6c7fbd7abe7efe89cec9fc9ac5da9e3933082a777de6261dd5a045ac37027a1a

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 09:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a035f780af6589522f5fe9e56b033e3f_JaffaCakes118.html
Size

66KB
MD5

a035f780af6589522f5fe9e56b033e3f
SHA1

48ffa6fc5661ceb5efa12c8e43650a329ce6298f
SHA256

6c7fbd7abe7efe89cec9fc9ac5da9e3933082a777de6261dd5a045ac37027a1a
SHA512

0a6bfba3bac14b06f6f4be604302203f1c8b3a60818abe888f78d4141c9a93c5ccec62ce73fbf7ce5bfdc74751090013b32894a9cb5f3e03fea70ebf05173060
SSDEEP

768:NcFCNXPIpB/d2xvyFQrb71u04AXzEJLUlrX3CE7rF8pEe51ziRiXLG3D+Ci:NcFGIpB/dIXMHiRiXLGm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
3620	msedge.exe
3620	msedge.exe
4284	identity_helper.exe
4284	identity_helper.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 2256	3620	msedge.exe	79
PID 3620 wrote to memory of 2256	3620	msedge.exe	79
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 2320	3620	msedge.exe	80
PID 3620 wrote to memory of 1636	3620	msedge.exe	81
PID 3620 wrote to memory of 1636	3620	msedge.exe	81
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82
PID 3620 wrote to memory of 912	3620	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a035f780af6589522f5fe9e56b033e3f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb5d46f8,0x7fffbb5d4708,0x7fffbb5d4718
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11638793290784551043,5909928028323829295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

Network

DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

br.babelfish.yahoo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

br.babelfish.yahoo.com

IN A

Response

br.babelfish.yahoo.com

IN CNAME

rc.yahoo.com

rc.yahoo.com

IN CNAME

global-accelerator.dns-rc.aws.oath.cloud

global-accelerator.dns-rc.aws.oath.cloud

IN CNAME

a7de0457831fd11f7.awsglobalaccelerator.com

a7de0457831fd11f7.awsglobalaccelerator.com

IN A

13.248.158.7

a7de0457831fd11f7.awsglobalaccelerator.com

IN A

76.223.84.192
DNS

widgetserver.com

msedge.exe

Remote address:

8.8.8.8:53

Request

widgetserver.com

IN A

Response

widgetserver.com

IN A

173.255.194.134

widgetserver.com

IN A

96.126.123.244

widgetserver.com

IN A

45.33.18.44

widgetserver.com

IN A

72.14.185.43

widgetserver.com

IN A

45.79.19.196

widgetserver.com

IN A

45.33.2.79

widgetserver.com

IN A

198.58.118.167

widgetserver.com

IN A

45.33.23.183

widgetserver.com

IN A

45.33.20.235

widgetserver.com

IN A

72.14.178.174

widgetserver.com

IN A

45.56.79.23

widgetserver.com

IN A

45.33.30.197
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
DNS

www.clocklink.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.clocklink.com

IN A

Response

www.clocklink.com

IN A

216.230.241.100
DNS

www.amoremlinks.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.amoremlinks.net

IN A

Response

www.amoremlinks.net

IN A

64.190.63.222
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

widgets.amung.us

msedge.exe

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

172.67.8.141

widgets.amung.us

IN A

104.22.75.171

widgets.amung.us

IN A

104.22.74.171
GET

https://resources.blogblog.com/blogblog/data/res/230357638-YTvideoBar_compiled.js

msedge.exe

Remote address:

142.250.178.9:443

Request

GET /blogblog/data/res/230357638-YTvideoBar_compiled.js HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

142.250.178.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://resources.blogblog.com/img/icon18_edit_allbkg.gif

msedge.exe

Remote address:

142.250.178.9:443

Request

GET /img/icon18_edit_allbkg.gif HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://br.babelfish.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br

msedge.exe

Remote address:

13.248.158.7:80

Request

GET /free_trans_service/babelfish2.js?from_lang=pt&region=br HTTP/1.1
Host: br.babelfish.yahoo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 12 Jun 2024 09:45:48 GMT
Connection: keep-alive
Server: ATS
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect
Location: https://br.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br
Content-Length: 4476
GET

http://pagead2.googlesyndication.com/pagead/show_ads.js

msedge.exe

Remote address:

142.250.178.2:80

Request

GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Wed, 12 Jun 2024 09:45:48 GMT
Expires: Wed, 12 Jun 2024 09:45:48 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 185539221382731366
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10904
X-XSS-Protection: 0
GET

http://widgets.amung.us/classic.js

msedge.exe

Remote address:

172.67.8.141:80

Request

GET /classic.js HTTP/1.1
Host: widgets.amung.us
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Wed, 12 Jun 2024 09:45:48 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:30 GMT
etag: W/"63c04122-32c5"
expires: Thu, 13 Jun 2024 08:50:27 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
CF-Cache-Status: HIT
Age: 3321
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8928e8ffa8f060ef-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.blogger.com/static/v1/widgets/3332739511-widget_css_bundle.css

msedge.exe

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/3332739511-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/3538524853-widgets.js

msedge.exe

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/3538524853-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3957891936079228517&zx=00f8ab3f-4ba4-4bcb-b7b5-863a23a9ea2b

msedge.exe

Remote address:

142.250.178.9:443

Request

GET /dyn-css/authorization.css?targetBlogID=3957891936079228517&zx=00f8ab3f-4ba4-4bcb-b7b5-863a23a9ea2b HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://widgetserver.com/syndication/subscriber/InsertWidget.js?appId=35fb165e-385d-4a12-87ba-3dba3fb56438

msedge.exe

Remote address:

173.255.194.134:80

Request

GET /syndication/subscriber/InsertWidget.js?appId=35fb165e-385d-4a12-87ba-3dba3fb56438 HTTP/1.1
Host: widgetserver.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: openresty/1.13.6.1
date: Wed, 12 Jun 2024 09:45:48 GMT
content-type: application/javascript
content-length: 157
last-modified: Tue, 10 Jan 2023 21:36:12 GMT
etag: "63bdda4c-9d"
accept-ranges: bytes
connection: close
GET

http://widgetserver.com/syndication/subscriber/InsertWidget.js?appId=f0ac954d-30d8-4893-9f4d-6c0a6f63d957

msedge.exe

Remote address:

173.255.194.134:80

Request

GET /syndication/subscriber/InsertWidget.js?appId=f0ac954d-30d8-4893-9f4d-6c0a6f63d957 HTTP/1.1
Host: widgetserver.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: openresty/1.13.6.1
date: Wed, 12 Jun 2024 09:45:48 GMT
content-type: application/javascript
content-length: 157
last-modified: Tue, 10 Jan 2023 21:36:11 GMT
etag: "63bdda4b-9d"
accept-ranges: bytes
connection: close
GET

http://4.bp.blogspot.com/_6zj4yx6IpiE/Sj1AexsVpWI/AAAAAAAAAAM/6lYYOTcB5LQ/S220/images%5B1%5D.jpg

msedge.exe

Remote address:

142.250.180.1:80

Request

GET /_6zj4yx6IpiE/Sj1AexsVpWI/AAAAAAAAAAM/6lYYOTcB5LQ/S220/images%5B1%5D.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v3"
Expires: Thu, 13 Jun 2024 09:45:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="images[1].jpg"
X-Content-Type-Options: nosniff
Date: Wed, 12 Jun 2024 09:45:49 GMT
Server: fife
Content-Length: 3998
X-XSS-Protection: 0
GET

http://www.amoremlinks.net/biblia.js

msedge.exe

Remote address:

64.190.63.222:80

Request

GET /biblia.js HTTP/1.1
Host: www.amoremlinks.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Wed, 12 Jun 2024 09:45:49 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_mEug5pMSrWbHsabR/jDiayGc6UJyvhJ3GoL47fiIFWRRSvRd4TKruPkOGNirmSne5hZIydZW+NrWInfuhw1kxQ==
last-modified: Wed, 12 Jun 2024 09:45:48 GMT
x-cache-miss-from: parking-7dd9875bc6-gms9t
server: Parking/1.0
content-encoding: gzip
DNS

br.yahoo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

br.yahoo.com

IN A

Response

br.yahoo.com

IN CNAME

fp-ycpi.g03.yahoodns.net

fp-ycpi.g03.yahoodns.net

IN A

87.248.114.12

fp-ycpi.g03.yahoodns.net

IN A

87.248.114.11
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
GET

http://4.bp.blogspot.com/_6zj4yx6IpiE/SkUj2-01FpI/AAAAAAAAAB4/MMNOcyXWK3A/s320/S7301128.JPG

msedge.exe

Remote address:

142.250.180.1:80

Request

GET /_6zj4yx6IpiE/SkUj2-01FpI/AAAAAAAAAB4/MMNOcyXWK3A/s320/S7301128.JPG HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1e"
Expires: Thu, 13 Jun 2024 09:45:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="S7301128.JPG"
X-Content-Type-Options: nosniff
Date: Wed, 12 Jun 2024 09:45:49 GMT
Server: fife
Content-Length: 25432
X-XSS-Protection: 0
GET

https://br.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br

msedge.exe

Remote address:

