2440eb7c63a34f15d5764d1c295e67a335cdc3ef6e34627990d64b497f2529fc

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 15:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4b766f827509935f607a28f850f7bbe_JaffaCakes118.html
Size

68KB
MD5

d4b766f827509935f607a28f850f7bbe
SHA1

ddc200ab0dde685b42801a4aa7831b55384f9afb
SHA256

2440eb7c63a34f15d5764d1c295e67a335cdc3ef6e34627990d64b497f2529fc
SHA512

de58b5e1849142166fbba15374e23f8964ef0ed17bb4525329eb73ea25bfab5acb3068f59ff2f6bce75fcaf316103b374551703a964f1bcb9af3b9de60005cbd
SSDEEP

768:JiTgcMiR3sI2PDDnX0g61weCmDmVoTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVh:JRMdSSTcNen0tbrga94hcuNnQC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431972562"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40cdcc120702db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000002e6e9f06ec25c7197fe17f109c3d7d6a10f974421c03b2c7d910a5192bda5ade000000000e80000000020000200000002fbb9698affb971b8732fa51073f40416d6822267217c4bdeec5d1bdbb41d3482000000099cf97de6782ef44d2988b4bf87e58265e5415bcf4d1f55f2c675dc6dcbd167f400000009a034e1385cb53baa65771ea4210773367feb5f4482389bc1bc63c16be774b57da977f3709c38784f1ff5aa7f1ea12cdf6c6e3e3fd2fab65d51f47fcd4365573	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000e861e92f4e9a6bf936c2a9b25275bd526a7de29bd52da39590c302d526e8d8d0000000000e8000000002000020000000070762666c927ccd86eb38b62ef01b817d7bd626ecc193ec9e20509e89922c7c90000000dc3f451ec8c6f8056a911d9a3c0d3da0f251a7ee9526f0964c84c72a5644b560a5d3e9f6be056492a1d9bbf2191be66f2f568bdd8ce2d3efa4e50b230494893c91e28e4c13f6133c10fadcc1ef5acf4eae2adc1d3a10991315fc542786632b7daa52d1fa93b1724f96b0c85b23637f0414216cb4b89b89d27e41ad1ffa7af7c0a53b065ed7cbcf48eec6e711cb0a88fd4000000084254072d9f5382a5ed16865f316d4142a15ed6765273eb4bb22f69c3d195ce8a8f339fb86ca871a08f432ba3b0d48cfce1f7f1fc0edfd42e859cae8028b2c1a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A016BF1-6DFA-11EF-9DE0-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2356	iexplore.exe
2356	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2292	2356	iexplore.exe	30
PID 2356 wrote to memory of 2292	2356	iexplore.exe	30
PID 2356 wrote to memory of 2292	2356	iexplore.exe	30
PID 2356 wrote to memory of 2292	2356	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d4b766f827509935f607a28f850f7bbe_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2292

Network

DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

img.sedoparking.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.sedoparking.com

IN A

Response

img.sedoparking.com

IN CNAME

sedo.cachefly.net

sedo.cachefly.net

IN CNAME

vip1.g5.cachefly.net

vip1.g5.cachefly.net

IN A

205.234.175.175
DNS

img.sedoparking.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.sedoparking.com

IN A
GET

http://www.google.com/adsense/domains/caf.js

IEXPLORE.EXE

Remote address:

142.250.178.4:80

Request

GET /adsense/domains/caf.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 08 Sep 2024 15:51:40 GMT
Expires: Sun, 08 Sep 2024 15:51:40 GMT
Cache-Control: private, max-age=3600
ETag: "5584543975045443961"
X-Content-Type-Options: nosniff
Link: <https://syndicatedsearch.goog>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
GET

http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

IEXPLORE.EXE

Remote address:

205.234.175.175:80

Request

GET /js/jquery-1.11.3.custom.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.sedoparking.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 08 Sep 2024 15:51:41 GMT
Content-Type: application/x-javascript
Content-Length: 25176
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Expires: Mon, 09 Sep 2024 15:51:41 GMT
X-CFHash: "7dd2fc9525d32ef5c44abe9036c98ad1"
X-CFF: B
Last-Modified: Thu, 28 Jun 2018 13:09:28 GMT
Vary: Accept-Encoding
X-CF3: H
CF4Age: 0
x-cf-tsc: 1685886798
CF4ttl: 31536000.000
Content-Encoding: gzip
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 09931854ea233f9b28e370de9c4a5fc6
X-CF1: 11696:fO.lon1:cf:nom:cacheN.lon1-01:H
Accept-Ranges: bytes
DNS

partner.googleadservices.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A

Response

partner.googleadservices.com

IN A

216.58.201.98
DNS

syndicatedsearch.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

142.250.179.238
GET

https://partner.googleadservices.com/gampad/cookie.js?domain=&client=dp-sedo80_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

IEXPLORE.EXE

Remote address:

216.58.201.98:443

Request

GET /gampad/cookie.js?domain=&client=dp-sedo80_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: partner.googleadservices.com
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 08 Sep 2024 15:51:43 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://syndicatedsearch.goog/afs/ads/i/iframe.html

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /afs/ads/i/iframe.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Security-Policy: script-src 'nonce-GJqDRUp7newnJOzkCG1N3w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 08 Sep 2024 15:51:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Tue, 12 Mar 2024 06:00:00 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://syndicatedsearch.goog/afs/ads?adtest=off&channel=exp-0051%2Cauxa-control-1%2C329448&client=dp-sedo80_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fwww.webpromoexpert.com%2Fcaf%2F%3Fses%3DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%3D%3D&type=3&uiopt=false&swp=as-drid-2961614526284296&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r10%7Cs&nocache=9671725810701280&num=0&output=afd_ads&v=3&preload=true&bsl=8&pac=0&u_his=1&u_tz=0&dt=1725810701285&u_w=1280&u_h=720&biw=1280&bih=626&psw=1280&psh=102&frm=0&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=670534788&rurl=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /afs/ads?adtest=off&channel=exp-0051%2Cauxa-control-1%2C329448&client=dp-sedo80_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fwww.webpromoexpert.com%2Fcaf%2F%3Fses%3DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%3D%3D&type=3&uiopt=false&swp=as-drid-2961614526284296&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r10%7Cs&nocache=9671725810701280&num=0&output=afd_ads&v=3&preload=true&bsl=8&pac=0&u_his=1&u_tz=0&dt=1725810701285&u_w=1280&u_h=720&biw=1280&bih=626&psw=1280&psh=102&frm=0&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=670534788&rurl=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsIkJD3tgYQ5bnpbBIEwm4NRg
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4cvrh0laFUz-JpdH8zeK8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
Date: Sun, 08 Sep 2024 15:51:44 GMT
Server: gws
Content-Length: 1479
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://syndicatedsearch.goog/afs/ads/i/iframe.html

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /afs/ads/i/iframe.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: syndicatedsearch.goog
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Security-Policy: script-src 'nonce-wtMk4lwSfEx-MV0oEd8tkA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 08 Sep 2024 15:51:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Tue, 12 Mar 2024 06:00:00 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 08 Sep 2024 15:24:07 GMT
Expires: Sun, 08 Sep 2024 16:14:07 GMT
Cache-Control: public, max-age=3000
Age: 1656
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 08 Sep 2024 15:24:07 GMT
Expires: Sun, 08 Sep 2024 16:14:07 GMT
Cache-Control: public, max-age=3000
Age: 1656
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 08 Sep 2024 15:24:07 GMT
Expires: Sun, 08 Sep 2024 16:14:07 GMT
Cache-Control: public, max-age=3000
Age: 1656
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAi5sB5HKk%2FgqAT2iFwXnF

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAi5sB5HKk%2FgqAT2iFwXnF HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 08 Sep 2024 15:18:43 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1980
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 08 Sep 2024 14:53:09 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3515
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEE9IPUMDvuEDEFrb7EP%2BJKM%3D

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEE9IPUMDvuEDEFrb7EP%2BJKM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 08 Sep 2024 15:33:57 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1066
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 08 Sep 2024 15:48:07 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 217
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAi5sB5HKk%2FgqAT2iFwXnF

