c2196725c44e80679601cb7ff29ee42752f2fd5d97d555713c0dd3466129a8b6

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 11:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

129e76c768e3acbca3e5839accf6dff3_JaffaCakes118.html
Size

134KB
MD5

129e76c768e3acbca3e5839accf6dff3
SHA1

30e7725c1bbe83c5094d8ac24435d7490500befb
SHA256

c2196725c44e80679601cb7ff29ee42752f2fd5d97d555713c0dd3466129a8b6
SHA512

c320ef96cdf854cd9317279596de0af02b01da48d271a181626be6f0e08276897437b9ad7676ba461d1faad2e65e18abdabb543f35029db57831fd73199a5e35
SSDEEP

3072:HT3IQzfVTUKecU/73vO4ebjT7hiZ8bYUeTbcxVMrKx0:46K

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
62	sites.google.com
63	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
556	msedge.exe
556	msedge.exe
4340	identity_helper.exe
4340	identity_helper.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 3208	556	msedge.exe	84
PID 556 wrote to memory of 3208	556	msedge.exe	84
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4944	556	msedge.exe	85
PID 556 wrote to memory of 4348	556	msedge.exe	86
PID 556 wrote to memory of 4348	556	msedge.exe	86
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87
PID 556 wrote to memory of 4396	556	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\129e76c768e3acbca3e5839accf6dff3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff14d946f8,0x7fff14d94708,0x7fff14d94718
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4232877070850557621,13481088479607482273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

Network

DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

4dc85062-a-62cb3a1a-s-sites.googlegroups.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4dc85062-a-62cb3a1a-s-sites.googlegroups.com

IN A

Response

4dc85062-a-62cb3a1a-s-sites.googlegroups.com

IN CNAME

googlegroups.l.googleusercontent.com

googlegroups.l.googleusercontent.com

IN A

209.85.203.137
DNS

dl.dropboxusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

dl.dropboxusercontent.com

IN A

Response

dl.dropboxusercontent.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
DNS

dl.dropbox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

dl.dropbox.com

IN A

Response

dl.dropbox.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
DNS

2.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
GET

http://2.bp.blogspot.com/-MP_iFJGRwMQ/Ukl-vk1ddxI/AAAAAAAAAcA/XRUa5S4smok/s72-c/bia-Dai+Thanh+copy.jpg

msedge.exe

Remote address:

142.250.178.1:80

Request

GET /-MP_iFJGRwMQ/Ukl-vk1ddxI/AAAAAAAAAcA/XRUa5S4smok/s72-c/bia-Dai+Thanh+copy.jpg HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="bia-Dai Thanh copy.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4694
X-XSS-Protection: 0
Date: Sat, 04 May 2024 11:54:21 GMT
Expires: Sun, 05 May 2024 11:54:21 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1c0"
Content-Type: image/jpeg
Vary: Origin
Age: 0
GET

http://2.bp.blogspot.com/-7lDPL7UECXU/Ug3aviMLSXI/AAAAAAAAAQM/qmN4tVe0edo/s72-c/noi-that-cua-can-ho-hien-dai.jpg

msedge.exe

Remote address:

142.250.178.1:80

Request

GET /-7lDPL7UECXU/Ug3aviMLSXI/AAAAAAAAAQM/qmN4tVe0edo/s72-c/noi-that-cua-can-ho-hien-dai.jpg HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="noi-that-cua-can-ho-hien-dai.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2794
X-XSS-Protection: 0
Date: Sat, 04 May 2024 11:54:21 GMT
Expires: Sun, 05 May 2024 11:54:21 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v104"
Content-Type: image/jpeg
Vary: Origin
Age: 0
DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.9
GET

https://4dc85062-a-62cb3a1a-s-sites.googlegroups.com/site/khothuvien1234/sieuthiduan.PNG

msedge.exe

Remote address:

209.85.203.137:443

Request

GET /site/khothuvien1234/sieuthiduan.PNG HTTP/2.0
host: 4dc85062-a-62cb3a1a-s-sites.googlegroups.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.9
GET

http://1.bp.blogspot.com/-PYW6a5uXxrw/UvjaEah5ODI/AAAAAAAAAhw/Bvf2RfVWYa4/s72-c/toan-bo-nha.jpg

msedge.exe

Remote address:

142.250.178.1:80

Request

GET /-PYW6a5uXxrw/UvjaEah5ODI/AAAAAAAAAhw/Bvf2RfVWYa4/s72-c/toan-bo-nha.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="toan-bo-nha.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4996
X-XSS-Protection: 0
Date: Sat, 04 May 2024 11:54:21 GMT
Expires: Sun, 05 May 2024 11:54:21 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v380"
Content-Type: image/jpeg
Vary: Origin
Age: 0
GET

http://1.bp.blogspot.com/-sLwvU89Q1ms/TWfDw6VIW_I/AAAAAAAAAIw/ZsABOxlq43k/s1600/no-image.PNG

msedge.exe

Remote address:

142.250.178.1:80

Request

GET /-sLwvU89Q1ms/TWfDw6VIW_I/AAAAAAAAAIw/ZsABOxlq43k/s1600/no-image.PNG HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="no-image.PNG"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 5774
X-XSS-Protection: 0
Date: Sat, 04 May 2024 11:54:21 GMT
Expires: Sun, 05 May 2024 11:54:21 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 0
ETag: "v8c"
Content-Type: image/png
Vary: Origin
DNS

bit.ly

msedge.exe

Remote address:

8.8.8.8:53

Request

bit.ly

IN A

Response

bit.ly

IN A

67.199.248.11

bit.ly

IN A

67.199.248.10
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
GET

http://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

msedge.exe

Remote address:

162.125.64.15:80

Request

GET /u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js HTTP/1.1
Host: dl.dropboxusercontent.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

location: https://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js
date: Sat, 04 May 2024 11:54:21 GMT
server: envoy
x-dropbox-request-id: daabaae0cf3c4360baede33708b7be5b
content-length: 0
DNS

s7.addthis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

104.68.81.91
DNS

lh5.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh5.googleusercontent.com

IN A

Response

lh5.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
GET

http://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js

msedge.exe

Remote address:

162.125.64.15:80

Request

GET /u/66256041/popup/namkna.blogspot.con/slide_ads1.js HTTP/1.1
Host: dl.dropbox.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

location: https://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js
date: Sat, 04 May 2024 11:54:21 GMT
server: envoy
x-dropbox-request-id: 97f238333f144eafa33af940c26eeb18
content-length: 0
GET

http://s7.addthis.com/js/250/addthis_widget.js

msedge.exe

Remote address:

104.68.81.91:80

Request

GET /js/250/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 308 Permanent Redirect

Server: nginx/1.15.8
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/250/addthis_widget.js
Date: Sat, 04 May 2024 11:54:21 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
GET

https://lh3.googleusercontent.com/-Yx4chbloKq4/UvinQ6KnEQI/AAAAAAAAAm8/dy48_-fsZSg/w640-h452-no/quang-cao.gif

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-Yx4chbloKq4/UvinQ6KnEQI/AAAAAAAAAm8/dy48_-fsZSg/w640-h452-no/quang-cao.gif HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh5.googleusercontent.com/-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg HTTP/2.0
host: lh5.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh5.googleusercontent.com/-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg HTTP/2.0
host: lh5.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://bit.ly/hGWr7r

msedge.exe

Remote address:

67.199.248.11:80

Request

GET /hGWr7r HTTP/1.1
Host: bit.ly
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sat, 04 May 2024 11:54:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 179
Cache-Control: private, max-age=90
Content-Security-Policy: referrer always;
Location: http://1.bp.blogspot.com/-sLwvU89Q1ms/TWfDw6VIW_I/AAAAAAAAAIw/ZsABOxlq43k/s1600/no-image.PNG
Referrer-Policy: unsafe-url
Set-Cookie: _bit=o44bSl-6a8614a39f1c58329b-005; Domain=bit.ly; Expires=Thu, 31 Oct 2024 11:54:21 GMT
Via: 1.1 google
GET

https://www.blogger.com/static/v1/widgets/224787869-widget_css_bundle.css

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /static/v1/widgets/224787869-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/2647409398-widgets.js