87.248.114.12:443

Request

GET /free_trans_service/babelfish2.js?from_lang=pt&region=br HTTP/2.0
host: br.yahoo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUj_0MewsI/AAAAAAAAACA/kWrDjRSoeC0/s320/S7301130.JPG

msedge.exe

Remote address:

142.250.180.1:80

Request

GET /_6zj4yx6IpiE/SkUj_0MewsI/AAAAAAAAACA/kWrDjRSoeC0/s320/S7301130.JPG HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v20"
Expires: Thu, 13 Jun 2024 09:45:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="S7301130.JPG"
X-Content-Type-Options: nosniff
Date: Wed, 12 Jun 2024 09:45:49 GMT
Server: fife
Content-Length: 29851
X-XSS-Protection: 0
GET

http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUjvJnR2KI/AAAAAAAAABw/LSLBkBYPZ00/s320/S7301127.JPG

msedge.exe

Remote address:

142.250.180.1:80

Request

GET /_6zj4yx6IpiE/SkUjvJnR2KI/AAAAAAAAABw/LSLBkBYPZ00/s320/S7301127.JPG HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1c"
Expires: Thu, 13 Jun 2024 09:45:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="S7301127.JPG"
X-Content-Type-Options: nosniff
Date: Wed, 12 Jun 2024 09:45:49 GMT
Server: fife
Content-Length: 23696
X-XSS-Protection: 0
GET

http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUjn-OKCpI/AAAAAAAAABo/LI6_QklJ8Qk/s320/S7301123.JPG

msedge.exe

Remote address:

142.250.180.1:80

Request

GET /_6zj4yx6IpiE/SkUjn-OKCpI/AAAAAAAAABo/LI6_QklJ8Qk/s320/S7301123.JPG HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1a"
Expires: Thu, 13 Jun 2024 09:45:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="S7301123.JPG"
X-Content-Type-Options: nosniff
Date: Wed, 12 Jun 2024 09:45:49 GMT
Server: fife
Content-Length: 22937
X-XSS-Protection: 0
DNS

3.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

www.biblialegal.com.br

msedge.exe

Remote address:

8.8.8.8:53

Request

www.biblialegal.com.br

IN A

Response

www.biblialegal.com.br

IN CNAME

biblialegal.com.br

biblialegal.com.br

IN A

167.99.185.134
DNS

br.search.yahoo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

br.search.yahoo.com

IN A

Response

br.search.yahoo.com

IN CNAME

ds-global3.l7.search.ystg1.b.yahoo.com

ds-global3.l7.search.ystg1.b.yahoo.com

IN A

212.82.100.137
GET

http://3.bp.blogspot.com/_6zj4yx6IpiE/SkUh3ASP22I/AAAAAAAAABg/05qSND6zsOc/s320/cartaz_63%25C2%25AA%2BEBO.jpg

msedge.exe

Remote address:

142.250.180.1:80

Request

GET /_6zj4yx6IpiE/SkUh3ASP22I/AAAAAAAAABg/05qSND6zsOc/s320/cartaz_63%25C2%25AA%2BEBO.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v18"
Expires: Thu, 13 Jun 2024 09:45:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="cartaz_63%C2%AA+EBO.jpg"
X-Content-Type-Options: nosniff
Date: Wed, 12 Jun 2024 09:45:49 GMT
Server: fife
Content-Length: 30977
X-XSS-Protection: 0
GET

https://br.search.yahoo.com/?fr2=p:fprd,mkt:br

msedge.exe

Remote address:

212.82.100.137:443

Request

GET /?fr2=p:fprd,mkt:br HTTP/2.0
host: br.search.yahoo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://www.biblialegal.com.br/imagens/biblialegalsplashscreen5.jpg

msedge.exe

Remote address:

167.99.185.134:80

Request

GET /imagens/biblialegalsplashscreen5.jpg HTTP/1.1
Host: www.biblialegal.com.br
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

content-type: text/html; charset=UTF-8
expires: Wed, 12 Jun 2024 10:45:49 GMT
x-litespeed-tag: fdd_HTTP.404,fdd_HTTP.301,fdd_HTTP.301
x-redirect-by: WordPress
location: https://biblialegal.com.br
x-litespeed-cache-control: no-cache
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 0
date: Wed, 12 Jun 2024 09:45:49 GMT
server: LiteSpeed
connection: Keep-Alive
DNS

biblialegal.com.br

msedge.exe

Remote address:

8.8.8.8:53

Request

biblialegal.com.br

IN A

Response

biblialegal.com.br

IN A

167.99.185.134
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

9.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.178.250.142.in-addr.arpa

IN PTR

Response

9.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f91e100net
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

2.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.178.250.142.in-addr.arpa

IN PTR

Response

2.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f21e100net
DNS

7.158.248.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.158.248.13.in-addr.arpa

IN PTR

Response

7.158.248.13.in-addr.arpa

IN PTR

a7de0457831fd11f7awsglobalacceleratorcom
DNS

141.8.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.8.67.172.in-addr.arpa

IN PTR

Response
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

222.63.190.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.63.190.64.in-addr.arpa

IN PTR

Response
DNS

134.194.255.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.194.255.173.in-addr.arpa

IN PTR

Response

134.194.255.173.in-addr.arpa

IN PTR

li204-134memberslinodecom
DNS

12.114.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.114.248.87.in-addr.arpa

IN PTR

Response

12.114.248.87.in-addr.arpa

IN PTR

e2ycpiviplobyahoocom
DNS

137.100.82.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.100.82.212.in-addr.arpa

IN PTR

Response

137.100.82.212.in-addr.arpa

IN PTR

ats1l7searchvipir2yahoocom
DNS

134.185.99.167.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.185.99.167.in-addr.arpa

IN PTR

Response
GET

https://biblialegal.com.br/

msedge.exe

Remote address:

167.99.185.134:443

Request

GET / HTTP/2.0
host: biblialegal.com.br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=UTF-8
link: <https://biblialegal.com.br/wp-json/>; rel="https://api.w.org/"
link: <https://biblialegal.com.br/wp-json/wp/v2/pages/169>; rel="alternate"; type="application/json"
link: <https://biblialegal.com.br/>; rel=shortlink
vary: Accept-Encoding
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-litespeed-cache: hit
content-encoding: gzip
content-length: 21938
date: Wed, 12 Jun 2024 09:45:49 GMT
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

http://widgetserver.com/

msedge.exe

Remote address:

173.255.194.134:80

Request

GET / HTTP/1.1
Host: widgetserver.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: openresty/1.13.6.1
date: Wed, 12 Jun 2024 09:46:11 GMT
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
connection: close
GET

http://widgetserver.com/?gp=1&js=1&uuid=1718185571.0065611200&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOSJ9

msedge.exe

Remote address:

173.255.194.134:80

Request

GET /?gp=1&js=1&uuid=1718185571.0065611200&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOSJ9 HTTP/1.1
Host: widgetserver.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://widgetserver.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

server: openresty/1.13.6.1
date: Wed, 12 Jun 2024 09:46:11 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://www3.widgetserver.com/?tm=1&subid4=1718185571.0278400000&KW1=Europe%20Dedicated%20Servers&KW2=United%20Kingdom%20Dedicated%20Servers&KW3=England%20Dedicated%20Servers&KW4=London%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
referrer-policy: no-referrer
x-mtm-path: 0
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJ3aWRnZXRzZXJ2ZXIuY29tIiwiaHR0cHM6Ly93d3czLndpZGdldHNlcnZlci5jb20vP3RtPTEmc3ViaWQ0PTE3MTgxODU1NzEuMDI3ODQwMDAwMCZLVzE9RXVyb3BlJTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzI9VW5pdGVkJTIwS2luZ2RvbSUyMERlZGljYXRlZCUyMFNlcnZlcnMmS1czPUVuZ2xhbmQlMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXND1Mb25kb24lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXNT1DdXN0b20lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJnNlYXJjaGJveD0wJmJhY2tmaWxsPTAiLDEsIjIwMjQtMDYtMTIgMDk6NDY6MTEiLDEsIjE3MTgxODU1NzEuMDI3ODQwMDAwMCIsMSxudWxsLG51bGxd:1sHKYV:XO-NN1J9_QV9wPAA2VQqRC5xcZw; expires=Wed, 12-Jun-2024 10:46:11 GMT; Max-Age=3600; Path=/
connection: close
DNS

www3.widgetserver.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www3.widgetserver.com

IN A

Response

www3.widgetserver.com

IN A

45.79.19.196

www3.widgetserver.com

IN A

45.33.20.235

www3.widgetserver.com

IN A

72.14.185.43

www3.widgetserver.com

IN A

72.14.178.174

www3.widgetserver.com

IN A

45.33.18.44

www3.widgetserver.com

IN A

45.33.23.183

www3.widgetserver.com

IN A

45.33.30.197

www3.widgetserver.com

IN A

173.255.194.134

www3.widgetserver.com

IN A

45.33.2.79

www3.widgetserver.com

IN A

198.58.118.167

www3.widgetserver.com

IN A

96.126.123.244

www3.widgetserver.com

IN A

45.56.79.23
GET

https://www3.widgetserver.com/?tm=1&subid4=1718185571.0278400000&KW1=Europe%20Dedicated%20Servers&KW2=United%20Kingdom%20Dedicated%20Servers&KW3=England%20Dedicated%20Servers&KW4=London%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

msedge.exe

Remote address:

45.79.19.196:443

Request

GET /?tm=1&subid4=1718185571.0278400000&KW1=Europe%20Dedicated%20Servers&KW2=United%20Kingdom%20Dedicated%20Servers&KW3=England%20Dedicated%20Servers&KW4=London%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0 HTTP/1.1
Host: www3.widgetserver.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Wed, 12 Jun 2024 09:46:12 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: nginx
vary: Accept-Encoding
x-redirect: skenzo
x-buckets: bucket011
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dLCPqbmsHOvk3CBpZ3EC4U4Vsb95jw6YJrLBtpPE3nqZ79U07xBnf75qT0PBXo18eO2mHxWvg+krNPbXvN3xJQ==
x-template: tpl_CleanPeppermintBlack_twoclick
x-language: english
accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime: 30
x-domain: widgetserver.com
x-subdomain: www1
ret_path: sx_new
content-encoding: gzip
GET

https://www3.widgetserver.com/favicon.ico

msedge.exe

Remote address:

45.79.19.196:443

Request

GET /favicon.ico HTTP/1.1
Host: www3.widgetserver.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
Device-Memory: 8
DNT: 1
rtt: 100
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Viewport-Width: 1280
DPR: 1
downlink: 1.45
ect: 4g
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www3.widgetserver.com/?tm=1&subid4=1718185571.0278400000&KW1=Europe%20Dedicated%20Servers&KW2=United%20Kingdom%20Dedicated%20Servers&KW3=England%20Dedicated%20Servers&KW4=London%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Wed, 12 Jun 2024 09:46:13 GMT
content-type: image/x-icon
content-length: 0
server: nginx
accept-ranges: bytes
ret_path: sx_new
DNS

ifdnzact.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ifdnzact.com

IN A

Response

ifdnzact.com

IN A

208.91.196.46
DNS

196.19.79.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.19.79.45.in-addr.arpa

IN PTR

Response

196.19.79.45.in-addr.arpa

IN PTR

li1118-196memberslinodecom
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

youtube.googleapis.com

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.178.10
DNS

240.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.17.2.in-addr.arpa

IN PTR

Response

240.197.17.2.in-addr.arpa

IN PTR

a2-17-197-240deploystaticakamaitechnologiescom
DNS

youtube.googleapis.com

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.178.10
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response

142.250.178.9:443

https://resources.blogblog.com/img/icon18_edit_allbkg.gif

tls, http2

msedge.exe

2.3kB
10.7kB
22
26

HTTP Request

GET https://resources.blogblog.com/blogblog/data/res/230357638-YTvideoBar_compiled.js

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Request

GET https://resources.blogblog.com/img/icon18_edit_allbkg.gif
142.250.178.9:445

www.blogger.com

260 B
5
142.250.200.14:443

https://apis.google.com/js/plusone.js

tls, http2

msedge.exe

2.5kB
29.6kB
32
31

HTTP Request

GET https://apis.google.com/js/plusone.js
216.230.241.100:80

www.clocklink.com

msedge.exe

260 B
5
13.248.158.7:80

http://br.babelfish.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br

http

msedge.exe

824 B
6.5kB
10
11

HTTP Request

GET http://br.babelfish.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br

HTTP Response

301
142.250.178.2:80

http://pagead2.googlesyndication.com/pagead/show_ads.js

http

msedge.exe

834 B
12.1kB
11
14

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/show_ads.js

HTTP Response

200
172.67.8.141:80

http://widgets.amung.us/classic.js

http

msedge.exe

767 B
7.8kB
10
12

HTTP Request

GET http://widgets.amung.us/classic.js

HTTP Response

200
142.250.178.9:443

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3957891936079228517&zx=00f8ab3f-4ba4-4bcb-b7b5-863a23a9ea2b

tls, http2

msedge.exe

3.7kB
64.5kB
51
61

HTTP Request

GET https://www.blogger.com/static/v1/widgets/3332739511-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/static/v1/widgets/3538524853-widgets.js