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAi5sB5HKk%2FgqAT2iFwXnF HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 08 Sep 2024 15:18:43 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1980
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

IEXPLORE.EXE

Remote address:

142.250.179.227:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 08 Sep 2024 15:48:07 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 217
GET

https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Sun, 08 Sep 2024 15:51:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 6082
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api.js

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /recaptcha/api.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/javascript; charset=utf-8
Expires: Sun, 08 Sep 2024 15:51:44 GMT
Date: Sun, 08 Sep 2024 15:51:44 GMT
Cache-Control: private, max-age=300
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=RrfBihPFDnFII-yE6LDGummPbDbvCAzXPmWheCHiMaUV_qkBUUJEShIvWiYw7U2RTh3k6MlxihhJ5Vqpij7NMqQqgsXAZmkkaqEkWlxLn9QbzLaVT9-I13L2y185DZjk8jD-8daabhNoPdhDxJfcrTiX08RRAbMJUPTOkvxI3dMS1UFFzydSWBkG2Bwqm046smQUqVqmF8paPxRpMI6C0WCSZ_QQXDBRS1mYYD2p9G3OP4qMDi8SSM654YPdtEVdI_mMlC35lxmW8f9eS9k6ANixZhM03OQ&cb=nj53knoum6ce

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=RrfBihPFDnFII-yE6LDGummPbDbvCAzXPmWheCHiMaUV_qkBUUJEShIvWiYw7U2RTh3k6MlxihhJ5Vqpij7NMqQqgsXAZmkkaqEkWlxLn9QbzLaVT9-I13L2y185DZjk8jD-8daabhNoPdhDxJfcrTiX08RRAbMJUPTOkvxI3dMS1UFFzydSWBkG2Bwqm046smQUqVqmF8paPxRpMI6C0WCSZ_QQXDBRS1mYYD2p9G3OP4qMDi8SSM654YPdtEVdI_mMlC35lxmW8f9eS9k6ANixZhM03OQ&cb=nj53knoum6ce HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 08 Sep 2024 15:51:45 GMT
Content-Security-Policy: script-src 'nonce-pOLpKk-1Cb4tLf8mC9hd9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.google.com/js/bg/qLq38Zrf56y7hQys4BMHbS-LctcQWqsnuLwykCOuNr8.js

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /js/bg/qLq38Zrf56y7hQys4BMHbS-LctcQWqsnuLwykCOuNr8.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=RrfBihPFDnFII-yE6LDGummPbDbvCAzXPmWheCHiMaUV_qkBUUJEShIvWiYw7U2RTh3k6MlxihhJ5Vqpij7NMqQqgsXAZmkkaqEkWlxLn9QbzLaVT9-I13L2y185DZjk8jD-8daabhNoPdhDxJfcrTiX08RRAbMJUPTOkvxI3dMS1UFFzydSWBkG2Bwqm046smQUqVqmF8paPxRpMI6C0WCSZ_QQXDBRS1mYYD2p9G3OP4qMDi8SSM654YPdtEVdI_mMlC35lxmW8f9eS9k6ANixZhM03OQ&cb=nj53knoum6ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 11213
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 06 Sep 2024 13:33:14 GMT
Expires: Sat, 06 Sep 2025 13:33:14 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 26 Aug 2024 15:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 181111
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=RrfBihPFDnFII-yE6LDGummPbDbvCAzXPmWheCHiMaUV_qkBUUJEShIvWiYw7U2RTh3k6MlxihhJ5Vqpij7NMqQqgsXAZmkkaqEkWlxLn9QbzLaVT9-I13L2y185DZjk8jD-8daabhNoPdhDxJfcrTiX08RRAbMJUPTOkvxI3dMS1UFFzydSWBkG2Bwqm046smQUqVqmF8paPxRpMI6C0WCSZ_QQXDBRS1mYYD2p9G3OP4qMDi8SSM654YPdtEVdI_mMlC35lxmW8f9eS9k6ANixZhM03OQ&cb=nj53knoum6ce
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/javascript; charset=utf-8
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Expires: Sun, 08 Sep 2024 15:51:45 GMT
Date: Sun, 08 Sep 2024 15:51:45 GMT
Cache-Control: private, max-age=300
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 08 Sep 2024 15:51:50 GMT
Content-Security-Policy: script-src 'nonce-lNFqfPFJLXvT_-Q9nbxAfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

