Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 05:04 UTC
Static task
static1
Behavioral task
behavioral1
Sample
896f65c8c642a3936f38ce9e110aace2_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
896f65c8c642a3936f38ce9e110aace2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
896f65c8c642a3936f38ce9e110aace2_JaffaCakes118.html
-
Size
71KB
-
MD5
896f65c8c642a3936f38ce9e110aace2
-
SHA1
e02d3a959bc247c6286807bb4a3224acb39a52ef
-
SHA256
42f5b272a3af45e717e3f5b064c293662519f5f90ecc17468c5a734388f2801f
-
SHA512
cf673ff83191b799daab1b58f473f676fe34c8f9951711c828619a75e55b4805f86967356e87ad3cfa5bf77a2fe1be1541fb15152ad7badf0be1ec3885b9ffb6
-
SSDEEP
1536:/kADkA7ckABKQbZkAXhTcr0IPGNMxZPdJXxPTQakA9FSvp3IoqLKteHdZPnTgyiv:/kADkAAkAIGZkARTcr0uGNMxZPdJXxPu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2204 msedge.exe 2204 msedge.exe 5064 msedge.exe 5064 msedge.exe 4304 identity_helper.exe 4304 identity_helper.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5064 wrote to memory of 2244 5064 msedge.exe 83 PID 5064 wrote to memory of 2244 5064 msedge.exe 83 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 4672 5064 msedge.exe 84 PID 5064 wrote to memory of 2204 5064 msedge.exe 85 PID 5064 wrote to memory of 2204 5064 msedge.exe 85 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86 PID 5064 wrote to memory of 4504 5064 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\896f65c8c642a3936f38ce9e110aace2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7ffef86946f8,0x7ffef8694708,0x7ffef86947182⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:12⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5861534367411672788,16260258962300334996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2216
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5104
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request217.106.137.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.blogger.comIN AResponsewww.blogger.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A142.250.178.9
-
Remote address:8.8.8.8:53Requestimg1.blogblog.comIN AResponseimg1.blogblog.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A142.250.178.9
-
Remote address:142.250.178.9:443RequestGET /static/v1/widgets/3597120983-css_bundle_v2.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.178.9:443RequestGET /static/v1/widgets/1833189695-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://www.blogger.com/dyn-css/authorization.css?targetBlogID=3935663939680232797&zx=564d18b1-7503-490a-b0fb-30f803fa4a09msedge.exeRemote address:142.250.178.9:443RequestGET /dyn-css/authorization.css?targetBlogID=3935663939680232797&zx=564d18b1-7503-490a-b0fb-30f803fa4a09 HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.178.9:80RequestGET /img/icon18_wrench_allbkg.png HTTP/1.1
Host: img1.blogblog.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 12:11:45 GMT
Expires: Sat, 01 Jun 2024 12:11:45 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 24 May 2024 18:54:23 GMT
Content-Type: image/png
Age: 579157
-
Remote address:8.8.8.8:53Requestcdn.firebase.comIN AResponsecdn.firebase.comIN A151.101.1.195cdn.firebase.comIN A151.101.65.195
-
Remote address:151.101.1.195:443RequestGET /v0/firebase.js HTTP/2.0
host: cdn.firebase.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
cache-control: public,max-age=432000
content-encoding: br
content-type: application/javascript
etag: "16af03cf134a042390c20240c4c8580c6a855f81d65e5f55e65313f1931e9183-br"
last-modified: Wed, 15 Jul 2020 22:46:44 GMT
strict-transport-security: max-age=31556926
accept-ranges: bytes
date: Sat, 01 Jun 2024 05:04:22 GMT
x-served-by: cache-lcy-eglc8600072-LCY
x-cache: HIT
x-cache-hits: 2
x-timer: S1717218262.333714,VS0,VE0
