNS Request

1.80.190.35.in-addr.arpa

DNS Request

www.guilded.gg

DNS Response

13.224.103.41

13.224.103.105

13.224.103.54

13.224.103.53

DNS Request

www.dropbox.com

DNS Response

162.125.64.18

DNS Request

soundcloud.com

DNS Response

108.138.217.73

108.138.217.32

108.138.217.110

108.138.217.3

DNS Request

209.198.28.184.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

599 B
1.2kB
9
9

DNS Request

81.144.22.2.in-addr.arpa

DNS Request

errors.infinityfree.net

DNS Response

104.26.8.174

172.67.71.120

104.26.9.174

DNS Request

www.deviantart.com

DNS Response

3.165.190.127

3.165.190.4

3.165.190.31

3.165.190.55

DNS Request

www.google.com

DNS Response

142.250.179.228

DNS Request

crt.usertrust.com

DNS Response

172.64.149.23

104.18.38.233

DNS Request

127.190.165.3.in-addr.arpa

DNS Request

226.21.18.104.in-addr.arpa

DNS Request

www.google-analytics.com

DNS Response

216.58.201.110

DNS Request

fp.msedge.net

DNS Response

204.79.197.222
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

612 B
1.2kB
9
9

DNS Request

3.178.250.142.in-addr.arpa

DNS Request

36.32.239.216.in-addr.arpa

DNS Request

discord.com

DNS Response

162.159.135.232

162.159.137.232

162.159.128.233

162.159.136.232

162.159.138.232

DNS Request

www.amazon.com

DNS Response

18.165.189.191

DNS Request

mail.google.com

DNS Response

142.250.187.229

DNS Request

232.135.159.162.in-addr.arpa

DNS Request

85.99.22.2.in-addr.arpa

DNS Request

229.193.101.151.in-addr.arpa

DNS Request

222.197.79.204.in-addr.arpa
224.0.0.251:5353

msedge.exe

594 B
9
216.239.32.36:443

region1.google-analytics.com

https

msedge.exe

7.5kB
7.9kB
29
32
35.190.80.1:443

a.nel.cloudflare.com

https

msedge.exe

2.6kB
4.0kB
7
8
8.8.8.8:53

secure.hulu.com

dns

msedge.exe

425 B
917 B
6
6

DNS Request

secure.hulu.com

DNS Response

184.28.198.209

184.28.198.219

DNS Request

crt.rootg2.amazontrust.com

DNS Response

18.165.183.65

18.165.183.5

18.165.183.30

18.165.183.46

DNS Request

41.103.224.13.in-addr.arpa

DNS Request

128.182.178.52.in-addr.arpa

DNS Request

14.25.17.104.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

20.189.173.6
8.8.8.8:53

www.netflix.com

dns

msedge.exe

338 B
861 B
5
5

DNS Request

www.netflix.com

DNS Response

54.246.79.9

54.170.196.176

52.214.181.141

DNS Request

238.212.58.216.in-addr.arpa

DNS Request

23.149.64.172.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

142.250.187.195

DNS Request

ctldl.windowsupdate.com

DNS Response

87.248.205.0
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

213 B
380 B
3
3

DNS Request

215.156.26.20.in-addr.arpa

DNS Request

errors.infinityfree.net

DNS Response

172.67.71.120

104.26.8.174

104.26.9.174

DNS Request

95.166.233.64.in-addr.arpa
8.8.8.8:53

228.179.250.142.in-addr.arpa

dns

274 B
444 B
4
4

DNS Request

228.179.250.142.in-addr.arpa

DNS Request

www.gstatic.com

DNS Response

142.250.178.3

DNS Request

fonts.googleapis.com

DNS Response

64.233.166.95

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

18.64.125.162.in-addr.arpa

dns

262 B
620 B
4
4

DNS Request

18.64.125.162.in-addr.arpa

DNS Request

store.steampowered.com

DNS Response

95.100.245.51