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /static/v1/widgets/2647409398-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

lh6.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh6.googleusercontent.com

IN A

Response

lh6.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
GET

https://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js

msedge.exe

Remote address:

162.125.64.15:443

Request

GET /u/66256041/popup/namkna.blogspot.con/slide_ads1.js HTTP/2.0
host: dl.dropbox.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

content-type: text/html
date: Sat, 04 May 2024 11:54:21 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: 2830da72f3d545e0b5ec2ce9e3cebe05
GET

https://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

msedge.exe

Remote address:

162.125.64.15:443

Request

GET /u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js HTTP/2.0
host: dl.dropboxusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

content-type: text/html
date: Sat, 04 May 2024 11:54:21 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: 4967475f4d284744bb3951ce57a3f735
GET

https://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

msedge.exe

Remote address:

162.125.64.15:443

Request

GET /u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js HTTP/2.0
host: dl.dropboxusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

content-type: text/html
date: Sat, 04 May 2024 11:54:21 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: fbe26172cc844387b6ce61a414bb76c4
GET

https://lh6.googleusercontent.com/-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-py3UTWU3Nzw/UHehopAwXOI/AAAAAAAAD34/GPkxUEHwl5Q/s15/ico-a.jpg

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-py3UTWU3Nzw/UHehopAwXOI/AAAAAAAAD34/GPkxUEHwl5Q/s15/ico-a.jpg HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-ENGt3WNWQnA/UHehqcn1hQI/AAAAAAAAD4o/7qXMb3s5hS8/s15/ico-u.jpg

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-ENGt3WNWQnA/UHehqcn1hQI/AAAAAAAAD4o/7qXMb3s5hS8/s15/ico-u.jpg HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://s7.addthis.com/js/250/addthis_widget.js

msedge.exe

Remote address:

104.68.81.91:443

Request

GET /js/250/addthis_widget.js HTTP/2.0
host: s7.addthis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/plain
content-length: 16
server: Oracle API Gateway
strict-transport-security: max-age=31536000
opc-request-id: /29FDDA545D823881F0B41C2B1588E7C3/8E7B0AD92344CA094B42C94977C1BDCD
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
date: Sat, 04 May 2024 11:54:21 GMT
x-distribution: 99
x-host: s7.addthis.com
DNS

lh4.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
DNS

233.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.143.123.92.in-addr.arpa

IN PTR

Response

233.143.123.92.in-addr.arpa

IN PTR

a92-123-143-233deploystaticakamaitechnologiescom
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

137.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.203.85.209.in-addr.arpa

IN PTR

Response

137.203.85.209.in-addr.arpa

IN PTR

dh-in-f1371e100net
DNS

15.64.125.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.64.125.162.in-addr.arpa

IN PTR

Response
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f11e100net

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1�G

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f97�G
DNS

9.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.200.250.142.in-addr.arpa

IN PTR

Response

9.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f91e100net
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1101e100net

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f14�J

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�J
DNS

11.248.199.67.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.248.199.67.in-addr.arpa

IN PTR

Response

11.248.199.67.in-addr.arpa

IN PTR

bitly
DNS

91.81.68.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.81.68.104.in-addr.arpa

IN PTR

Response

91.81.68.104.in-addr.arpa

IN PTR

a104-68-81-91deploystaticakamaitechnologiescom
DNS

sites.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sites.google.com

IN A

Response

sites.google.com

IN A

142.250.187.238
GET

https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fkhothuvien1234%2Fsieuthiduan.PNG

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /site/sites/system/errors/WebspaceNotFound?path=%2Fkhothuvien1234%2Fsieuthiduan.PNG HTTP/2.0
host: sites.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