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23597
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A142.250.200.14
-
Remote address:142.250.200.14:443RequestGET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestresources.blogblog.comIN AResponseresources.blogblog.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A142.250.178.9
-
Remote address:8.8.8.8:53Requestimg2.blogblog.comIN AResponseimg2.blogblog.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A142.250.178.9
-
Remote address:8.8.8.8:53Requestdantri4.vcmedia.vnIN AResponse
-
Remote address:8.8.8.8:53Request4.bp.blogspot.comIN AResponse4.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.180.1
-
Remote address:8.8.8.8:53Request3.bp.blogspot.comIN AResponse3.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.180.1
-
Remote address:8.8.8.8:53Request2.bp.blogspot.comIN AResponse2.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.180.1
-
Remote address:8.8.8.8:53Request1.bp.blogspot.comIN AResponse1.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.180.1
-
Remote address:8.8.8.8:53Request82.90.14.23.in-addr.arpaIN PTRResponse82.90.14.23.in-addr.arpaIN PTRa23-14-90-82deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.178.250.142.in-addr.arpaIN PTRResponse9.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f91e100net
-
Remote address:8.8.8.8:53Request195.212.58.216.in-addr.arpaIN PTRResponse195.212.58.216.in-addr.arpaIN PTRams16s21-in-f1951e100net195.212.58.216.in-addr.arpaIN PTRlhr25s27-in-f3�J195.212.58.216.in-addr.arpaIN PTRams16s21-in-f3�J
-
Remote address:8.8.8.8:53Request195.1.101.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A172.217.169.14youtube-ui.l.google.comIN A216.58.212.238youtube-ui.l.google.comIN A172.217.169.78youtube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A216.58.201.110
-
Remote address:142.250.178.9:443RequestGET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttp://4.bp.blogspot.com/-ZaKtcYD2dwM/U7Vz2XIpQyI/AAAAAAAAAy0/C4uNin6yBdM/s72-c/tauvothepsang.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-ZaKtcYD2dwM/U7Vz2XIpQyI/AAAAAAAAAy0/C4uNin6yBdM/s72-c/tauvothepsang.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="tauvothepsang.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4211
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32e"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
GEThttp://4.bp.blogspot.com/-ASI3tAr2zfI/U1hx0lNJYgI/AAAAAAAAAQA/YO631-oFMHI/s72-c/76H1.JPGmsedge.exeRemote address:142.250.180.1:80RequestGET /-ASI3tAr2zfI/U1hx0lNJYgI/AAAAAAAAAQA/YO631-oFMHI/s72-c/76H1.JPG HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="76H1.JPG"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 5281
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v100"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
GEThttp://4.bp.blogspot.com/-QhFGhJrlrF8/U4wojQRWYxI/AAAAAAAAAsQ/u_F3KOpXsbU/s1600/banh-u-tro.JPGmsedge.exeRemote address:142.250.180.1:80RequestGET /-QhFGhJrlrF8/U4wojQRWYxI/AAAAAAAAAsQ/u_F3KOpXsbU/s1600/banh-u-tro.JPG HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="banh-u-tro.JPG"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 40417
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2c5"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
GEThttp://2.bp.blogspot.com/-DD2BZ-gP7xg/U_3bltJHlUI/AAAAAAAAA0w/VJpvx0XgqQs/s1600/lien-he.pngmsedge.exeRemote address:142.250.180.1:80RequestGET /-DD2BZ-gP7xg/U_3bltJHlUI/AAAAAAAAA0w/VJpvx0XgqQs/s1600/lien-he.png HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="lien-he.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 5794
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6
ETag: "v34d"
Content-Type: image/png
Vary: Origin
-