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14

DNS Request

r.bing.com

DNS Response

92.123.142.10

92.123.142.8

2.17.209.64

92.123.142.9

2.17.209.58

2.17.209.66

2.17.209.59

92.123.142.11

92.123.142.16
8.8.8.8:53

229.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

229.187.250.142.in-addr.arpa
8.8.8.8:53

90.137.22.2.in-addr.arpa

dns

354 B
680 B
5
5

DNS Request

90.137.22.2.in-addr.arpa

DNS Request

secure.globalsign.com

DNS Response

104.18.21.226

104.18.20.226

DNS Request

51.245.100.95.in-addr.arpa

DNS Request

195.187.250.142.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

9.79.246.54.in-addr.arpa

dns

70 B
131 B
1
1

DNS Request

9.79.246.54.in-addr.arpa
8.8.8.8:53

22.103.224.13.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

22.103.224.13.in-addr.arpa
8.8.8.8:53

65.183.165.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

65.183.165.18.in-addr.arpa
142.250.179.228:443

www.google.com

https

msedge.exe

7.6kB
58.5kB
43
61
142.250.179.228:443

www.google.com

https

msedge.exe

6.2kB
43.1kB
31
45

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
102KB

MD5
68b0a390922fd778f5262c2397980e9f

SHA1
4f38253e586bfc6222caa30fd6f704cf213003c9

SHA256
8c42f9647d81db9f9ad7fa7981433801ced3045979dd378cc86e9685efa67307

SHA512
5208466e16f67cc8b0d29d4567e695b8c05afae3ded82b065d0b56d439b23f70ceadf09827205a6aa2c77ee5cabb72b29e25caca6d326b3b5e77e3edaf4c41d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8aa35c9902f73d62063f03c34b658d41

SHA1
a6c4b256622167ff6fd2b8d1674d111139db9783

SHA256
6a03518f3b413aa65cb509a0ee360a03e502da4459063505004e9ff5e4ae535c

SHA512
67b5e6324861701ed91d0a111df94367969aece6a2cd8dede06e66fe473e3731e43e8d1b6e520031317b4bfcd7cae6eebe4e8b1fd6ac864e974f895b3af92a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
883a584a7a1441c454e44938dd3dcd60

SHA1
d810ec8f2131e699e917d24eec3569791a020c4b

SHA256
8eb4a317582cb9f6130bd8e1dcbb193ec6fb8f150832a220a43b3c63af5815f1

SHA512
d04144187ad4bc0f923ef921ae67e2ee2c6f65e4477e792bd60932a0fbc89e3a7a15450337ad72360e9424426b3f23f4ea70c534d1e6891f129bc009ff469d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4298f93c57bf064f6c3407744ac985cd

SHA1
0f40d6189e02b8e53640d4ba60a5afd4acfff181

SHA256
fde5d3952a7d32ad32e401fd842776b8f672025cac1e8c83dab570d1d9dcdab2

SHA512
1fae98e92c81166ff0a6f8665de2f1699cc57d49941dfbff59bf8e0fb52a7de634679765b00f2f256adfb5fdd80631d22deebaeb7cce9dc647c06e73b3318286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfe9794fc961d3896d136598dea0132c

SHA1
564952b05985a218250dd26eed96550546d5b8fa

SHA256
eb2a216875c3f9dd8a493cc8b115638098cd8babbf7d7df84e5856aebca22dd8

SHA512
4b946dfc3b3ac4f690e3a532c8da13b6899bd246ddfe93495adcbea72da19e07860b11101f9c559072b7c38de715ae066fab73088df4e1e6e93eedc37579d89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f97007362260ece6f969ed8ca564e108

SHA1
2d450b4b6eff62eaa6ea2b998f112243c5b2ae4e

SHA256
8916599533a56fe6085bd64357a50f1f9c71ee3501e314fbf1607502666cc4df

SHA512
03ec28e6ec7762c3e858e74caf95745d376bdb71b795c12b9ea7d5fcf60ff8e347f87131e729b7385674c8f799b9ed0b605a03e5ea410a28cf4979a5458cf49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5027508fbebe51dc6ebcb141c4e74ef4

