e1b3cf96cee8fe4b810b6ee6e9bdc200293aebc1571dd2e8d44d1bb826e3c639

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 15:43 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4962f201335f1e223753b85d8fa7214b.html
Size

81KB
MD5

4962f201335f1e223753b85d8fa7214b
SHA1

d778055e7bd30e67bc381ea58cd9aa8dba720d2e
SHA256

e1b3cf96cee8fe4b810b6ee6e9bdc200293aebc1571dd2e8d44d1bb826e3c639
SHA512

6ce93c4e0469f77f5da343c19d489dfd1bf2987825930925aacbf1c19dea727c706ed4ab7e890f77ef848a5c1bdaad1942caf01eb5f22244f128b86f8e43a5c9
SSDEEP

1536:ILszrHoEoIVtGATTc1s5fUD0bUwHmE4UEAVtzB:ILv2tGATTccfUD0bUwHmE4UEAVtzB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 62 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080832"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a000000000200000000001066000000010000200000009e12586082e1f7d7a0b1d087cac49b80816a22a7bdb9448afc039aa61a903062000000000e8000000002000020000000ca21844839b134a6c04a39a72ece793a40aded212db0667f3666f7acb371318d20000000c7f08863f9d42eafa442feb985105736c079e5a8000d7271635c6f5d8774c3fb4000000083b0726a85ba46adcf6a310f60841d7a9aaccaf80e82004b8ff04d554bb00e9f20f81078eac8520e0d1232112385d7916167eab61667ac2d37a85886cf82bb77	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1637420222"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080832"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1675701608"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31080832"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\User Preferences	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01bab788041da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8D019C33-AD73-11EE-AA35-5A0B45D0E1CE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1637420222"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 0d1285d26635da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a0000000002000000000010660000000100002000000098b6575e2661b88c2852d2af0fc8b8b8f697791579090ad7fbd0a0fddb189a14000000000e80000000020000200000002c94b5c818a8646b8ae330c2b40ad62fd3061759e7428a07cddae830bb88e2955000000085c7c56a6891da934570cac8633387cdaed622ef0abbef40b0fb656da9e5c5198d1ca7087f2c135b1f21b90899f5c493bc29477624ede4fa470a0653d63f394f9804f9b981d3ecd683bed6515ac911e140000000b134278c1099894d4b7c9e25e77b114f036322f62d8b07d8ba4685622336cd19e67566a3da703c252b2f04a99c410502e1a53452a9de50c3e1683efcde9e9745	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a0000000002000000000010660000000100002000000057094557d0aadfe4e6b51531035d494f3764c2cfac1a25eed5aeb17310fb9043000000000e80000000020000200000007a6730bac751f9f9cc65e816da879f9df5187a0719521c1fef1c7017ec9db9c810000000a3d1d7bba9fe27ed304c4658d2c97de640000000561abe7eec3f93cf277cff566fa38dda283e0edce5687dd3a7c2c01946ffbcc006898e4898f840423a56861867e00b9dc87c1e05eda6ee4446e7e8c8367f3149	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411407205"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31080832"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c221304981e5f4bbaa9a99b1399bd8a000000000200000000001066000000010000200000007e62eab679e4684b2452547e2c5a704cad4df3c43660e2677f5a616e02ead8a7000000000e800000000200002000000025ffad6a2fdf314768978933ed530534e248dc1d4e06b5960034af1f33e6fa0f20000000c2a73af7dd2a5d594ee85686b7af8cfa2bb78ac98bf7fa93a0d94248b05f5f254000000039a1013900f083b5ff2e8259d5fee86b5a74853e7aa7b00c7283a35675f7785e2751ac2afffa315b38a519db5fcd085c004152a84c5392b327931cfce7ad1093	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1675701608"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0fdaf788041da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4884	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4884	iexplore.exe
4884	iexplore.exe
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 1756	4884	iexplore.exe	88
PID 4884 wrote to memory of 1756	4884	iexplore.exe	88
PID 4884 wrote to memory of 1756	4884	iexplore.exe	88