Remote address:142.250.178.9:80RequestGET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: img2.blogblog.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 09:06:51 GMT
Expires: Sat, 01 Jun 2024 09:06:51 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 24 May 2024 09:56:36 GMT
Content-Type: image/gif
Age: 590251
-
GEThttp://3.bp.blogspot.com/-2500Q_1vnuQ/U1EpmaYj5JI/AAAAAAAAAOk/lJt-bmvMMSc/s1600/logo_40.pngmsedge.exeRemote address:142.250.180.1:80RequestGET /-2500Q_1vnuQ/U1EpmaYj5JI/AAAAAAAAAOk/lJt-bmvMMSc/s1600/logo_40.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="logo_40.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1250
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:18 GMT
Expires: Sun, 02 Jun 2024 05:04:18 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "ve9"
Content-Type: image/png
Vary: Origin
Age: 4
-
GEThttp://3.bp.blogspot.com/-Th_U56whMrE/U3L3XNOA6PI/AAAAAAAAAlo/V3fXJIa0Too/s72-c/tau-Quang-Ngai-ra-khoi.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-Th_U56whMrE/U3L3XNOA6PI/AAAAAAAAAlo/V3fXJIa0Too/s72-c/tau-Quang-Ngai-ra-khoi.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="tau-Quang-Ngai-ra-khoi.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3938
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v25c"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
GEThttp://3.bp.blogspot.com/-lvEHq4dpyas/U3rGMyorwPI/AAAAAAAAAm8/ypcEJ7bcGS8/s72-c/ngu-dan-viet-nam.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-lvEHq4dpyas/U3rGMyorwPI/AAAAAAAAAm8/ypcEJ7bcGS8/s72-c/ngu-dan-viet-nam.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ngu-dan-viet-nam.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3617
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6
ETag: "v274"
Content-Type: image/jpeg
Vary: Origin
-
GEThttp://3.bp.blogspot.com/-LuaoLxzMVgw/U2W7MCLOwCI/AAAAAAAAAkA/NDWU4UEKhts/s72-c/dua-hau_GQXL.jpg.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-LuaoLxzMVgw/U2W7MCLOwCI/AAAAAAAAAkA/NDWU4UEKhts/s72-c/dua-hau_GQXL.jpg.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="dua-hau_GQXL.jpg.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4670
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v241"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
GEThttp://3.bp.blogspot.com/-Vq-v-adebKk/U3rTvQQf1MI/AAAAAAAAApg/bR5KTbo7rTE/s72-c/images966396_45.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-Vq-v-adebKk/U3rTvQQf1MI/AAAAAAAAApg/bR5KTbo7rTE/s72-c/images966396_45.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images966396_45.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 5459
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v299"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
Remote address:8.8.8.8:53Requests.haivl.comIN AResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
GEThttp://1.bp.blogspot.com/-rfy4PxiK20M/U4AaaQ8kPEI/AAAAAAAAAqM/bIxxdjYg_6E/s72-c/dj-girl.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-rfy4PxiK20M/U4AaaQ8kPEI/AAAAAAAAAqM/bIxxdjYg_6E/s72-c/dj-girl.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="dj-girl.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4454
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2a4"
Content-Type: image/jpeg
Vary: Origin
Age: 6
-
GEThttp://1.bp.blogspot.com/-deN4NGtrnm4/U1Sc_xBJFKI/AAAAAAAAAPI/jWAGKqqJ0e8/s72-c/cangca.jpgmsedge.exeRemote address:142.250.180.1:80RequestGET /-deN4NGtrnm4/U1Sc_xBJFKI/AAAAAAAAAPI/jWAGKqqJ0e8/s72-c/cangca.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="cangca.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4728
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 05:04:16 GMT
Expires: Sun, 02 Jun 2024 05:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6
ETag: "vf3"
Content-Type: image/jpeg