SHA1
5941ba4ca49080d8874b0e896b8f6e4dd2e422e0

SHA256
0916373e90c187662f5c9428d894b6403df37aa0fe453f14989d778158933d5e

SHA512
0ff47bba1878e4f47bde767098db7b6b01eaf4a285022ed655966e409f31b832665adef39a95254697018550e38749a265265fa5e2756fb832f4ba8ea4c858e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4bb17c35708da74c33ed83dd9cd4214

SHA1
2dd5cb124349e590edb2adff690dc64445565661

SHA256
e7a52a3c343812917143316b45f50cf55b0cd2908f6e6c6348e49ffeb8b5e9ff

SHA512
516274ddaa80cbb809f3dae390b6f78b857ccfa2fdb9842e21f1ff36245dae9cdb119d6d4549788bea3cc25067d90a27f25aaa25fcc2f419e56efa082a9d8026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5465904bcb7adbadfe6bf7d42061a79c

SHA1
3b4e5998cc2924c4bf6f3a74f04e987d5920d3ae

SHA256
2a9ca8e5ecb1e2f672028d6fc63821a43caf2b5ed572095e8545bfcf44300de7

SHA512
65671d2d7203b45ccc6e6a3e570a1509f879e4a5b5bbed7ca539aec8c1dee8b52fe6aa13dd49bc7caf53d548e9bb7f2c05b6b547f1730b07e218f066e36c1926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8051acda44a766b899daa721fd116a4f

SHA1
374d6870e99ceede1f551e3d67c9a5c9135bbfab

SHA256
5f1cc35f7d4645c006a5ba26b3afad3372f9afb5ef559e134848f2891836af27

SHA512
22dec95dc76b59c469d1c4cb84d97a63a36c3ad0a74f9ebfaa1811ac79533640721c9f69b67a0005e80614a471d86dbc939a633145a64e78f61866d29ed68203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b7ec0b6f02286cc9af08fc27b9cf74f0

SHA1
c8401fe754096af502baf40a6bc81c7994feabdb

SHA256
5938984ea7eaabe11115378b21debe8534efef805a2eabb58237412a3e8c88af

SHA512
98b3fdc8fdd4c72ae959a60df608e14169bd3d8c0aa6761a0743e16539ae431d50df405c4622f8c7a259a1afe80a7985919731d84680bfdbb088a5772072169a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8ff02e7649450bc4cd7509b5051025b8

SHA1
92db72abbdfc072af91a4ffe101102e02f80f551

SHA256
0c08a9c3d5d42f37d15f3d21b0a79d1b43a7f22c94fceba51ce384f3ca00d57e

SHA512
ce2c679e1b4e0cea0212aa1ae74ed3e11d9d8235594eb5eb06e57981d9ae9a1a537b7fa6fc3fa1ddeafb0cbf73016c438cb6d9c592b7df64e15171044e287996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d6b9.TMP

Filesize
203B

MD5
ab498ebe1c96ccd4c387e0eb761fdc6d

SHA1
6e0e17a14d6e195493a65c13cab8676369794190

SHA256
693b1a1678270f05036accc6884c46bc058369deaeef2f6857aaeb60f3878026

SHA512
270db01ee8f8691fcbb413cb70b49b5997199d9b78045689d5cfa16cdbfd622c14e8d30b733ddf2809426a1899402f5b2be37d218d9b07a1e989c5854cae3241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66e8585e747b05bbaf061033c77fbac2

SHA1
f372d6cd86c2f40f803179c398fe29325781e4ec

SHA256
0744eee2b8ab23449b82844e00eedff07cc6a38bb78e93ee5a8223b13b6a5c9c

SHA512
4a36ea2cd60cf7fdcc0f9cba10373179e80191bb29caf20aee37eb36e54572d7625c3f06b0c4b0661f9a9247bc73808da39c549a0d91da72332014d510ffe5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8967d8772c5f528da71369b1f2491e48

SHA1
8f4ccb7de925f23a7a56a2e3c35a67fa51e693f3

SHA256
abc47d20a50e04fb1b97104c2da9c022c622261cac179407c3ccf504e499b034

SHA512
2bf3c198bab01cab7d3b795f94ce36e54257dbb489e6647c2fd5a6a205f3c5f034c51a5e04b45daf2b144d845239313a112e4021100981071c73f797b8298da2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 711948.crdownload