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4962f201335f1e223753b85d8fa7214b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4884 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1756

Network

DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
GET

https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/widgets/3822632116-css_bundle_v2.css HTTP/2.0
host: www.blogger.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7982
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 05 Jan 2024 10:18:56 GMT
expires: Sat, 04 Jan 2025 10:18:56 GMT
cache-control: public, max-age=31536000
age: 192298
last-modified: Thu, 09 Sep 2021 01:51:04 GMT
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/jsbin/3775400722-ieretrofit.js

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/jsbin/3775400722-ieretrofit.js HTTP/2.0
host: www.blogger.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 9106
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 07 Jan 2024 15:43:55 GMT
expires: Mon, 06 Jan 2025 15:43:55 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 27 Jul 2021 02:53:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1017688895260153585&zx=ba8535ce-57ea-4acb-b3e8-0f4d8f08360a

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /dyn-css/authorization.css?targetBlogID=1017688895260153585&zx=ba8535ce-57ea-4acb-b3e8-0f4d8f08360a HTTP/2.0
host: www.blogger.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 07 Jan 2024 15:43:55 GMT
last-modified: Sun, 07 Jan 2024 15:43:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/3011995818-widgets.js

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/widgets/3011995818-widgets.js HTTP/2.0
host: www.blogger.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 55231
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 05 Jan 2024 10:59:49 GMT
expires: Sat, 04 Jan 2025 10:59:49 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 23 Jul 2021 19:53:22 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 189880
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR
DNS

233.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.212.58.216.in-addr.arpa

IN PTR

Response

233.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f91e100net

233.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f233�H

233.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f9�H
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.238
DNS

resources.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
DNS

sayac.onlinewebstat.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sayac.onlinewebstat.com

IN A

Response

sayac.onlinewebstat.com

IN A

89.117.77.20
DNS

zirve100.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

zirve100.com

IN A

Response

zirve100.com

IN A

172.67.177.55

zirve100.com

IN A

104.21.67.138
DNS

d.cpufan.club

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

d.cpufan.club

IN A

Response

d.cpufan.club

IN A

185.107.56.54
GET

http://zirve100.com/CounterV4.js

IEXPLORE.EXE

Remote address:

172.67.177.55:80

Request

GET /CounterV4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: zirve100.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sun, 07 Jan 2024 15:43:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: max-age=14400, must-revalidate
Location: https://www.zirve100.com
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNPj304REIinjbJ4oIKAcPdqbcUeU8h%2Fd2pXqPUrDp0njHNJOHeliiVtDmei6OZjkQCRsStuEiz2OM6zdQmjcalOsiv1eV3EuhzSqnRz%2BwcDnnGshkA8JpdJf5xFtw8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 841d51bafb4023ae-LHR
alt-svc: h3=":443"; ma=86400
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 475
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 05 Jan 2024 00:03:53 GMT
expires: Fri, 12 Jan 2024 00:03:53 GMT
cache-control: public, max-age=604800
last-modified: Wed, 03 Jan 2024 20:06:15 GMT
content-type: image/png
age: 229203
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 21930
date: Sun, 07 Jan 2024 15:43:56 GMT
expires: Sun, 07 Jan 2024 15:43:56 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "198f19c141a8a438"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
set-cookie: NID=511=kkHzUN7azJCQvdBn6IeM9z2tsHi3dgW7yXeU6F4w41fkAdSVtrcBi6lNDbC_rLc6z5wp3oSwixHrRlOdhAfMvD8ZNLfl95lyWad8WeGSJx4A7kmjUn3TF6VaD_BRJ8jzcwjVZLzOpQerP0adV2FAb4_5cSW2CsctbxaI84UKVFs; expires=Mon, 08-Jul-2024 15:43:56 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://d.cpufan.club/direct.js?w=715872&c=90

IEXPLORE.EXE

Remote address:

185.107.56.54:443

Request

GET /direct.js?w=715872&c=90 HTTP/2.0
host: d.cpufan.club
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 498
content-type: text/html; charset=utf-8
date: Sun, 07 Jan 2024 15:43:55 GMT
server: Cowboy
set-cookie: sid=9130de21-ad73-11ee-98d4-7fb20b0875ad; path=/; domain=.cpufan.club; expires=Fri, 25 Jan 2092 18:58:03 GMT; max-age=2147483647; secure; HttpOnly
GET

http://sayac.onlinewebstat.com/c4.js

IEXPLORE.EXE

Remote address:

89.117.77.20:80

Request

GET /c4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sayac.onlinewebstat.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.24.0
Date: Sun, 07 Jan 2024 15:43:55 GMT
Content-Type: text/html
Content-Length: 15793
Last-Modified: Mon, 09 Oct 2023 14:26:23 GMT
Connection: keep-alive
ETag: "65240d8f-3db1"
Accept-Ranges: bytes
GET

http://sayac.onlinewebstat.com/logo/c2.gif

IEXPLORE.EXE

Remote address:

89.117.77.20:80

Request

GET /logo/c2.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sayac.onlinewebstat.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.24.0
Date: Sun, 07 Jan 2024 15:43:55 GMT
Content-Type: text/html
Content-Length: 15793
Last-Modified: Mon, 09 Oct 2023 14:26:23 GMT
Connection: keep-alive
ETag: "65240d8f-3db1"
Accept-Ranges: bytes
DNS

themes.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

themes.googleusercontent.com

IN A

Response

themes.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.212.193
GET

http://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2

IEXPLORE.EXE

Remote address:

216.58.212.193:80

Request

GET /image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 07 Jan 2024 15:43:56 GMT
Location: https://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

54.56.107.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.56.107.185.in-addr.arpa

IN PTR

Response
GET

https://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2

IEXPLORE.EXE

Remote address:

216.58.212.193:443

Request

GET /image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2 HTTP/2.0
host: themes.googleusercontent.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v1"
expires: Mon, 08 Jan 2024 15:43:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
date: Sun, 07 Jan 2024 15:43:56 GMT
server: fife
content-length: 90208
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www.zirve100.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.zirve100.com

IN A

Response

www.zirve100.com

IN A

172.67.177.55

www.zirve100.com

IN A

104.21.67.138
GET

https://www.zirve100.com/

IEXPLORE.EXE

Remote address:

172.67.177.55:443

Request

GET / HTTP/2.0
host: www.zirve100.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sun, 07 Jan 2024 15:43:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
last-modified: Sun, 07 Jan 2024 09:43:43 GMT
cache-control: max-age=0
expires: Sun, 07 Jan 2024 15:43:56 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqZBRacSwbw4ZooTDvM93excztv39A1zUs6rh1FsqJkkNO0GdQB4jB7GxPocwF4l3hzfBZXwiGvvFgp1e46lezY53ffumAHFq5utn%2FwueaXzf8enOnCv9tGFPnLKRTVVnLM9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 841d51be4cdf419b-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

4.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.181.190.20.in-addr.arpa

IN PTR

Response
DNS

193.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.212.58.216.in-addr.arpa

IN PTR

Response

193.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f11e100net

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1�H

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f193�H
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR

Response

40.13.222.173.in-addr.arpa

IN PTR

a173-222-13-40deploystaticakamaitechnologiescom
DNS

20.77.117.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.77.117.89.in-addr.arpa

IN PTR

Response

20.77.117.89.in-addr.arpa

IN PTR

onlinewebstatcom
DNS

201.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.179.17.96.in-addr.arpa

IN PTR

Response

201.179.17.96.in-addr.arpa

IN PTR

a96-17-179-201deploystaticakamaitechnologiescom
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

55.177.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.177.67.172.in-addr.arpa

IN PTR

Response
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
GET

https://ieonline.microsoft.com/ie/known_providers_download_v1.xml

Request

GET /ie/known_providers_download_v1.xml HTTP/2.0
host: ieonline.microsoft.com
accept: */*
accept-language: en-US
ua-cpu: AMD64
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
if-modified-since: Thu, 20 Feb 2020 01:30:24 GMT
cookie: _EDGE_V=1; MUID=0B6295915EED66101C5B867E5F566773; MUIDB=0B6295915EED66101C5B867E5F566773

