hxxp://minghui[.]org/mh/articles/2021/6/4/一家八人三退的故事-424249p[.]html

Analysis

max time kernel
106s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2023, 06:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://minghui.org/mh/articles/2021/6/4/一家八人三退的故事-424249p.html

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4122298718"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31023435"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d00000000020000000000106600000001000020000000306e121a37889632add06b2bf264e6fce75d1722bfcf4adfb7206c71f714bc1b000000000e80000000020000200000008619b17726f113bb3d0445c39fa03526f1c04d0a6f68fc5bb50e6628f461a9fc200000007590898828cd9dba5f2da3338bfeeb846fc55e2c38dfd6b10317a4b1c0f6b9194000000037bf616c15a6ef86a9e14b647eb94b02babc036c4a70b8c3a31797481c687733e792910ca310dc45fb5bfc71fc8d8996d1c2f9bf316d777eea67e5c08edd458d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000004a22c44d574e681ca33b9033e3bebd0373f3c1ff42daa2665a22096b14fd0c5f000000000e80000000020000200000009bf0efc2e788a7a059040521255732148a0fd82bd9da2b20e1160fe6bb26990d20000000c6160c12099dea03539eba4e6f7d7a7469ea7cb77b1457121cbfe1ad98bee4dd40000000445987616001231dafcc363150b7f1d889b81720ed9ef3f3ddfc3a74c69c1a306f9fdaca578f60305b1f3f84283246d2fb7a0426a78578795ef5c32f14df6a95	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4122298718"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31023435"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1009d6fb4b61d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d065ebfb4b61d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "386755628"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{20BF0D5C-CD3F-11ED-B7D7-62507EA95193} = "0"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5072	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5072	iexplore.exe
5072	iexplore.exe
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 2284	5072	iexplore.exe	85
PID 5072 wrote to memory of 2284	5072	iexplore.exe	85
PID 5072 wrote to memory of 2284	5072	iexplore.exe	85

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://minghui.org/mh/articles/2021/6/4/一家八人三退的故事-424249p.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5072 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2284

Network

DNS

minghui.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

minghui.org

IN A

Response

minghui.org

IN A

35.186.197.152
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

254.3.248.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.3.248.8.in-addr.arpa

IN PTR

Response
GET

http://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

IEXPLORE.EXE

Remote address:

35.186.197.152:80

Request

GET /mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: minghui.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Content-Length: 162
Location: https://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
Via: 1.1 google
Date: Tue, 28 Mar 2023 05:57:07 GMT
Content-Type: text/html
Age: 430
DNS

123.108.74.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.108.74.40.in-addr.arpa

IN PTR

Response
DNS

152.197.186.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.197.186.35.in-addr.arpa

IN PTR

Response

152.197.186.35.in-addr.arpa

IN PTR

15219718635bcgoogleusercontentcom
GET

https://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html HTTP/2.0
host: minghui.org
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 301

server: nginx
location: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
x-content-type-options: nosniff
via: 1.1 google
date: Tue, 28 Mar 2023 05:57:07 GMT
cache-control: : max-age=60
content-type: text/html
content-length: 162
age: 438
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www.minghui.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.minghui.org