142.250.178.4:80

www.google.com

IEXPLORE.EXE

236 B
92 B
5
2
142.250.178.4:80

http://www.google.com/adsense/domains/caf.js

http

IEXPLORE.EXE

1.6kB
57.9kB
29
46

HTTP Request

GET http://www.google.com/adsense/domains/caf.js

HTTP Response

200
205.234.175.175:80

http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

http

IEXPLORE.EXE

1.1kB
26.7kB
17
23

HTTP Request

GET http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

HTTP Response

200
205.234.175.175:80

img.sedoparking.com

IEXPLORE.EXE

236 B
132 B
5
3
216.58.201.98:443

partner.googleadservices.com

tls

IEXPLORE.EXE

978 B
4.5kB
11
9
216.58.201.98:443

https://partner.googleadservices.com/gampad/cookie.js?domain=&client=dp-sedo80_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

tls, http

IEXPLORE.EXE

1.5kB
5.6kB
14
12

HTTP Request

GET https://partner.googleadservices.com/gampad/cookie.js?domain=&client=dp-sedo80_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

HTTP Response

400
142.250.179.238:443

syndicatedsearch.goog

tls

IEXPLORE.EXE

784 B
4.5kB
10
8
142.250.179.238:443

syndicatedsearch.goog

tls

IEXPLORE.EXE

784 B
4.5kB
10
8
142.250.179.238:443

https://syndicatedsearch.goog/afs/ads/i/iframe.html

tls, http

IEXPLORE.EXE

3.1kB
14.1kB
22
24

HTTP Request

GET https://syndicatedsearch.goog/afs/ads/i/iframe.html

HTTP Response

200

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adtest=off&channel=exp-0051%2Cauxa-control-1%2C329448&client=dp-sedo80_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fwww.webpromoexpert.com%2Fcaf%2F%3Fses%3DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%3D%3D&type=3&uiopt=false&swp=as-drid-2961614526284296&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r10%7Cs&nocache=9671725810701280&num=0&output=afd_ads&v=3&preload=true&bsl=8&pac=0&u_his=1&u_tz=0&dt=1725810701285&u_w=1280&u_h=720&biw=1280&bih=626&psw=1280&psh=102&frm=0&uio=--&cont=rb-default&drt=0&jsid=caf&jsv=670534788&rurl=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html

HTTP Response

302

HTTP Request

GET https://syndicatedsearch.goog/afs/ads/i/iframe.html

HTTP Response

200
142.250.179.227:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.179.227:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.179.227:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.179.227:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

http

IEXPLORE.EXE

890 B
3.1kB
9
6

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAi5sB5HKk%2FgqAT2iFwXnF

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

HTTP Response

200
142.250.179.227:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

http

IEXPLORE.EXE

888 B
3.1kB
9
6

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEE9IPUMDvuEDEFrb7EP%2BJKM%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