Vary: Origin
-
Remote address:8.8.8.8:53Requestdevelopers.google.comIN AResponsedevelopers.google.comIN A216.58.201.110
-
Remote address:8.8.8.8:53Requestconnect.facebook.netIN AResponseconnect.facebook.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A163.70.151.21
-
Remote address:216.58.201.110:80RequestGET / HTTP/1.1
Host: developers.google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
X-Cloud-Trace-Context: 64134320608940eaf9db1cee98702487
Date: Sat, 01 Jun 2024 05:04:22 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.250.27.84
-
GEThttps://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__msedge.exeRemote address:142.250.27.84:443RequestGET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:216.58.201.110:443RequestGET / HTTP/2.0
host: developers.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A216.58.213.3
-
Remote address:216.58.213.3:443RequestGET /accounts/o/3604799710-postmessagerelay.js HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request1.180.250.142.in-addr.arpaIN PTRResponse1.180.250.142.in-addr.arpaIN PTRlhr25s32-in-f11e100net
-
Remote address:8.8.8.8:53Request14.213.58.216.in-addr.arpaIN PTRResponse14.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f141e100net14.213.58.216.in-addr.arpaIN PTRber01s14-in-f14�H
-
Remote address:8.8.8.8:53Request110.201.58.216.in-addr.arpaIN PTRResponse110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f1101e100net110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f14�J110.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f14�J
-
Remote address:8.8.8.8:53Request84.27.250.142.in-addr.arpaIN PTRResponse84.27.250.142.in-addr.arpaIN PTRra-in-f841e100net
-
Remote address:8.8.8.8:53Request3.213.58.216.in-addr.arpaIN PTRResponse3.213.58.216.in-addr.arpaIN PTRber01s14-in-f31e100net3.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f3�F
-
Remote address:8.8.8.8:53Requestconnect.facebook.netIN AResponseconnect.facebook.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A163.70.151.21
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0D18812566946F421EB595B4672F6EDA; domain=.bing.com; expires=Thu, 26-Jun-2025 05:04:25 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96E4B695A4A04535AA7205D366E717A1 Ref B: LON04EDGE0922 Ref C: 2024-06-01T05:04:25Z
date: Sat, 01 Jun 2024 05:04:25 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0D18812566946F421EB595B4672F6EDA; _EDGE_S=SID=0FCF50FBB46D6DB20B13446AB5AD6C02
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=6quryko4Pdv1hcL_qGNYzhgn0fM9Ih_ahPBLi8aOkXE; domain=.bing.com; expires=Thu, 26-Jun-2025 05:04:25 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 95B42C6A30B84854B9A9F0EDB2D0A24C Ref B: LON04EDGE0922 Ref C: 2024-06-01T05:04:25Z
date: Sat, 01 Jun 2024 05:04:25 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=f5d2ba81ac214775921348f3f19ac3f5&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111554Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981Remote address:23.62.61.194:443RequestGET /aes/c.gif?RG=f5d2ba81ac214775921348f3f19ac3f5&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111554Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0D18812566946F421EB595B4672F6EDA
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 35A176EF4F38454F98539E66FE086B13 Ref B: DUS30EDGE0409 Ref C: 2024-06-01T05:04:25Z
content-length: 0
date: Sat, 01 Jun 2024 05:04:25 GMT
set-cookie: _EDGE_S=SID=0FCF50FBB46D6DB20B13446AB5AD6C02; path=/; httponly; domain=bing.com
set-cookie: MUIDB=0D18812566946F421EB595B4672F6EDA; path=/; httponly; expires=Thu, 26-Jun-2025 05:04:25 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1717218265.6412892