Response

HTTP/2.0 304

cache-control: private
set-cookie: _EDGE_S=SID=1A8CEDB5FFBD6B1617A7FE4AFE5D6AA7; domain=.microsoft.com; path=/; HttpOnly
set-cookie: MUIDB=0B6295915EED66101C5B867E5F566773; expires=Fri, 31-Jan-2025 15:44:03 GMT; path=/; HttpOnly
x-eventid: 659ac6c3111e4ae09da499d04fa12623
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F7E060658A9D4B60ABA844F0518D975E Ref B: LON04EDGE1120 Ref C: 2024-01-07T15:44:03Z
date: Sun, 07 Jan 2024 15:44:02 GMT
GET

https://www.bing.com/favicon.ico

iexplore.exe

Remote address:

92.123.128.143:443

Request

GET /favicon.ico HTTP/2.0
host: www.bing.com
accept: */*
ua-cpu: AMD64
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

cache-control: public, max-age=15552000
content-length: 4286
content-type: image/x-icon
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8020208928BA4DB9B31993C446AF84E3 Ref B: PAR02EDGE0711 Ref C: 2022-12-08T22:26:30Z
date: Sun, 07 Jan 2024 15:44:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.8f777b5c.1704642243.3fa049d9
DNS

143.128.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

143.128.123.92.in-addr.arpa

IN PTR

Response

143.128.123.92.in-addr.arpa

IN PTR

a92-123-128-143deploystaticakamaitechnologiescom
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

3.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

www.feedburner.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.feedburner.com

IN A

Response

www.feedburner.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.200.46
DNS

www.feedburner.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.feedburner.com

IN A

Response

www.feedburner.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.200.46
DNS

p214734.clksite.com

Remote address:

8.8.8.8:53

Request

p214734.clksite.com

IN A

Response

p214734.clksite.com

IN A

52.116.53.147
DNS

feeds.feedburner.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

feeds.feedburner.com

IN A

Response

feeds.feedburner.com

IN CNAME

www4.l.google.com

www4.l.google.com

IN A

142.250.179.238
GET

http://3.bp.blogspot.com/-s-hxrPYysUc/TwuMuz2WKfI/AAAAAAAAAGE/BKAGLFoauJk/s1600/gulnuxin.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-s-hxrPYysUc/TwuMuz2WKfI/AAAAAAAAAGE/BKAGLFoauJk/s1600/gulnuxin.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Sun, 07 Jan 2024 15:44:19 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://www.feedburner.com/fb/images/pub/feed-icon32x32.png

IEXPLORE.EXE

Remote address:

142.250.200.46:80

Request

GET /fb/images/pub/feed-icon32x32.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.feedburner.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/pichu-static
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="pichu-static"
Report-To: {"group":"pichu-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/pichu-static"}]}
Content-Length: 1441
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 07 Jan 2024 15:44:19 GMT
Expires: Sun, 07 Jan 2024 15:44:19 GMT
Cache-Control: public, max-age=0
Age: 0
Last-Modified: Thu, 02 Nov 2023 22:48:00 GMT
Content-Type: image/png
GET

http://feeds.feedburner.com/~fc/Trk-yesilcam-kurdishFilm-kurtce-izle?bg=FF3300&fg=FFFF00&anim=1&label=listeners

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /~fc/Trk-yesilcam-kurdishFilm-kurtce-izle?bg=FF3300&fg=FFFF00&anim=1&label=listeners HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: feeds.feedburner.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 07 Jan 2024 15:44:20 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Security-Policy: script-src 'nonce-sfpxQb1H5Vcpx5cYjmRD0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/RaichuFeedServer/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/RaichuFeedServer/cspreport
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
DNS

46.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

p214734.clksite.com

Remote address:

8.8.8.8:53

Request

p214734.clksite.com

IN A

Response

p214734.clksite.com

IN A

52.116.53.147
DNS

p214734.clksite.com

Remote address:

8.8.8.8:53

Request

p214734.clksite.com

IN A
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

tlu.dl.delivery.mp.microsoft.com

IN A

Response

tlu.dl.delivery.mp.microsoft.com

IN CNAME

dcat-tlu-fg-shim.trafficmanager.net

dcat-tlu-fg-shim.trafficmanager.net

IN CNAME

tlu.dl.delivery.mp.microsoft.com-c.edgesuite.net

tlu.dl.delivery.mp.microsoft.com-c.edgesuite.net

IN CNAME

a1856.dspw65.akamai.net

a1856.dspw65.akamai.net

IN A

96.17.178.211

a1856.dspw65.akamai.net

IN A

96.17.178.199

a1856.dspw65.akamai.net

IN A

96.17.178.178

a1856.dspw65.akamai.net

IN A

96.17.178.206

a1856.dspw65.akamai.net

IN A

96.17.178.210
DNS

code.jquery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.194.137
DNS

code.jquery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A
DNS

www.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.statcounter.com

IN A

Response

www.statcounter.com

IN A

104.20.95.138

www.statcounter.com

IN A

104.20.94.138
DNS

www.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.statcounter.com

IN A
GET

http://www.statcounter.com/counter/counter_xhtml.js

IEXPLORE.EXE

Remote address:

104.20.95.138:80

Request

GET /counter/counter_xhtml.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.statcounter.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 07 Jan 2024 15:44:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 04 Jan 2024 17:10:12 GMT
ETag: W/"a313-60e21cdf4311c"
Cache-Control: max-age=43200
Expires: Sun, 07 Jan 2024 21:09:19 GMT
Access-Control-Allow-Origin: *
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
User-Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 23711
Server: cloudflare
CF-RAY: 841d5290dd1f52ea-LHR
GET

http://code.jquery.com/jquery-1.4.2.js

IEXPLORE.EXE

Remote address:

151.101.130.137:80

Request

GET /jquery-1.4.2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: code.jquery.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 45870
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-2800f"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sun, 07 Jan 2024 15:44:29 GMT
Age: 2778841
X-Served-By: cache-lga21949-LGA, cache-lon4258-LON
X-Cache: HIT, HIT
X-Cache-Hits: 6803, 1
X-Timer: S1704642270.828453,VS0,VE1
Vary: Accept-Encoding
DNS

137.130.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.130.101.151.in-addr.arpa

IN PTR

Response
DNS

138.95.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.95.20.104.in-addr.arpa

IN PTR

Response
DNS

138.95.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.95.20.104.in-addr.arpa

IN PTR
DNS

138.95.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.95.20.104.in-addr.arpa

IN PTR
DNS

138.95.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.95.20.104.in-addr.arpa

IN PTR
DNS

183.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.1.37.23.in-addr.arpa

IN PTR

Response

183.1.37.23.in-addr.arpa

IN PTR

a23-37-1-183deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR
DNS

32.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.134.221.88.in-addr.arpa

IN PTR

Response

32.134.221.88.in-addr.arpa

IN PTR

a88-221-134-32deploystaticakamaitechnologiescom
DNS

32.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.134.221.88.in-addr.arpa

IN PTR
DNS

185.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.178.17.96.in-addr.arpa

IN PTR

Response

185.178.17.96.in-addr.arpa

IN PTR

a96-17-178-185deploystaticakamaitechnologiescom
DNS

185.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.178.17.96.in-addr.arpa

IN PTR
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR

Response

206.178.17.96.in-addr.arpa

IN PTR

a96-17-178-206deploystaticakamaitechnologiescom
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