HTTP Response

200
142.250.179.227:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

http

IEXPLORE.EXE

886 B
3.1kB
9
6

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAi5sB5HKk%2FgqAT2iFwXnF

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

HTTP Response

200
142.250.178.4:443

https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b

tls, http

IEXPLORE.EXE

10.7kB
64.4kB
44
63

HTTP Request

GET https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26channel%3Dexp-0051%252Cauxa-control-1%252C329448%26client%3Ddp-sedo80_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fwww.webpromoexpert.com%252Fcaf%252F%253Fses%253DY3JlPTE1MTU4MTQ5NzkmdGNpZD13d3cud2VicHJvbW9leHBlcnQuY29tNWE1OTgwNDM3NTRiYTcuNTA5NTc0MjgmZmtpPTAmdGFzaz1zZWFyY2gmZG9tYWluPXdlYnByb21vZXhwZXJ0LmNvbSZsYW5ndWFnZT1lbiZhX2lkPTMmc2Vzc2lvbj1mRGtVbjJscERIREJjMDFieTJhNw%253D%253D%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2961614526284296%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr10%257Cs%26nocache%3D9671725810701280%26num%3D0%26output%3Dafd_ads%26v%3D3%26preload%3Dtrue%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D0%26dt%3D1725810701285%26u_w%3D1280%26u_h%3D720%26biw%3D1280%26bih%3D626%26psw%3D1280%26psh%3D102%26frm%3D0%26uio%3D--%26cont%3Drb-default%26drt%3D0%26jsid%3Dcaf%26jsv%3D670534788%26rurl%3Dfile%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252Fd4b766f827509935f607a28f850f7bbe_JaffaCakes118.html&hl=en&q=EgTCbg1GGI-Q97YGIjBlJNLUZ56MKbk09dVoiMJZ_E9kda_hUxE3VmPfa73zvGrNXrpsjR-gxZcyY2ZHENQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429

HTTP Request

GET https://www.google.com/recaptcha/api.js

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=RrfBihPFDnFII-yE6LDGummPbDbvCAzXPmWheCHiMaUV_qkBUUJEShIvWiYw7U2RTh3k6MlxihhJ5Vqpij7NMqQqgsXAZmkkaqEkWlxLn9QbzLaVT9-I13L2y185DZjk8jD-8daabhNoPdhDxJfcrTiX08RRAbMJUPTOkvxI3dMS1UFFzydSWBkG2Bwqm046smQUqVqmF8paPxRpMI6C0WCSZ_QQXDBRS1mYYD2p9G3OP4qMDi8SSM654YPdtEVdI_mMlC35lxmW8f9eS9k6ANixZhM03OQ&cb=nj53knoum6ce

HTTP Response

200

HTTP Request

GET https://www.google.com/js/bg/qLq38Zrf56y7hQys4BMHbS-LctcQWqsnuLwykCOuNr8.js

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY

HTTP Response

200

HTTP Request

GET https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.9kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

img.sedoparking.com

dns

IEXPLORE.EXE

130 B
134 B
2
1

DNS Request

img.sedoparking.com

DNS Request

img.sedoparking.com

DNS Response

205.234.175.175
8.8.8.8:53

partner.googleadservices.com

dns

IEXPLORE.EXE

74 B
90 B
1
1

DNS Request

partner.googleadservices.com

DNS Response

216.58.201.98
8.8.8.8:53

syndicatedsearch.goog

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

syndicatedsearch.goog

DNS Response

142.250.179.238
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.179.227
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.179.227
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.179.227
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.179.227
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.179.227
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.179.227

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9413f19ff405ded437bdf9bf5f4155e

SHA1
8f71ec0143ee71f0dc55fedb68b68c1dd8638e7c

SHA256
1dbca90eef511cf54f993a5d41fb10d4cb7854c6d6a8329064df2fbb99fb7153

SHA512
4cb25a6d4fbcf145b45ab7912ea9e7858c9c9ec04ebb151b2b7c7d4be303b5da1eb4467534780315f522f7403917c679c7a50ebc6b0c00221630e736960b3af3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38a2afc3d0770344959bb12d0dbdb81b

SHA1
ad881f0f04d4300c5f23652af58498d94fcd56ac

SHA256
88c95e2a4c8dd07798a50d9163eea4faff79317c029573b240807c5dc93c2c32

SHA512
77175c2c23b7c054b0145f919d5ec2b1f00d6f21335984a4114ce66287e31b6404f8df39008e782a90aa81f1cf463ef5d5928ddaa7a8def9e99a8b7448d550e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e1b757e52bbbfe69335006baa518e3b

SHA1
e0bd9246f9b9bf421976484f0cda0529d22e9a62

SHA256
bdf7fed660f1739c6e4ff6689449aa648ba925da91ed936d887f29ba9eabf8f0

SHA512
496e92671fc3f7d1adc3d83c640c6e92a2bf53a56b0ad6011e4cff6583b9a21088ac0afba76ce8facc0af88952fd30bf3a28319784a1598cfc1b34906af483e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c46f29dc0fe26f7feb718af1d1047e55