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.61.62.23.in-addr.arpaIN PTRResponse194.61.62.23.in-addr.arpaIN PTRa23-62-61-194deploystaticakamaitechnologiescom
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.97:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=0D18812566946F421EB595B4672F6EDA; _EDGE_S=SID=0FCF50FBB46D6DB20B13446AB5AD6C02; MSPTC=6quryko4Pdv1hcL_qGNYzhgn0fM9Ih_ahPBLi8aOkXE; MUIDB=0D18812566946F421EB595B4672F6EDA
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Sat, 01 Jun 2024 05:04:26 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1717218266.6412c36
-
Remote address:8.8.8.8:53Request97.61.62.23.in-addr.arpaIN PTRResponse97.61.62.23.in-addr.arpaIN PTRa23-62-61-97deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A216.58.212.206youtube-ui.l.google.comIN A172.217.169.78youtube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A142.250.200.46
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.250.27.84
-
Remote address:8.8.8.8:53Request27.178.89.13.in-addr.arpaIN PTRResponse
-
142.250.178.9:443https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3935663939680232797&zx=564d18b1-7503-490a-b0fb-30f803fa4a09tls, http2msedge.exe3.5kB 71.9kB 47 70
HTTP Request
GET https://www.blogger.com/static/v1/widgets/3597120983-css_bundle_v2.cssHTTP Request
GET https://www.blogger.com/static/v1/widgets/1833189695-widgets.jsHTTP Request
GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3935663939680232797&zx=564d18b1-7503-490a-b0fb-30f803fa4a09 -
698 B 1.3kB 7 6
HTTP Request
GET http://img1.blogblog.com/img/icon18_wrench_allbkg.pngHTTP Response
200 -
2.4kB 33.4kB 30 35
HTTP Request
GET https://cdn.firebase.com/v0/firebase.jsHTTP Response
200 -
2.4kB 29.7kB 30 31
HTTP Request
GET https://apis.google.com/js/plusone.js -
288 B 208 B 6 4
-
288 B 208 B 6 4
-
288 B 208 B 6 4
-
288 B 208 B 6 4
-
1.8kB 7.2kB 15 16
HTTP Request
GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png -
142.250.180.1:80http://4.bp.blogspot.com/-ASI3tAr2zfI/U1hx0lNJYgI/AAAAAAAAAQA/YO631-oFMHI/s72-c/76H1.JPGhttpmsedge.exe1.4kB 11.0kB 12 14
HTTP Request
GET http://4.bp.blogspot.com/-ZaKtcYD2dwM/U7Vz2XIpQyI/AAAAAAAAAy0/C4uNin6yBdM/s72-c/tauvothepsang.jpgHTTP Response
200HTTP Request
GET http://4.bp.blogspot.com/-ASI3tAr2zfI/U1hx0lNJYgI/AAAAAAAAAQA/YO631-oFMHI/s72-c/76H1.JPGHTTP Response
200 -
142.250.180.1:80http://4.bp.blogspot.com/-QhFGhJrlrF8/U4wojQRWYxI/AAAAAAAAAsQ/u_F3KOpXsbU/s1600/banh-u-tro.JPGhttpmsedge.exe1.8kB 42.4kB 28 36
HTTP Request
GET http://4.bp.blogspot.com/-QhFGhJrlrF8/U4wojQRWYxI/AAAAAAAAAsQ/u_F3KOpXsbU/s1600/banh-u-tro.JPGHTTP Response
200 -
142.250.180.1:80http://2.bp.blogspot.com/-DD2BZ-gP7xg/U_3bltJHlUI/AAAAAAAAA0w/VJpvx0XgqQs/s1600/lien-he.pnghttpmsedge.exe828 B 6.7kB 9 10
HTTP Request
GET http://2.bp.blogspot.com/-DD2BZ-gP7xg/U_3bltJHlUI/AAAAAAAAA0w/VJpvx0XgqQs/s1600/lien-he.pngHTTP Response
200 -
260 B 5
-
696 B 1.0kB 7 6
HTTP Request
GET http://img2.blogblog.com/img/icon18_edit_allbkg.gifHTTP Response
200 -
142.250.180.1:80http://3.bp.blogspot.com/-Th_U56whMrE/U3L3XNOA6PI/AAAAAAAAAlo/V3fXJIa0Too/s72-c/tau-Quang-Ngai-ra-khoi.jpghttpmsedge.exe1.3kB 6.6kB 10 11
HTTP Request
GET http://3.bp.blogspot.com/-2500Q_1vnuQ/U1EpmaYj5JI/AAAAAAAAAOk/lJt-bmvMMSc/s1600/logo_40.pngHTTP Response
200HTTP Request
GET http://3.bp.blogspot.com/-Th_U56whMrE/U3L3XNOA6PI/AAAAAAAAAlo/V3fXJIa0Too/s72-c/tau-Quang-Ngai-ra-khoi.jpgHTTP Response
200 -
236 B 208 B 5 4
-
142.250.180.1:80http://3.bp.blogspot.com/-LuaoLxzMVgw/U2W7MCLOwCI/AAAAAAAAAkA/NDWU4UEKhts/s72-c/dua-hau_GQXL.jpg.jpghttpmsedge.exe1.3kB 9.8kB 11 13
HTTP Request
GET http://3.bp.blogspot.com/-lvEHq4dpyas/U3rGMyorwPI/AAAAAAAAAm8/ypcEJ7bcGS8/s72-c/ngu-dan-viet-nam.jpgHTTP Response
200HTTP Request
GET http://3.bp.blogspot.com/-LuaoLxzMVgw/U2W7MCLOwCI/AAAAAAAAAkA/NDWU4UEKhts/s72-c/dua-hau_GQXL.jpg.jpgHTTP Response