Filesize
46KB

MD5
9987455160273726f5894678429d5abe

SHA1
5291675ba62eb06953ea2543d139eb8d8ba1dd4f

SHA256
1480e09300dde94453bbf45950edbd2bcee237629c59c4930ae3dffa675ca75b

SHA512
75086a0cd7c6768c1a004871ce73e2da80a4b8b55134a881729b81067610e5fc61b5db5d9f4c1840a55f7fa74a782a8d3e33df10cb37c3d50eb6d6a560e1ae1d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 794721.crdownload

Filesize
4KB

MD5
0d9406f22c33746ab08f2ae809c4e029

SHA1
f85811fbeeb303d78ed6e029593fd80ab0c15ce4

SHA256
7b4efa4e224f9a9befa780cab54fc03cdc1bc6d90d78dda68856c1b91e26b9b4

SHA512
5d047ce63a638fa81cc526be6feb755a53a168ffe03abf602d5ab084bd3b89c93e05bbe9edf4bb42c0f960765d264272a29bdd44d1b4b1b7778171ce9fe4edf2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 937457.crdownload

Filesize
22KB

MD5
064e97d007644379c202d10e85aa7b61

SHA1
67de184fe063c2ab06ca40f5704620229cf94e76

SHA256
2b9fe468dc52059f3a207414600eeb8d787423d5ea5d45bc5442a8c0158bd4e3

SHA512
2270990af3b489dc3928823289a62cdb0dceaffa0e550505dafcb749966302120896832cc722a5a138c675f4cf142ea97ea43e49f4807f0a9e2c9e16082376d2

Download Submit
C:\Users\Admin\Downloads\media_images_lubieptoszki.png:Zone.Identifier

Filesize
147B

MD5
0f9c9fd7c5b605ea356ddbc004b4e94d

SHA1
8c6a2677b7b971f825f20382293dbfc840035e54

SHA256
3b2cf8b04328866db7644a920d1999e9d1994d002d66aed15b4eb80b9499f8fb

SHA512
3f717478d8675a4ae40da80be4bd03cd4a9b48aa935e6d63f39e24f6c0664662a6ce19880487324ecc9be631a929d74d28e169b45c0f953e1686c535866f25ce

Download Submit
C:\Users\Admin\Downloads\media_images_ptakwspodniach.jpg:Zone.Identifier

Filesize
149B

MD5
3322a7c85dafccc08035022ae4afb820

SHA1
9868d4696365dd7720bcbb5cb90a5dd3907c368d

SHA256
58b5487c43a6c188a7827290c6075dab18e686ebb6a96ea8ac29b7a40e0ba821

SHA512
4e6573bca14cd8fc916b0f3e497e297a34505e88d8e28b52dd8a4a1398a0904967be7067539ce92d60d6d91230ebfefffb99fdbaf7eb11ecf6235d583511a204

Download Submit
C:\Users\Admin\Downloads\media_images_ptok.jpg:Zone.Identifier

Filesize
139B

MD5
c893d0b7d7d99ab14a099b149b4e272c

SHA1
6be788017a22f0753877ceca042902a5c90d840f

SHA256
4e199de33d4468d20a90663757e670544daf91949aeb39fe776969765cc701cb

SHA512
404e7a25baa4693971113b90e4dbad5878847a12133bfefa873c8a3cdd359ef8d5598b1d6e1f5a39c7fed034507d93fffcfda2fe2ed84b6997b23798d744f430

Download Submit
C:\Users\Admin\Downloads\media_images_zimowyptoszek.jpeg:Zone.Identifier

Filesize
149B

MD5
cd2f44186f7874c37c05c5b09cf34efa

SHA1
b83e601c069144cc85060f547015762bd147f598

SHA256
68151de124c9979412ab8e730ff2025c19cab1e1d9c4cef2ecb01106b4c8ca29

SHA512
59ffc9a3c28eaa43eaab0f30bbc3d035420696be5d00d901cd7bcdda548cb35ae7ddc4762b1caceb6b49e06de7642cf399861ac87a7c2578586d2dc977df3c7a

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request