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3957891936079228517&zx=00f8ab3f-4ba4-4bcb-b7b5-863a23a9ea2b
142.250.178.9:443

www.blogger.com

tls, http2

msedge.exe

999 B
5.8kB
9
8
173.255.194.134:80

http://widgetserver.com/syndication/subscriber/InsertWidget.js?appId=35fb165e-385d-4a12-87ba-3dba3fb56438

http

msedge.exe

608 B
580 B
5
4

HTTP Request

GET http://widgetserver.com/syndication/subscriber/InsertWidget.js?appId=35fb165e-385d-4a12-87ba-3dba3fb56438

HTTP Response

200
173.255.194.134:80

http://widgetserver.com/syndication/subscriber/InsertWidget.js?appId=f0ac954d-30d8-4893-9f4d-6c0a6f63d957

http

msedge.exe

608 B
580 B
5
4

HTTP Request

GET http://widgetserver.com/syndication/subscriber/InsertWidget.js?appId=f0ac954d-30d8-4893-9f4d-6c0a6f63d957

HTTP Response

200
142.250.180.1:80

http://4.bp.blogspot.com/_6zj4yx6IpiE/Sj1AexsVpWI/AAAAAAAAAAM/6lYYOTcB5LQ/S220/images%5B1%5D.jpg

http

msedge.exe

787 B
4.9kB
8
9

HTTP Request

GET http://4.bp.blogspot.com/_6zj4yx6IpiE/Sj1AexsVpWI/AAAAAAAAAAM/6lYYOTcB5LQ/S220/images%5B1%5D.jpg

HTTP Response

200
64.190.63.222:80

http://www.amoremlinks.net/biblia.js

http

msedge.exe

723 B
8.8kB
9
10

HTTP Request

GET http://www.amoremlinks.net/biblia.js

HTTP Response

200
142.250.180.1:80

http://4.bp.blogspot.com/_6zj4yx6IpiE/SkUj2-01FpI/AAAAAAAAAB4/MMNOcyXWK3A/s320/S7301128.JPG

http

msedge.exe

1.1kB
26.9kB
16
25

HTTP Request

GET http://4.bp.blogspot.com/_6zj4yx6IpiE/SkUj2-01FpI/AAAAAAAAAB4/MMNOcyXWK3A/s320/S7301128.JPG

HTTP Response

200
87.248.114.12:443

https://br.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br

tls, http2

msedge.exe

1.7kB
7.9kB
16
17

HTTP Request

GET https://br.yahoo.com/free_trans_service/babelfish2.js?from_lang=pt&region=br
142.250.180.1:80

http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUj_0MewsI/AAAAAAAAACA/kWrDjRSoeC0/s320/S7301130.JPG

http

msedge.exe

1.2kB
31.5kB
18
28

HTTP Request

GET http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUj_0MewsI/AAAAAAAAACA/kWrDjRSoeC0/s320/S7301130.JPG

HTTP Response

200
142.250.180.1:80

http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUjvJnR2KI/AAAAAAAAABw/LSLBkBYPZ00/s320/S7301127.JPG

http

msedge.exe

1.1kB
25.1kB
15
23

HTTP Request

GET http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUjvJnR2KI/AAAAAAAAABw/LSLBkBYPZ00/s320/S7301127.JPG

HTTP Response

200
216.230.241.100:80

www.clocklink.com

msedge.exe

260 B
5
142.250.180.1:80

http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUjn-OKCpI/AAAAAAAAABo/LI6_QklJ8Qk/s320/S7301123.JPG

http

msedge.exe

1.1kB
24.4kB
15
23

HTTP Request

GET http://1.bp.blogspot.com/_6zj4yx6IpiE/SkUjn-OKCpI/AAAAAAAAABo/LI6_QklJ8Qk/s320/S7301123.JPG

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/_6zj4yx6IpiE/SkUh3ASP22I/AAAAAAAAABg/05qSND6zsOc/s320/cartaz_63%25C2%25AA%2BEBO.jpg

http

msedge.exe

1.3kB
32.6kB
18
29

HTTP Request

GET http://3.bp.blogspot.com/_6zj4yx6IpiE/SkUh3ASP22I/AAAAAAAAABg/05qSND6zsOc/s320/cartaz_63%25C2%25AA%2BEBO.jpg