209.85.203.84
GET

https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

84.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.203.85.209.in-addr.arpa

IN PTR

Response

84.203.85.209.in-addr.arpa

IN PTR

dh-in-f841e100net
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=38261FD9E7146E8038730BACE6F46F7F; domain=.bing.com; expires=Thu, 29-May-2025 11:54:24 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8A75542D127E433A81083FCB1C42C1DA Ref B: LON04EDGE1121 Ref C: 2024-05-04T11:54:24Z
date: Sat, 04 May 2024 11:54:23 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=38261FD9E7146E8038730BACE6F46F7F

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=pr3N1DTWVs8-TH7YbmMOcIiqVCZi7youKI4HYok0mFo; domain=.bing.com; expires=Thu, 29-May-2025 11:54:24 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1B2FC8E6FBD946338895D05A0B7D2E5F Ref B: LON04EDGE1121 Ref C: 2024-05-04T11:54:24Z
date: Sat, 04 May 2024 11:54:23 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=38261FD9E7146E8038730BACE6F46F7F; MSPTC=pr3N1DTWVs8-TH7YbmMOcIiqVCZi7youKI4HYok0mFo

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DD1B261AD98B4A07857E215871FE7FD7 Ref B: LON04EDGE1121 Ref C: 2024-05-04T11:54:24Z
date: Sat, 04 May 2024 11:54:23 GMT
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.194:443

Request

GET /th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=38261FD9E7146E8038730BACE6F46F7F; MSPTC=pr3N1DTWVs8-TH7YbmMOcIiqVCZi7youKI4HYok0mFo
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1463
date: Sat, 04 May 2024 11:54:25 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1714823665.172a80d9
DNS

138.201.86.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.201.86.20.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

s10.histats.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A

Response

s10.histats.com

IN CNAME

s10.histats.com.cdn.cloudflare.net

s10.histats.com.cdn.cloudflare.net

IN A

104.20.67.115

s10.histats.com.cdn.cloudflare.net

IN A

104.20.66.115
GET

http://s10.histats.com/js15.js

msedge.exe

Remote address:

104.20.67.115:80

Request

GET /js15.js HTTP/1.1
Host: s10.histats.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sat, 04 May 2024 11:54:44 GMT
Content-Type: text/javascript
Content-Length: 4405
Connection: keep-alive
Content-Encoding: gzip
ETag: "980881274"
Last-Modified: Thu, 16 Apr 2020 10:44:16 GMT
Vary: Accept-Encoding
Cache-Control: max-age=28800
CF-Cache-Status: HIT
Age: 60269
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 87e84c3baa5276f9-LHR
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
GET

http://www.facebook.com/widgets/like.php?href=https%3A%2F%2Fwww.facebook.com%2FShare123.vn&layout=standard&show_faces=true&width=53&action=like&colorscheme=light&height=80

msedge.exe

Remote address:

163.70.151.35:80

Request

GET /widgets/like.php?href=https%3A%2F%2Fwww.facebook.com%2FShare123.vn&layout=standard&show_faces=true&width=53&action=like&colorscheme=light&height=80 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/widgets/like.php?href=https%3A%2F%2Fwww.facebook.com%2FShare123.vn&layout=standard&show_faces=true&width=53&action=like&colorscheme=light&height=80
Content-Type: text/plain
Server: proxygen-bolt
Date: Sat, 04 May 2024 11:54:44 GMT
Connection: keep-alive
Content-Length: 0
DNS

115.67.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

115.67.20.104.in-addr.arpa

IN PTR

Response
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

139.53.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.53.16.96.in-addr.arpa

IN PTR

Response

139.53.16.96.in-addr.arpa

IN PTR

a96-16-53-139deploystaticakamaitechnologiescom
DNS

51.15.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.15.97.104.in-addr.arpa