211.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.178.17.96.in-addr.arpa

IN PTR

Response

211.178.17.96.in-addr.arpa

IN PTR

a96-17-178-211deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR

Response

178.178.17.96.in-addr.arpa

IN PTR

a96-17-178-178deploystaticakamaitechnologiescom
DNS

182.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.178.17.96.in-addr.arpa

IN PTR

Response

182.178.17.96.in-addr.arpa

IN PTR

a96-17-178-182deploystaticakamaitechnologiescom

216.58.212.233:443

https://www.blogger.com/static/v1/widgets/3011995818-widgets.js

tls, http2

IEXPLORE.EXE

5.7kB
83.8kB
89
81

HTTP Request

GET https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css

HTTP Response

200

HTTP Request

GET https://www.blogger.com/static/v1/jsbin/3775400722-ieretrofit.js

HTTP Response

200

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1017688895260153585&zx=ba8535ce-57ea-4acb-b3e8-0f4d8f08360a

HTTP Response

200

HTTP Request

GET https://www.blogger.com/static/v1/widgets/3011995818-widgets.js

HTTP Response

200
216.58.212.233:443

www.blogger.com

tls, http2

IEXPLORE.EXE

1.3kB
5.2kB
18
12
172.67.177.55:80

zirve100.com

IEXPLORE.EXE

380 B
92 B
8
2
172.67.177.55:80

http://zirve100.com/CounterV4.js

http

IEXPLORE.EXE

584 B
937 B
7
4

HTTP Request

GET http://zirve100.com/CounterV4.js

HTTP Response

301
216.58.212.233:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

IEXPLORE.EXE

1.9kB
6.2kB
23
14

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200
216.58.212.233:443

resources.blogblog.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
16
11
142.250.179.238:443

https://apis.google.com/js/plusone.js

tls, http2

IEXPLORE.EXE

2.3kB
29.5kB
36
30

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200
142.250.179.238:443

apis.google.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
16
11
185.107.56.54:443

https://d.cpufan.club/direct.js?w=715872&c=90

tls, http2

IEXPLORE.EXE

1.5kB
6.1kB
20
16

HTTP Request

GET https://d.cpufan.club/direct.js?w=715872&c=90

HTTP Response

200
185.107.56.54:443

d.cpufan.club

tls, http2

IEXPLORE.EXE

1.3kB
5.2kB
19
14
89.117.77.20:80

http://sayac.onlinewebstat.com/c4.js

http

IEXPLORE.EXE

1.2kB
16.8kB
19
18

HTTP Request

GET http://sayac.onlinewebstat.com/c4.js

HTTP Response

200
89.117.77.20:80

http://sayac.onlinewebstat.com/logo/c2.gif

http

IEXPLORE.EXE

916 B
11.5kB
13
11

HTTP Request

GET http://sayac.onlinewebstat.com/logo/c2.gif

HTTP Response

200
216.58.212.193:80

http://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2

http

IEXPLORE.EXE

1.1kB
684 B
8
5

HTTP Request

GET http://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2

HTTP Response

301
216.58.212.193:80

themes.googleusercontent.com

IEXPLORE.EXE

242 B
144 B
5
3
216.58.212.193:443

https://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2

tls, http2

IEXPLORE.EXE

6.1kB
106.3kB
89
84

HTTP Request

GET https://themes.googleusercontent.com/image?id=0BwVBOzw_-hbMYjBmMTkxYTItOGZiMy00YTc0LWI1ZGUtYTY5ZDkxOTRlNDU2

HTTP Response

200
172.67.177.55:443

www.zirve100.com

tls, http2

IEXPLORE.EXE

1.2kB
3.5kB
14
9
172.67.177.55:443

https://www.zirve100.com/

tls, http2

IEXPLORE.EXE

3.8kB
54.7kB
65
60

HTTP Request

GET https://www.zirve100.com/

HTTP Response

200
142.250.180.2:445

pagead2.googlesyndication.com

260 B
5
142.250.187.226:139

pagead2.googlesyndication.com

260 B
5
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.6kB
8.4kB
19
15
92.123.128.143:443

www.bing.com

tls, http2

iexplore.exe

1.1kB
4.9kB
15
14
92.123.128.143:443

https://www.bing.com/favicon.ico

tls, http2

iexplore.exe

1.5kB
9.8kB
21
19

HTTP Request

GET https://www.bing.com/favicon.ico

HTTP Response

200
142.250.200.33:80

http://3.bp.blogspot.com/-s-hxrPYysUc/TwuMuz2WKfI/AAAAAAAAAGE/BKAGLFoauJk/s1600/gulnuxin.gif