200 -
142.250.180.1:80http://3.bp.blogspot.com/-Vq-v-adebKk/U3rTvQQf1MI/AAAAAAAAApg/bR5KTbo7rTE/s72-c/images966396_45.jpghttpmsedge.exe836 B 6.4kB 9 10
HTTP Request
GET http://3.bp.blogspot.com/-Vq-v-adebKk/U3rTvQQf1MI/AAAAAAAAApg/bR5KTbo7rTE/s72-c/images966396_45.jpgHTTP Response
200 -
142.250.180.1:80http://1.bp.blogspot.com/-deN4NGtrnm4/U1Sc_xBJFKI/AAAAAAAAAPI/jWAGKqqJ0e8/s72-c/cangca.jpghttpmsedge.exe1.3kB 10.7kB 11 13
HTTP Request
GET http://1.bp.blogspot.com/-rfy4PxiK20M/U4AaaQ8kPEI/AAAAAAAAAqM/bIxxdjYg_6E/s72-c/dj-girl.jpgHTTP Response
200HTTP Request
GET http://1.bp.blogspot.com/-deN4NGtrnm4/U1Sc_xBJFKI/AAAAAAAAAPI/jWAGKqqJ0e8/s72-c/cangca.jpgHTTP Response
200 -
236 B 208 B 5 4
-
775 B 527 B 7 6
HTTP Request
GET http://developers.google.com/HTTP Response
301 -
260 B 5
-
142.250.27.84:443https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__tls, http2msedge.exe2.0kB 7.4kB 15 18
HTTP Request
GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ -
2.1kB 25.4kB 21 29
HTTP Request
GET https://developers.google.com/ -
216.58.213.3:443https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.jstls, http2msedge.exe2.0kB 11.8kB 19 18
HTTP Request
GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBtls, http22.5kB 9.0kB 20 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBHTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Mo-KB2xBo83qsum9tty-uTVUCUzc_mCZXwffLYOeVJndMpkPuUdU2XDF4DeDjcLfOgT_WVVkSrBEH2VgPTL-hy49iEoJebt2X6U1MlxioIFrgnCdXrTZndAdqomGqUMdzuC1LfiAqJK0PNRlM7SklWzpQKO2SARzFJhuRuZTti5r8fCL%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Df76aee42d16314e9448388798fb2b526&TIME=20240508T111554Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBHTTP Response
204 -
23.62.61.194:443https://www.bing.com/aes/c.gif?RG=f5d2ba81ac214775921348f3f19ac3f5&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111554Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981tls, http21.5kB 5.4kB 17 13
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=f5d2ba81ac214775921348f3f19ac3f5&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111554Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981HTTP Response
200 -
23.62.61.97:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.6kB 6.4kB 17 12
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
217.106.137.52.in-addr.arpa
-
61 B 108 B 1 1
DNS Request
www.blogger.com
DNS Response
142.250.178.9
-
63 B 110 B 1 1
DNS Request
img1.blogblog.com
DNS Response
142.250.178.9
-
62 B 94 B 1 1
DNS Request
cdn.firebase.com
DNS Response
151.101.1.195151.101.65.195
-
3.7kB 7.4kB 9 11
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
142.250.200.14
-
68 B 115 B 1 1
DNS Request
resources.blogblog.com
DNS Response
142.250.178.9
-
63 B 110 B 1 1
DNS Request
img2.blogblog.com
DNS Response
142.250.178.9
-
64 B 122 B 1 1
DNS Request
dantri4.vcmedia.vn
-
63 B 124 B 1 1
DNS Request
4.bp.blogspot.com
DNS Response
142.250.180.1
-
63 B 124 B 1 1
DNS Request
3.bp.blogspot.com
DNS Response
142.250.180.1
-
63 B 124 B 1 1
DNS Request
2.bp.blogspot.com
DNS Response
142.250.180.1
-
63 B 124 B 1 1
DNS Request
1.bp.blogspot.com
DNS Response
142.250.180.1
-
70 B 133 B 1 1
DNS Request
82.90.14.23.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
0.159.190.20.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
9.178.250.142.in-addr.arpa
-
73 B 171 B 1 1
DNS Request
195.212.58.216.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
195.1.101.151.in-addr.arpa
-
61 B 303 B 1 1
DNS Request
www.youtube.com
DNS Response
216.58.204.78172.217.169.14216.58.212.238172.217.169.78142.250.179.238142.250.180.14142.250.187.206142.250.187.238142.250.178.14172.217.16.238142.250.200.14142.250.200.46216.58.201.110
-
6.5kB 136.0kB 62 108
-