IN PTR

Response

51.15.97.104.in-addr.arpa

IN PTR

a104-97-15-51deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496166
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2FFEE8DD54FA4BB7946EBB2F563649B1 Ref B: LON04EDGE0713 Ref C: 2024-05-04T11:56:03Z
date: Sat, 04 May 2024 11:56:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 638730
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9658C0031168447B89C3BE2487D4DCC8 Ref B: LON04EDGE0713 Ref C: 2024-05-04T11:56:03Z
date: Sat, 04 May 2024 11:56:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 565422
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CEE111DF5A45438EBCB5780E5E9A7AF9 Ref B: LON04EDGE0713 Ref C: 2024-05-04T11:56:03Z
date: Sat, 04 May 2024 11:56:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 583094
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 552CD2136E2D4AA7B846458C91B6DBA7 Ref B: LON04EDGE0713 Ref C: 2024-05-04T11:56:03Z
date: Sat, 04 May 2024 11:56:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 555746
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9E84F62A7E3343928FBBE21410B2179E Ref B: LON04EDGE0713 Ref C: 2024-05-04T11:56:03Z
date: Sat, 04 May 2024 11:56:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F14D8F2457024413A7CF41B84341B28B Ref B: LON04EDGE0713 Ref C: 2024-05-04T11:56:03Z
date: Sat, 04 May 2024 11:56:03 GMT
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response

142.250.178.1:80

http://2.bp.blogspot.com/-MP_iFJGRwMQ/Ukl-vk1ddxI/AAAAAAAAAcA/XRUa5S4smok/s72-c/bia-Dai+Thanh+copy.jpg

http

msedge.exe

793 B
5.6kB
8
9

HTTP Request

GET http://2.bp.blogspot.com/-MP_iFJGRwMQ/Ukl-vk1ddxI/AAAAAAAAAcA/XRUa5S4smok/s72-c/bia-Dai+Thanh+copy.jpg

HTTP Response

200
142.250.178.1:80

http://2.bp.blogspot.com/-7lDPL7UECXU/Ug3aviMLSXI/AAAAAAAAAQM/qmN4tVe0edo/s72-c/noi-that-cua-can-ho-hien-dai.jpg

http

msedge.exe

803 B
3.6kB
8
8

HTTP Request

GET http://2.bp.blogspot.com/-7lDPL7UECXU/Ug3aviMLSXI/AAAAAAAAAQM/qmN4tVe0edo/s72-c/noi-that-cua-can-ho-hien-dai.jpg

HTTP Response

200
209.85.203.137:443

https://4dc85062-a-62cb3a1a-s-sites.googlegroups.com/site/khothuvien1234/sieuthiduan.PNG

tls, http2

msedge.exe

1.9kB
7.2kB
17
19

HTTP Request

GET https://4dc85062-a-62cb3a1a-s-sites.googlegroups.com/site/khothuvien1234/sieuthiduan.PNG
142.250.178.1:80

http://1.bp.blogspot.com/-sLwvU89Q1ms/TWfDw6VIW_I/AAAAAAAAAIw/ZsABOxlq43k/s1600/no-image.PNG

http

msedge.exe

1.4kB
12.3kB
13
15

HTTP Request

GET http://1.bp.blogspot.com/-PYW6a5uXxrw/UvjaEah5ODI/AAAAAAAAAhw/Bvf2RfVWYa4/s72-c/toan-bo-nha.jpg

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-sLwvU89Q1ms/TWfDw6VIW_I/AAAAAAAAAIw/ZsABOxlq43k/s1600/no-image.PNG

HTTP Response

200
162.125.64.15:80

http://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

http

msedge.exe

689 B
532 B
7
6

HTTP Request

GET http://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

HTTP Response

301
162.125.64.15:80

http://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js

http

msedge.exe

667 B
510 B
7
6

HTTP Request

GET http://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js

HTTP Response

301
104.68.81.91:80

http://s7.addthis.com/js/250/addthis_widget.js

http

msedge.exe

641 B
726 B
7
6

HTTP Request

GET http://s7.addthis.com/js/250/addthis_widget.js

HTTP Response

308
216.58.201.97:443

https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg

tls, http2

msedge.exe

4.7kB
165.4kB
74
133

HTTP Request

GET https://lh3.googleusercontent.com/-Yx4chbloKq4/UvinQ6KnEQI/AAAAAAAAAm8/dy48_-fsZSg/w640-h452-no/quang-cao.gif