http

IEXPLORE.EXE

620 B
1.2kB
6
4

HTTP Request

GET http://3.bp.blogspot.com/-s-hxrPYysUc/TwuMuz2WKfI/AAAAAAAAAGE/BKAGLFoauJk/s1600/gulnuxin.gif

HTTP Response

404
142.250.200.33:80

3.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.200.46:80

http://www.feedburner.com/fb/images/pub/feed-icon32x32.png

http

IEXPLORE.EXE

632 B
2.3kB
7
5

HTTP Request

GET http://www.feedburner.com/fb/images/pub/feed-icon32x32.png

HTTP Response

200
142.250.200.46:80

www.feedburner.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.179.238:80

http://feeds.feedburner.com/~fc/Trk-yesilcam-kurdishFilm-kurtce-izle?bg=FF3300&fg=FFFF00&anim=1&label=listeners

http

IEXPLORE.EXE

783 B
2.2kB
9
7

HTTP Request

GET http://feeds.feedburner.com/~fc/Trk-yesilcam-kurdishFilm-kurtce-izle?bg=FF3300&fg=FFFF00&anim=1&label=listeners

HTTP Response

404
142.250.179.238:80

feeds.feedburner.com

IEXPLORE.EXE

190 B
92 B
4
2
52.116.53.147:445

p214734.clksite.com

260 B
160 B
5
4
52.116.53.147:139

p214734.clksite.com

260 B
160 B
5
4
104.20.95.138:80

www.statcounter.com

IEXPLORE.EXE

334 B
52 B
7
1
104.20.95.138:80

http://www.statcounter.com/counter/counter_xhtml.js

http

IEXPLORE.EXE

1.2kB
15.9kB
19
16

HTTP Request

GET http://www.statcounter.com/counter/counter_xhtml.js

HTTP Response

200
151.101.130.137:80

http://code.jquery.com/jquery-1.4.2.js

http

IEXPLORE.EXE

2.1kB
48.0kB
40
39

HTTP Request

GET http://code.jquery.com/jquery-1.4.2.js

HTTP Response

200
151.101.130.137:80

code.jquery.com

IEXPLORE.EXE

242 B
184 B
5
4
204.79.197.200:443

tse1.mm.bing.net

685 B
661 B
9
5
204.79.197.200:443

tse1.mm.bing.net

685 B
741 B
9
7
204.79.197.200:443

tse1.mm.bing.net

74.6kB
2.1MB
1542
1541
204.79.197.200:443

tse1.mm.bing.net

685 B
741 B
9
7
88.221.134.32:80
204.79.197.200:443

tse1.mm.bing.net

tls

639 B
689 B
8
6
88.221.134.32:80
52.111.227.14:443
88.221.134.32:80
96.17.178.182:80

8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

216.58.212.233
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

2.136.104.51.in-addr.arpa

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

233.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

233.212.58.216.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.179.238
8.8.8.8:53

resources.blogblog.com

dns

IEXPLORE.EXE

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

216.58.212.233
8.8.8.8:53

sayac.onlinewebstat.com

dns

IEXPLORE.EXE

69 B
85 B
1
1

DNS Request

sayac.onlinewebstat.com

DNS Response

89.117.77.20
8.8.8.8:53

zirve100.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

zirve100.com

DNS Response

172.67.177.55

104.21.67.138
8.8.8.8:53

d.cpufan.club

dns

IEXPLORE.EXE

59 B
75 B
1
1

DNS Request

d.cpufan.club

DNS Response

185.107.56.54
8.8.8.8:53

themes.googleusercontent.com

dns

IEXPLORE.EXE

74 B
119 B
1
1

DNS Request

themes.googleusercontent.com

DNS Response

216.58.212.193
8.8.8.8:53

54.56.107.185.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

54.56.107.185.in-addr.arpa
8.8.8.8:53

www.zirve100.com

dns

IEXPLORE.EXE

62 B
94 B
1
1

DNS Request

www.zirve100.com

DNS Response

172.67.177.55

104.21.67.138
8.8.8.8:53

4.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.181.190.20.in-addr.arpa
8.8.8.8:53