HTTP Response

200
212.82.100.137:443

https://br.search.yahoo.com/?fr2=p:fprd,mkt:br

tls, http2

msedge.exe

2.2kB
40.9kB
27
41

HTTP Request

GET https://br.search.yahoo.com/?fr2=p:fprd,mkt:br
167.99.185.134:80

http://www.biblialegal.com.br/imagens/biblialegalsplashscreen5.jpg

http

msedge.exe

665 B
646 B
6
5

HTTP Request

GET http://www.biblialegal.com.br/imagens/biblialegalsplashscreen5.jpg

HTTP Response

301
167.99.185.134:443

biblialegal.com.br

tls, http2

msedge.exe

943 B
4.1kB
8
10
167.99.185.134:443

https://biblialegal.com.br/

tls, http2

msedge.exe

2.2kB
27.5kB
26
31

HTTP Request

GET https://biblialegal.com.br/

HTTP Response

200
142.250.178.9:139

www.blogger.com

260 B
5
173.255.194.134:80

http://widgetserver.com/

http

msedge.exe

678 B
929 B
5
4

HTTP Request

GET http://widgetserver.com/

HTTP Response

200
173.255.194.134:80

http://widgetserver.com/?gp=1&js=1&uuid=1718185571.0065611200&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOSJ9

http

msedge.exe

998 B
1.3kB
5
5

HTTP Request

GET http://widgetserver.com/?gp=1&js=1&uuid=1718185571.0065611200&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOSJ9

HTTP Response

302
173.255.194.134:80

widgetserver.com

msedge.exe

236 B
172 B
5
4
142.250.187.196:445

www.google.com

260 B
5
45.79.19.196:443

https://www3.widgetserver.com/favicon.ico

tls, http

msedge.exe

3.0kB
6.3kB
13
15

HTTP Request

GET https://www3.widgetserver.com/?tm=1&subid4=1718185571.0278400000&KW1=Europe%20Dedicated%20Servers&KW2=United%20Kingdom%20Dedicated%20Servers&KW3=England%20Dedicated%20Servers&KW4=London%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

HTTP Response

200

HTTP Request

GET https://www3.widgetserver.com/favicon.ico

HTTP Response

200
172.217.16.234:445

youtube.googleapis.com

260 B
5
142.250.200.10:445

youtube.googleapis.com

260 B
5
142.250.200.42:445

youtube.googleapis.com

260 B
5
216.58.201.106:445

youtube.googleapis.com

260 B
5
216.58.204.74:445

youtube.googleapis.com

260 B
5
216.58.213.10:445

youtube.googleapis.com

260 B
5
172.217.169.10:445

youtube.googleapis.com

260 B
5
216.58.212.234:445

youtube.googleapis.com

260 B
5
172.217.169.74:445

youtube.googleapis.com

260 B
5
172.217.169.42:445

youtube.googleapis.com

260 B
5
142.250.179.234:445

youtube.googleapis.com

260 B
5
142.250.180.10:445

youtube.googleapis.com

260 B
5
142.250.187.202:445

youtube.googleapis.com

260 B
5
142.250.178.10:445

youtube.googleapis.com

260 B
5
142.250.187.234:445

youtube.googleapis.com

260 B
5
172.217.16.234:139

youtube.googleapis.com

260 B
5
142.250.187.226:445

pagead2.googlesyndication.com

260 B
5
142.250.178.2:139

pagead2.googlesyndication.com

260 B
5

8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.178.9
8.8.8.8:53

br.babelfish.yahoo.com

dns

msedge.exe

68 B
224 B
1
1

DNS Request

br.babelfish.yahoo.com

DNS Response

13.248.158.7

76.223.84.192
8.8.8.8:53

widgetserver.com

dns

msedge.exe

62 B
254 B
1
1

DNS Request

widgetserver.com

DNS Response

173.255.194.134

96.126.123.244

45.33.18.44

72.14.185.43

45.79.19.196

45.33.2.79

198.58.118.167

45.33.23.183

45.33.20.235

72.14.178.174

45.56.79.23

45.33.30.197
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

www.clocklink.com

dns

msedge.exe

63 B
79 B
1
1

DNS Request

www.clocklink.com

DNS Response

216.230.241.100
8.8.8.8:53

www.amoremlinks.net

dns

msedge.exe

65 B
81 B
1
1

DNS Request

www.amoremlinks.net

DNS Response

64.190.63.222
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.178.9
8.8.8.8:53

widgets.amung.us

dns

msedge.exe

62 B
110 B
1
1

DNS Request

widgets.amung.us

DNS Response

172.67.8.141

104.22.75.171

104.22.74.171
8.8.8.8:53

br.yahoo.com

dns

msedge.exe

58 B
128 B
1
1

DNS Request

br.yahoo.com

DNS Response

87.248.114.12

87.248.114.11
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.180.1
142.250.178.9:443

www.blogger.com

https

msedge.exe

3.1kB
6.4kB
5
7
8.8.8.8:53

3.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.180.1
142.250.178.9:443

www.blogger.com

https

msedge.exe

4.5kB
7.5kB
13
13
8.8.8.8:53

www.biblialegal.com.br

dns

msedge.exe

68 B
98 B
1
1

DNS Request

www.biblialegal.com.br

DNS Response

167.99.185.134
8.8.8.8:53

br.search.yahoo.com

dns

msedge.exe

65 B
124 B
1
1

DNS Request

br.search.yahoo.com

DNS Response

212.82.100.137
8.8.8.8:53

biblialegal.com.br

dns

msedge.exe

64 B
80 B
1
1

DNS Request

biblialegal.com.br

DNS Response

167.99.185.134
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

9.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

9.178.250.142.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

2.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.178.250.142.in-addr.arpa
8.8.8.8:53