IN A

Response

www.minghui.org

IN A

35.186.197.152
GET

https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html HTTP/2.0
host: www.minghui.org
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:25 GMT
content-type: text/html
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: : max-age=60
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/master.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/master.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 03:27:53 GMT
last-modified: Sun, 09 May 2010 09:19:14 GMT
etag: W/"4be67e12-f0b"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1316
age: 95793
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/p7pmm/p7PMMh04.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/p7pmm/p7PMMh04.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:03 GMT
last-modified: Sun, 09 Dec 2012 03:24:53 GMT
etag: W/"50c40485-15b4"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1144
age: 82223
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/p7hgm/p7hgm04.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/p7hgm/p7hgm04.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 03:27:53 GMT
last-modified: Sat, 05 Jun 2010 23:23:00 GMT
etag: W/"4c0adc54-15bb"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1326
age: 95793
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/p7irm/p7IRM01.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/p7irm/p7IRM01.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:06 GMT
last-modified: Sun, 15 Dec 2013 17:46:56 GMT
etag: W/"52adeb10-472"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 478
age: 82220
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/liquidcarousel.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/liquidcarousel.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: text/css
last-modified: Mon, 25 Oct 2021 02:30:01 GMT
vary: Accept-Encoding,Accept-Encoding
etag: W/"617616a9-47b"
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/scripts/swfobject.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/scripts/swfobject.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: none
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/p7pmm/p7PMMscripts.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/p7pmm/p7PMMscripts.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
content-length: 656
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: bytes
via: 1.1 google
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/p7hgm/p7HGMscripts.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/p7hgm/p7HGMscripts.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:09 GMT
last-modified: Mon, 11 Oct 2021 01:28:26 GMT
etag: W/"6163933a-6a1"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 837
age: 82217
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/p7irm/p7IRMscripts.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/p7irm/p7IRMscripts.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:10 GMT
last-modified: Wed, 28 Jan 2015 17:10:56 GMT
etag: W/"54c91820-101b"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1364
age: 82216
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/js/jquery-1.8.2.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/js/jquery-1.8.2.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:10 GMT
last-modified: Sat, 14 Oct 2017 12:58:17 GMT
etag: W/"59e209e9-15fb"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1545
age: 82216
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/js/jquery-ui-1.9.0.custom.min.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/js/jquery-ui-1.9.0.custom.min.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:10 GMT
last-modified: Wed, 14 Jul 2021 09:27:28 GMT
etag: W/"60eeae00-c4f"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 917
age: 82216
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/js/article.js

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/js/article.js HTTP/2.0
host: www.minghui.org
accept: application/javascript, */*;q=0.8
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:10 GMT
last-modified: Wed, 14 Jul 2021 09:27:28 GMT
etag: W/"60eeae00-132a"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1214
age: 82216
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/reset.css?v=20211024

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/reset.css?v=20211024 HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:10 GMT
last-modified: Sat, 28 Feb 2015 17:35:02 GMT
etag: W/"54f1fc46-b0f"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 944
age: 82216
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/global.css?v=20210723

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/global.css?v=20210723 HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-length: 102
x-content-type-options: nosniff
accept-ranges: bytes
via: 1.1 google
date: Thu, 23 Mar 2023 17:46:42 GMT
age: 389864
last-modified: Fri, 09 Aug 2013 03:00:06 GMT
etag: "52045b36-66"
content-type: text/css
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/frontpage.css?v=20200714a

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/frontpage.css?v=20200714a HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 03:27:57 GMT
last-modified: Mon, 02 Mar 2015 03:38:00 GMT
etag: W/"54f3db18-743"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 759
age: 95789
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/todaynews.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/todaynews.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-length: 917
x-content-type-options: nosniff
accept-ranges: bytes
via: 1.1 google
date: Thu, 23 Mar 2023 17:46:42 GMT
age: 389864
last-modified: Tue, 03 Nov 2015 13:04:01 GMT
etag: "5638b0c1-395"
content-type: text/css
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/articlepage.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/articlepage.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 07:14:10 GMT
last-modified: Tue, 17 Mar 2015 05:14:08 GMT
etag: W/"5507b820-1836"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1086
age: 82216
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/article_review.css?v=20210714

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/article_review.css?v=20210714 HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 03:27:57 GMT
last-modified: Sat, 01 Aug 2015 18:55:44 GMT
etag: W/"55bd1630-1c78"
content-type: text/css
vary: Accept-Encoding,Accept-Encoding
content-length: 1562
age: 95789
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/categorypage.css?v=20210714