129 B 262 B 2 2
DNS Request
s.haivl.com
DNS Request
26.165.165.52.in-addr.arpa
-
67 B 83 B 1 1
DNS Request
developers.google.com
DNS Response
216.58.201.110
-
66 B 114 B 1 1
DNS Request
connect.facebook.net
DNS Response
163.70.151.21
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.250.27.84
-
61 B 77 B 1 1
DNS Request
ssl.gstatic.com
DNS Response
216.58.213.3
-
72 B 110 B 1 1
DNS Request
1.180.250.142.in-addr.arpa
-
72 B 141 B 1 1
DNS Request
14.213.58.216.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
110.201.58.216.in-addr.arpa
-
72 B 105 B 1 1
DNS Request
84.27.250.142.in-addr.arpa
-
71 B 138 B 1 1
DNS Request
3.213.58.216.in-addr.arpa
-
66 B 114 B 1 1
DNS Request
connect.facebook.net
DNS Response
163.70.151.21
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
194.61.62.23.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
97.61.62.23.in-addr.arpa
-
519 B 8
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
61 B 303 B 1 1
DNS Request
www.youtube.com
DNS Response
216.58.201.110216.58.204.78216.58.213.14216.58.212.206172.217.169.78142.250.179.238142.250.180.14142.250.187.206142.250.187.238142.250.178.14172.217.16.238142.250.200.14142.250.200.46
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
2.6kB 8.5kB 10 12
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.250.27.84
-
3.8kB 3.7kB 9 9
-
71 B 145 B 1 1
DNS Request
27.178.89.13.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
23KB
MD5e1c71f7c04be834f5587230db2ad24b3
SHA1f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA2569fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5585f8443d999b7cdbdf6b9ffee1efcd2
SHA1fbb0700762c7a85539b0112a93ea7d0735a5ea44
SHA25684db10881cb50df323c7337397c7f97bdefc6ef18e072c1e4d3aafad10e9bd63
SHA5127c2df9136d0fcfc5c519e1032be79c3a01c2f5f301e88adc7efd06d808de59dc32828b15b57eb355c2bebd10d04ae4df8f661d67aa9779c8831045ea4e620dea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5c97964f6a9d6239b91e37f2c86d8250b
SHA1db114a6125729b8be44eb02471b86734ad03a4a8
SHA25646899c7d7bb0c5aaad6c21e51f80b6a374e1acba9b71b1dcea0de3af7aca21de
SHA512de64efb7b5e3e4b770e2c37968e9b69cb7564192d70dc881d9c93d49c6f71614bfc4875eef517cf43696a9025642d3af9fd78617eb241a95948bf03328ed9256
-
Filesize
1KB
MD5d0376d3bec743fc11ad284a0c174d7d1
SHA1a7ff65d32e23b7a49e34aa07f74f54defb678762
SHA256fb68449c2f74cfba1cd82416f0d3b1370c9d8369b8125b1901e55e4757a36f51
SHA5121a3506c14a0bc564f97bfa0fb29d1fa5dfbcba40f15da0e8f4bfa3e9114a8e43378315718015550931712a9f09d8ec01882e13ed13e749c4cbf2542187babb4e
-
Filesize
5KB
MD51db99bcaea2df5b7d8eb6d985faeb7f8
SHA1ec9bcea812715dc9e0a729c7cdb9c33c74250712
SHA256acf5d854686e3163a132edc6678192626f456feca1c33c46ae2cdf8ddeefa261
SHA512cefef84b08e008311965e97a9d70cf0642b3b3dc11141e666edd2aff1f0f61c8520b257ecdd939ceccae075fbc6ff633117c66927b8bbfc466a2f89cf391e480
-
Filesize
7KB
MD59d9d126214a639a6b13db5f89cfb2850
SHA12eb53594ada2e4873c4f1be185f4a86cdd07e5bb
SHA256f251c842d4487adae129cf4cb6474d0b7f8d814b8dd5af5763ef6d8778318505
SHA512cd3e332cc108ddcad098db0939dbafe4aa0aa54ab9015ce7cdcc0c48d140c1e3b1e8b23666fd2c70dd8981a6de3af09980b9b0a5eee9f0349c500129cc700bbb
-
Filesize
7KB
MD5cfff0c139e2a657b9d716eaed08c499e
SHA1ff680394cf7c4c4afc7ea5ca15832f54a474d017
SHA25639d108544936a1f38a8381b72a995ddb4b7ed26f397daf197bbe3c2130a8f4e8
SHA512510dcbe93f0fb34337cfddd3fe5a205136851f03416233dfb2a87990dfef5d62346951bbe495e94bee0e2afc37341f8b69b0079b774be42590e6e8c7a222177c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5797eef60dab153c3d1e125b978ab49d6
SHA112b7e368a0118dba3e6a81e7d340fd9c983a549a
SHA25645e10503733ef955eeabe32063e9dfba4fc457fc36539306e7d30d58e36ff3cd
SHA512b8cdec9a230b208c722abfe93193498e26332942352196a4709277d4e90904cab0e64a01b533d3a9e2ee123eaceea20a4591204084a81bf930654e09fea09c00