HTTP Request

GET https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg
142.250.200.9:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

msedge.exe

1.9kB
7.1kB
16
15

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png
216.58.201.110:443

https://apis.google.com/js/plusone.js

tls, http2

msedge.exe

2.5kB
29.4kB
32
32

HTTP Request

GET https://apis.google.com/js/plusone.js
216.58.201.97:443

https://lh5.googleusercontent.com/-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg

tls, http2

msedge.exe

2.2kB
13.4kB
20
24

HTTP Request

GET https://lh5.googleusercontent.com/-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg

HTTP Request

GET https://lh5.googleusercontent.com/-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg
67.199.248.11:80

http://bit.ly/hGWr7r

http

msedge.exe

665 B
945 B
7
6

HTTP Request

GET http://bit.ly/hGWr7r

HTTP Response

301
142.250.200.9:443

www.blogger.com

tls, http2

msedge.exe

999 B
5.8kB
9
8
142.250.200.9:443

https://www.blogger.com/static/v1/widgets/2647409398-widgets.js

tls, http2

msedge.exe

3.8kB
70.8kB
57
60

HTTP Request

GET https://www.blogger.com/static/v1/widgets/224787869-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/static/v1/widgets/2647409398-widgets.js
162.125.64.15:443

https://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js

tls, http2

msedge.exe

1.7kB
5.9kB
15
14

HTTP Request

GET https://dl.dropbox.com/u/66256041/popup/namkna.blogspot.con/slide_ads1.js

HTTP Response

404
162.125.64.15:443

https://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

tls, http2

msedge.exe

1.9kB
6.7kB
16
17

HTTP Request

GET https://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

HTTP Response

404

HTTP Request

GET https://dl.dropboxusercontent.com/u/66256041/Menu/Namkna-blogspot-menu-doc/jquery.min.v1.4.1.js

HTTP Response

404
216.58.201.97:443

lh5.googleusercontent.com

tls

msedge.exe

1.0kB
9.7kB
11
9
216.58.201.97:443

https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

tls, http2

msedge.exe

2.7kB
23.1kB
27
33

HTTP Request

GET https://lh6.googleusercontent.com/-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png

HTTP Request

GET https://lh6.googleusercontent.com/-py3UTWU3Nzw/UHehopAwXOI/AAAAAAAAD34/GPkxUEHwl5Q/s15/ico-a.jpg

HTTP Request

GET https://lh6.googleusercontent.com/-ENGt3WNWQnA/UHehqcn1hQI/AAAAAAAAD4o/7qXMb3s5hS8/s15/ico-u.jpg

HTTP Request

GET https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png
104.68.81.91:443

https://s7.addthis.com/js/250/addthis_widget.js

tls, http2

msedge.exe

2.7kB
6.7kB
17
19

HTTP Request

GET https://s7.addthis.com/js/250/addthis_widget.js

HTTP Response

200
216.58.204.66:445

pagead2.googlesyndication.com

260 B
5
142.250.187.238:443

https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fkhothuvien1234%2Fsieuthiduan.PNG

tls, http2

msedge.exe

1.9kB
10.0kB
17
20

HTTP Request

GET https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fkhothuvien1234%2Fsieuthiduan.PNG
209.85.203.84:443

https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG

tls, http2

msedge.exe

2.1kB
7.8kB
17
18

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/khothuvien1234/sieuthiduan.PNG
142.250.200.2:139

pagead2.googlesyndication.com

260 B
5
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

tls, http2

2.0kB
9.2kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fb53881471eb43fba4d9caca645dd593&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&anid=