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/categorypage.css?v=20210714 HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: none
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/fp_featured-content-slider.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/fp_featured-content-slider.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: none
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/misc.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/misc.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: none
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/ie.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/ie.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: none
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/jingwenpage.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/jingwenpage.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: application/javascript
last-modified: Tuesday, 28-Mar-2023 06:04:26 GMT
accept-ranges: none
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
cache-control: private,no-store,no-cache,must-revalidate,proxy-revalidate,max-age=0,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/articlepagev2.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/articlepagev2.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: text/css
last-modified: Fri, 23 Jul 2021 14:32:35 GMT
vary: Accept-Encoding,Accept-Encoding
etag: W/"60fad303-27e6"
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/yeararticle.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/yeararticle.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: text/css
last-modified: Fri, 12 Mar 2021 23:06:50 GMT
vary: Accept-Encoding,Accept-Encoding
etag: W/"604bf40a-209c"
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/articleprint.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/articleprint.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: text/css
last-modified: Mon, 13 Jul 2020 23:27:38 GMT
vary: Accept-Encoding,Accept-Encoding
etag: W/"5f0cedea-9a19"
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/pub/cmh2015/css/sujiang.css

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /pub/cmh2015/css/sujiang.css HTTP/2.0
host: www.minghui.org
accept: text/css, */*
referer: https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Tue, 28 Mar 2023 06:04:26 GMT
content-type: text/css
last-modified: Mon, 05 Nov 2018 07:45:49 GMT
vary: Accept-Encoding,Accept-Encoding
etag: W/"5bdff52d-4717"
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.minghui.org/favicon.ico

IEXPLORE.EXE

Remote address:

35.186.197.152:443

Request

GET /favicon.ico HTTP/2.0
host: www.minghui.org
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

server: nginx
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 google
content-encoding: gzip
date: Mon, 27 Mar 2023 02:03:50 GMT
last-modified: Wed, 02 Jan 2013 05:39:53 GMT
etag: W/"50e3c829-47e"
content-type: image/x-icon
vary: Accept-Encoding
content-length: 860
age: 100837
cache-control: :,max-age=60,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

64.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.13.109.52.in-addr.arpa

IN PTR

Response
DNS

154.25.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.25.221.88.in-addr.arpa

IN PTR

Response

154.25.221.88.in-addr.arpa

IN PTR

a88-221-25-154deploystaticakamaitechnologiescom
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet

35.186.197.152:80

minghui.org

IEXPLORE.EXE

156 B
3
35.186.197.152:80

http://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

http

IEXPLORE.EXE

649 B
640 B
6
4

HTTP Request

GET http://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

HTTP Response

301
35.186.197.152:443

minghui.org

IEXPLORE.EXE

156 B
3
35.186.197.152:443

https://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

tls, http2

IEXPLORE.EXE

1.5kB
5.3kB
19
14

HTTP Request

GET https://minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

HTTP Response

301
35.186.197.152:443

www.minghui.org

IEXPLORE.EXE

156 B
3
35.186.197.152:443

https://www.minghui.org/favicon.ico

tls, http2

IEXPLORE.EXE

15.7kB
234.4kB
274
249

HTTP Request

GET https://www.minghui.org/mh/articles/2021/6/4/%E4%B8%80%E5%AE%B6%E5%85%AB%E4%BA%BA%E4%B8%89%E9%80%80%E7%9A%84%E6%95%85%E4%BA%8B-424249p.html

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/master.css

HTTP Request

GET https://www.minghui.org/pub/p7pmm/p7PMMh04.css

HTTP Request

GET https://www.minghui.org/pub/p7hgm/p7hgm04.css

HTTP Request

GET https://www.minghui.org/pub/p7irm/p7IRM01.css

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/liquidcarousel.css

HTTP Request

GET https://www.minghui.org/pub/scripts/swfobject.js

HTTP Request

GET https://www.minghui.org/pub/p7pmm/p7PMMscripts.js

HTTP Request

GET https://www.minghui.org/pub/p7hgm/p7HGMscripts.js

HTTP Request

GET https://www.minghui.org/pub/p7irm/p7IRMscripts.js

HTTP Request

GET https://www.minghui.org/pub/cmh2015/js/jquery-1.8.2.js

HTTP Request

GET https://www.minghui.org/pub/cmh2015/js/jquery-ui-1.9.0.custom.min.js

HTTP Request

GET https://www.minghui.org/pub/cmh2015/js/article.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/reset.css?v=20211024