SHA1
5ffff0e52e74bef0623c6dc712e1b600d7ea98ba

SHA256
13e0bb1d79e7641d5988752a4baa7ddb0b9d3d306e456f2056fcdec39bb3dd2b

SHA512
e8ef1d6c9b40cd6c26183c50a7ac270200a5a6c1ef1b6915f98756c14ebf52444d4f148f2970822aee12d65369db95cd060c2e7581ca28165264543dc51c964e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
914174d980214e08807f2755971725fd

SHA1
89c7426659402317831138baa88311589e580066

SHA256
a5a7305a488ec8ce74e9377f44583a70a8b62daf672c78ee30b4ab8bcbd74b23

SHA512
a01c272e2677707158f9356300427032700233ea9a6dca23aa70a30f874e6b0831f0eaab8ff4822ecd4883f1d9b40b6ce6b63799286ffe0763cca0ab6af41a38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd1efe66e35b851a279ab58a80b32a51

SHA1
3cb99f374fd3458d08f76e32965476ea99ace076

SHA256
d99774a29b37fdfa25f90351fca6068689b754d400e1c01a9b7d11cb236874a7

SHA512
1bfc32de81626bebb334be2b11b3cdc4e405def31263ed92c088b55ddde977f27446de0d6e51367e30f13aade36462275c8416a07be66ef1089ea4112b5fd072

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8fdbba990d455e7d2d6151ee626b990

SHA1
5993b5aaffa4929f52713ede5ca8df0bd416b131

SHA256
74a4e0c327170a9c7b9058dd0f61c8f0377899536446744478d651dbb78e4d66

SHA512
2f763cb58a36086c9c5cfb47235c8c63615519a6f309c48ff089e988c36f0841a3b855dfe571ea10ac550792f406ec57ad101f9119a5563348e7dd04d595d6c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0456ca86af72d271abeeb8047eab80d

SHA1
0fccbf3053efed1ef67dd8b5dc86ebd5911d6e2f

SHA256
03286003a56fd4dd231a1406dd101fd63e14015512468e30b4b1ba8d6e56843d

SHA512
2ab01c2260cbf9a5fc05da7d6383c40a96e92699fdf812395680e3e966ec361122d7a426b63644f7e7771bb3a58d0f58afb83f5bfc6d22c48754b16ada4601cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
911333b6001a6a705853f39575f16afa

SHA1
8bec4c5ceece9e0fddef17d72809e228a6786be5

SHA256
1b15dadd1ec35c2d9a6dec40c88851fdd713e8ab7ec7c43346caaded018ddb46

SHA512
bd9bbe670653caf38363e442b4e005f9de398655730272a0a77fcc0fa8823171c8ba159a3fb5c4b55e5289ace765728016f2efbfebb2f5fa84d1b8e79a5d436c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3c066ed86590f2e1992cd80e339fe3d

SHA1
e91ba8f803a27d370d1a4f42e34c695ce391e23f

SHA256
2329a705cc23b70f93053f1a3eb9a2140158da16bf79a173045df9c22fe655f9

SHA512
40b2a81edde2dbcbd026cf5e27fa0ec6422f52b02591a05d95a1ca44c890cc4a01023f4135a233c795e7cde39aa90045d97f401535cf7df00d515efc5f3cfab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e80806e49435d73050388cec236132c5

SHA1
68211a6c29c355224a6e93d6bfa6c4f49157e18d

SHA256
e511c87f61a67892250e5eb66bc3e4eb578dabe3d2b6b2a7b2d7c03aed41bdef

SHA512
e3baff4f607c37da8d7c81c7acaa009ce52801783a3de85fb9b75c25fc78221328eb5d26855aa5684993f982be7654e8bcc6922508208a3711b6ef09e4e3ada9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eef4aa7adf2259902504b991c6ab24d1

SHA1
9865a0c9efe24e6e60386868e4ad153fd15b2bf3

SHA256
aa76217aac866cc0bc5058f60262f1309a26f76932732ce7387addd9cda873b0

SHA512
bbd73df4a235fad3f0f78a81cc5dd1e3f588ee9e41c93c344e3ef3eb5841be5bef6cb31aed42bc7a635f3b96984ce48909ca4e1af66be726ed6ceeca4d177b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c764605c44d466c669604d32b788f44