HTTP Response

204
23.62.61.194:443

https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.5kB
6.8kB
17
13

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
104.20.67.115:80

http://s10.histats.com/js15.js

http

msedge.exe

720 B
5.1kB
7
8

HTTP Request

GET http://s10.histats.com/js15.js

HTTP Response

200
163.70.151.35:80

http://www.facebook.com/widgets/like.php?href=https%3A%2F%2Fwww.facebook.com%2FShare123.vn&layout=standard&show_faces=true&width=53&action=like&colorscheme=light&height=80

http

msedge.exe

871 B
583 B
6
5

HTTP Request

GET http://www.facebook.com/widgets/like.php?href=https%3A%2F%2Fwww.facebook.com%2FShare123.vn&layout=standard&show_faces=true&width=53&action=like&colorscheme=light&height=80

HTTP Response

301
163.70.151.35:443

www.facebook.com

tls

msedge.exe

1.9kB
5.8kB
14
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

119.0kB
3.5MB
2511
2506

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

4dc85062-a-62cb3a1a-s-sites.googlegroups.com

dns

msedge.exe

90 B
153 B
1
1

DNS Request

4dc85062-a-62cb3a1a-s-sites.googlegroups.com

DNS Response

209.85.203.137
8.8.8.8:53

dl.dropboxusercontent.com

dns

msedge.exe

71 B
132 B
1
1

DNS Request

dl.dropboxusercontent.com

DNS Response

162.125.64.15
8.8.8.8:53

dl.dropbox.com

dns

msedge.exe

60 B
121 B
1
1

DNS Request

dl.dropbox.com

DNS Response

162.125.64.15
8.8.8.8:53

2.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.200.9
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.200.9
8.8.8.8:53

bit.ly

dns

msedge.exe

52 B
84 B
1
1

DNS Request

bit.ly

DNS Response

67.199.248.11

67.199.248.10
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

s7.addthis.com

dns

msedge.exe

60 B
169 B
1
1

DNS Request

s7.addthis.com

DNS Response

104.68.81.91
8.8.8.8:53

lh5.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh5.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

lh6.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh6.googleusercontent.com

DNS Response

216.58.201.97
8.8.8.8:53

lh4.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh4.googleusercontent.com

DNS Response

216.58.201.97
216.58.201.97:443

lh4.googleusercontent.com

https

msedge.exe

7.1kB
24.8kB
46
52
142.250.200.9:443

www.blogger.com

https

msedge.exe

4.8kB
10.8kB
17
20
216.58.201.110:443

apis.google.com

https

msedge.exe

7.2kB
152.6kB
60
122
8.8.8.8:53

233.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

233.143.123.92.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

137.203.85.209.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

137.203.85.209.in-addr.arpa
8.8.8.8:53

15.64.125.162.in-addr.arpa

dns

72 B
122 B
1
1

DNS Request

15.64.125.162.in-addr.arpa
8.8.8.8:53

1.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.178.250.142.in-addr.arpa
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

9.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

9.200.250.142.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

11.248.199.67.in-addr.arpa

dns

72 B
92 B
1
1

DNS Request

11.248.199.67.in-addr.arpa
8.8.8.8:53

91.81.68.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

91.81.68.104.in-addr.arpa
8.8.8.8:53

sites.google.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

sites.google.com

DNS Response

142.250.187.238
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

209.85.203.84
209.85.203.84:443

accounts.google.com

https

msedge.exe

5.3kB
15.2kB
32
32
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

84.203.85.209.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.203.85.209.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

138.201.86.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.201.86.20.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
224.0.0.251:5353

msedge.exe

520 B
8
8.8.8.8:53

s10.histats.com

dns

msedge.exe

61 B
141 B
1
1

DNS Request

s10.histats.com

DNS Response

104.20.67.115

104.20.66.115
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

115.67.20.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

115.67.20.104.in-addr.arpa
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
209.85.203.137:443

4dc85062-a-62cb3a1a-s-sites.googlegroups.com

https

msedge.exe

2.4kB
7.4kB
9
11
142.250.187.238:443

sites.google.com

https

msedge.exe

3.8kB
8.3kB
10
12
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

139.53.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

139.53.16.96.in-addr.arpa
8.8.8.8:53

51.15.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

51.15.97.104.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
24cff0aba121b09a410d3d30d463b55f