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/global.css?v=20210723

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/frontpage.css?v=20200714a

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/todaynews.css

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/articlepage.css

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/article_review.css?v=20210714

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/categorypage.css?v=20210714

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/fp_featured-content-slider.css

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/misc.css

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/ie.css

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/jingwenpage.css

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/articlepagev2.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/yeararticle.css

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/articleprint.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.minghui.org/pub/cmh2015/css/sujiang.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.minghui.org/favicon.ico

HTTP Response

200
35.186.197.152:443

www.minghui.org

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.0kB
15
13
173.223.113.164:443

322 B
7

8.8.8.8:53

minghui.org

dns

IEXPLORE.EXE

57 B
73 B
1
1

DNS Request

minghui.org

DNS Response

35.186.197.152
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

254.3.248.8.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

254.3.248.8.in-addr.arpa
8.8.8.8:53

123.108.74.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

123.108.74.40.in-addr.arpa
8.8.8.8:53

152.197.186.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

152.197.186.35.in-addr.arpa
8.8.8.8:53

www.minghui.org

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

www.minghui.org

DNS Response

35.186.197.152
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

200.232.18.117.in-addr.arpa

dns

365 B
5

DNS Request

200.232.18.117.in-addr.arpa

DNS Request

200.232.18.117.in-addr.arpa

DNS Request

200.232.18.117.in-addr.arpa

DNS Request

200.232.18.117.in-addr.arpa

DNS Request

200.232.18.117.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

64.13.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

64.13.109.52.in-addr.arpa
8.8.8.8:53

154.25.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

154.25.221.88.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
bb4cd9db319e8007cd72aa17af4b76a0

SHA1
8951973b028c09c71a792feff54e3096454a8c42

SHA256
aca8049efb96040e2124d06db9c9b2f3c5ce4166c831dabaa421e14cb5da1295

SHA512
6187a2b310a672f9080b9865115f44ea827a4f013f791105efc1f7641f11f9759877d61f5c50140fcf892b95318f1276eace9f78161dbcaf6e011f31e34f0729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
bff0e37db5d52a94e56cc61fc7914d53

SHA1
622aa1a006d98e5fffc66d2ebccc9678b9a23579

SHA256
5c83212f3572098c5191d56692c83ddea5e86794e27ec304f343ccb28eef2cfe

SHA512
46fb4fbbf8c6a1875404e85aa4e44c5677d2d8cb4cb1eb45d2fb39ba12d361653c69e2236fd03758e35323c9676695802157aaca38072311558e552fcf3031bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2A0.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat

Filesize
1KB

MD5
c5f7fb61c3ca7a8896561867261ff822

SHA1
a4774419292f31a5ec8d0d8374b8940817dd9d52

SHA256
f9c9ee82a35715aba8ba4921a29ebfc08018d32121bcd3ff4a4ef0957d73b1ba

SHA512
a90b961aff86ee9823547d6d7f751dab86c308781b5adbc7977ad51aabbd477aa588dca0547b4fb1a671de63470938940c472a89d3f59c347f82e85b3e59b244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\favicon[1].ico

Filesize
1KB

MD5
73215f202ba015cf806a58d16c0f81be

SHA1
4da7b819b959876e4953e81995ecad6eaaf39e65

SHA256
728b69ef00dd099aa72319e051331cabadd7bf6715f6ab59130001c1362691c1

SHA512
30a61ecf27e17aeb78eada0754fad73e50f7ef3eb48a426450bc1799abd49708e100542dcda87a2c9c00a611647a059cc63fd40e0e5dd50f3fa45698bee4fd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request