193.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

193.212.58.216.in-addr.arpa
8.8.8.8:53

40.13.222.173.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

40.13.222.173.in-addr.arpa
8.8.8.8:53

20.77.117.89.in-addr.arpa

dns

71 B
102 B
1
1

DNS Request

20.77.117.89.in-addr.arpa
8.8.8.8:53

201.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

201.179.17.96.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

55.177.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

55.177.67.172.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

143.128.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

143.128.123.92.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

213 B
135 B
3
1

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

3.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

www.feedburner.com

dns

IEXPLORE.EXE

128 B
216 B
2
2

DNS Request

www.feedburner.com

DNS Response

142.250.200.46

DNS Request

www.feedburner.com

DNS Response

142.250.200.46
8.8.8.8:53

p214734.clksite.com

dns

65 B
81 B
1
1

DNS Request

p214734.clksite.com

DNS Response

52.116.53.147
8.8.8.8:53

feeds.feedburner.com

dns

IEXPLORE.EXE

66 B
110 B
1
1

DNS Request

feeds.feedburner.com

DNS Response

142.250.179.238
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.200.250.142.in-addr.arpa
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

p214734.clksite.com

dns

130 B
81 B
2
1

DNS Request

p214734.clksite.com

DNS Request

p214734.clksite.com

DNS Response

52.116.53.147
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

149 B
445 B
2
2

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

tlu.dl.delivery.mp.microsoft.com

DNS Response

96.17.178.211

96.17.178.199

96.17.178.178

96.17.178.206

96.17.178.210
8.8.8.8:53

code.jquery.com

dns

IEXPLORE.EXE

122 B
125 B
2
1

DNS Request

code.jquery.com

DNS Request

code.jquery.com

DNS Response

151.101.130.137

151.101.2.137

151.101.66.137

151.101.194.137
8.8.8.8:53

www.statcounter.com

dns

IEXPLORE.EXE

130 B
97 B
2
1

DNS Request

www.statcounter.com

DNS Request

www.statcounter.com

DNS Response

104.20.95.138

104.20.94.138
8.8.8.8:53

137.130.101.151.in-addr.arpa

dns

74 B
134 B
1
1

DNS Request

137.130.101.151.in-addr.arpa
8.8.8.8:53

138.95.20.104.in-addr.arpa

dns

288 B
134 B
4
1

DNS Request

138.95.20.104.in-addr.arpa

DNS Request

138.95.20.104.in-addr.arpa

DNS Request

138.95.20.104.in-addr.arpa

DNS Request

138.95.20.104.in-addr.arpa
8.8.8.8:53

183.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

183.1.37.23.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

210 B
156 B
3
1

DNS Request

50.23.12.20.in-addr.arpa

DNS Request

50.23.12.20.in-addr.arpa

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

32.134.221.88.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

32.134.221.88.in-addr.arpa

DNS Request

32.134.221.88.in-addr.arpa
8.8.8.8:53

185.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

185.178.17.96.in-addr.arpa

DNS Request

185.178.17.96.in-addr.arpa
8.8.8.8:53

206.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

206.178.17.96.in-addr.arpa

DNS Request

206.178.17.96.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

211.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

211.178.17.96.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

178.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

178.178.17.96.in-addr.arpa
8.8.8.8:53

182.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

182.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD11C.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\plusone[1].js

Filesize
56KB

MD5
1944af3661da46249991197817b6cd8b

SHA1
f952df40ec79fafc7c798f37aff92878977376ed

SHA256
63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

SHA512
0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UCK1SA0Q\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request