SHA1
5b722676db1b8f7ef0d6e50812b62414515304b7

SHA256
1a446c8c1d800c92659f029e6161d92d1fdf4a0e2e0d172c2177fac107ebd541

SHA512
5f5ad14d341f1df634f759076156289039ec96cc5690b80c6a50e4670110e7404f321889c348e6bf3c0dc8c769c4bcb1c15557df552f4e2708da17c8f6c8046d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1ab3d7384e3ef19b4f7260a963c48d02

SHA1
a2fa6c81b7690187ce57b23aa09813c6078ef2e9

SHA256
b9ec366b9a2a38512514ab7126b5248fa2c3c49408886f92af52d25950e95d66

SHA512
046f31b462c4701da67fd243c34a717adac20f3e1b957fbb1863780374239470979c6de55e84239b270d5f3cb0b6b056cef60b82c1bb9c4cba722bde99d7eef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f18b8f453e746d3bbede3399978bb541

SHA1
c9a41ac3d3d36b79d4e3d0225c251b4816d96c93

SHA256
7c195ff7ebb138ec855d9ef45594af29539c0aff2b6ebba5d9e669347de0bb84

SHA512
df6898ed1d455f184a463c931642ebeb47582d10c3849f1d600921be65de1fc1bb9a27916ff5ab375c24c14c55fbd5e35e7649234029eeb0f0a38d07231a61cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50dda20f82d14d0136bdaa7769157d2f

SHA1
720d81bc99c1de09f189eb2069920cb8915269c5

SHA256
0256fb3cf303be56ed3b127a6547504f9aa61ec386d1478da486b64f6f43bb32

SHA512
602bf521db410c58f167f89854152deaa1293ac6a44cc9644b167ae5592e55be466b03e4a6a0b583a1500df91e263d846771134c78a810a1019120deda37db5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f132b4397825f3a68d1fc9a83f6c9e8

SHA1
f394af5f7b76365b64ad86677e24ff19a8e8bfd0

SHA256
f3554d67f95ecd6d4c1e7fa7dbeff13c8c97faa94c0220fd3471df9df61c23e5

SHA512
134ba41ef556e3195d94d2598f02cf21ae05696a8673781774a5ad018d469115063de389e7d995367c13d43f8f9ec1b508081472661f3c9e5511d89ad145e8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c8dc61acfdb1f15fb4fa4ec3d4e69d6c

SHA1
c6299230db2ed8dd173ef8973837dcc9ff27a602

SHA256
15ba2b0ac39631692c4ee80059b748e530b7495871a6c7c45362281a0839b59d

SHA512
3e8568147cd11083cd082e861d0915e8f2d037f6e160702166272276a6fbbaf95e0ec1a9f0af76dedf57d777021a5fc1f1345ac6f600d0a8a57f1a780174c5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c294.TMP

Filesize
705B

MD5
197ae88431bbbc496755be12f7f6e877

SHA1
2ea5962af956086a1605dd14551525d320790d2d

SHA256
feef88bc6f9726db5be582eff75e3f5adbadfd085c2b0a5baab553a44bd2fe8d

SHA512
9819526de24618bf8ae93be29f90925c6c922cec9d062ec6bfabc249469d605947babade3c6e3d1127b984262480ced42ead573bb9de476d2cb8bbb177d6a47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8a3470ec1763317cd1abbd4a50f261d

SHA1
d36a9b1a4b087107ba2d7dc031a4d683fece67b8

SHA256
9c296483d8ae24b8febb02f9222d196532e9974590854e0338c5c8edd0b2716f

SHA512
1a1bd7838e7b9d268194899df821d816c0fca6d7cf75c3856f1aae4f23f8f4606c25edcf8490f261c77f3cdb318a42f7b2f83177bcabcb21a300f0db82db3211

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request