SHA1
846752132b72bb313418c4a8de9cc0af0b7529d7

SHA256
22aa6a7f273df3253c00dd547f17ecc7ded58b80f599529d123173955d798b23

SHA512
3c557045493b364aa95a153152128d9b4ebacc61299f67b481684afa53e5a43d3df9da0ea0bd12b7f656ff42bea20d343c4defda4600af39511a6ca49a101c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a9fc09b9a209e1393e8f33d8ff28bb5

SHA1
1055d9c58b14a0aa0d203567a3bf47c98530a144

SHA256
54d89af1dc19ee5ebb37562701da74e97ec8abd442ca6fa44c2d61a8212ffa75

SHA512
50433b7ffe4081e1c9a8b64ad83ac3a1e8854ca3ccd60c1e5b4cd64e83ee9049f96087d1505f67cfb0f07c41268510d8d07608794a65fc3350a8ad1b7d902d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40857dbdaf4613301cf437495a09108b

SHA1
037422244f89d6c76dba75e37ceee68799c9ddf0

SHA256
c0168ddc7a237e0daa258e5420a3a65ed3b50bdafb24d96ce8476425c7a6ca62

SHA512
7280e70d5f2d6bd6ae86610e38bb0b131721498e5b2712c84cbea4d27f3fe6830e10ebe49dda9f96e243a599d32d331ef44220e787d2aa4da72572a5d92fb104

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b337922e5d94b37d36906b7420ff473f

SHA1
90e28e8c1f1b9faec8d019c0b733ee37441ff084

SHA256
7147ba8edddc6c38024eb478d9892e8d6b2578ff8a80f975e541e28e3e8ec355

SHA512
d61acd7f1cfdf102827d9a5a0c2f88e7bdb939e13a5e0b7dfdfedad9cd1fa8c31b3c581aebb81b616bc914955f58f9a17220c94aba4072a247bbecca331f7dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77525c8c20b1526c310d621d8dbbd752

SHA1
77379b7f411ed0d8e420ed1bd2dd7bfd4b4031e1

SHA256
7f3adfa0f4f58c0fcb6a1418b80221dba1c9821ac47ae214eff8883ac5a4d49e

SHA512
7335237fcc6c89817a8287664fb651a6ab57ffab7908d72f6d8ad7ef5f752823266056815611246b4c499747d17b5bd4e3627f3e53ccd4ba2da8454b1822cdbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdb0b6b250ce197d5ec21d2fac08ae91

SHA1
7b82f1be44531f9469023d13310c85fddf612b01

SHA256
ffee7b4757c9d91d302f3ceee1677680fe639dabc2f379fdbc0bbbcff2d5ebe1

SHA512
e830ee3695b828bd2cbfc0b40436bcc62b8eb2363b03816afcceb0ff86f5082e27d858d78f02b8c0346da54770bd8820fd8fcb9f59947fe291cdbe1bcd6025b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edb9e961e1ccc714313d68ee69f4783c

SHA1
361b9d85820c97abf840038cbe136c9160a8ec01

SHA256
e1cd90394128d84e7077ff4226890f701dc864bd6c4a927490d2472ba25e2de9

SHA512
d6be7e6aaaaf3418ddeaa7bf30c765747b7aa72cf37354245e2ebf99bf463131884f465363fc584b0160ffc6816159dd206d6d45f3508c4ef702f580c1128fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\styles__ltr[1].css

Filesize
55KB

MD5
4adccf70587477c74e2fcd636e4ec895

SHA1
af63034901c98e2d93faa7737f9c8f52e302d88b

SHA256
0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

SHA512
d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\recaptcha__en[1].js

Filesize
537KB

MD5
c7be68088b0a823f1a4c1f77c702d1b4

SHA1
05d42d754afd21681c0e815799b88fbe1fbabf4e

SHA256
4943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3

SHA512
cb76505845e7fc0988ade0598e6ea80636713e20209e1260ee4413423b45235f57cb0a33fca7baf223e829835cb76a52244c3197e4c0c166dad9b946b9285222

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDAD6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDAD9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.