7.158.248.13.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

7.158.248.13.in-addr.arpa
8.8.8.8:53

141.8.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

141.8.67.172.in-addr.arpa
8.8.8.8:53

1.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.180.250.142.in-addr.arpa
8.8.8.8:53

222.63.190.64.in-addr.arpa

dns

72 B
156 B
1
1

DNS Request

222.63.190.64.in-addr.arpa
8.8.8.8:53

134.194.255.173.in-addr.arpa

dns

74 B
116 B
1
1

DNS Request

134.194.255.173.in-addr.arpa
8.8.8.8:53

12.114.248.87.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

12.114.248.87.in-addr.arpa
8.8.8.8:53

137.100.82.212.in-addr.arpa

dns

73 B
119 B
1
1

DNS Request

137.100.82.212.in-addr.arpa
8.8.8.8:53

134.185.99.167.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

134.185.99.167.in-addr.arpa
224.0.0.251:5353

msedge.exe

514 B
8
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
142.250.200.14:443

apis.google.com

https

msedge.exe

5.6kB
82.6kB
38
65
8.8.8.8:53

www3.widgetserver.com

dns

msedge.exe

67 B
259 B
1
1

DNS Request

www3.widgetserver.com

DNS Response

45.79.19.196

45.33.20.235

72.14.185.43

72.14.178.174

45.33.18.44

45.33.23.183

45.33.30.197

173.255.194.134

45.33.2.79

198.58.118.167

96.126.123.244

45.56.79.23
8.8.8.8:53

ifdnzact.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

ifdnzact.com

DNS Response

208.91.196.46
8.8.8.8:53

196.19.79.45.in-addr.arpa

dns

71 B
114 B
1
1

DNS Request

196.19.79.45.in-addr.arpa
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

youtube.googleapis.com

dns

68 B
308 B
1
1

DNS Request

youtube.googleapis.com

DNS Response

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10
8.8.8.8:53

240.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

240.197.17.2.in-addr.arpa
8.8.8.8:53

youtube.googleapis.com

dns

68 B
308 B
1
1

DNS Request

youtube.googleapis.com

DNS Response

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
81d7da2336e0675ec1cbef2fbf638eee

SHA1
e7e3242099fc328ffc43882052b1144b31c87bb2

SHA256
a57ac143e67de71bd577796b80b80933f1b36bf39aa8410ee321473d1ab684e8

SHA512
d7fa1f200b741e4416c4d30f896deab6ee2b9be4aabca1a0cf9a20fdba5ed1745d95424451c03d6b1f8700df810cd3d204a00251876ae7b0f799e074e1ac73dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d181ef9aa502e79a653ff6286b6b7673

SHA1
dc0d0640ce25041f703c7cb7b307f3edabe8e817

SHA256
e200cdcdc6d02d5332724267da8443ed92fad1b1d47f6983b073d25d79cba2d6

SHA512
402f3aba26555e5b6b4a4c1b1eca9c3246b248fedd384e467ee3aef577dce55d0d93e37975059ce797b5b8e5cd32c1455ed7c2d05c7d8fa3104f13bf0060c5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75036ea71719c71a7cc8d63d434ef9b4

SHA1
2a734af7b2aef395df31a486feaf324439e177a3

SHA256
c0febf97760fdcd5831f2152d1afc53bf0ebe7da72c97f1fcae69b61a36a4704

SHA512
fc9fa7835bdbd502cf42ace1a81382cdd67296e1c6f152c6c161ffbd70d792bd4944a0ea97f9f39fe77c445a4bb6e1fd11b9570d35cd282e81301ad714246a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43526b7267baf4ab078c60c96183cc67

SHA1
1d07828ddeb7d9bf3372b8140648b73aaff5ab76

SHA256
24f369804f0270c028df92e906ba1b951ed973312a24b532e7f4de595e2c0482

SHA512
68c6d794c4b16f704407946aee27ca2d91a8842a7d86ac70f2d294705d6ec0c15d41d32b7909259ba17249fab273ab2080fa0a49e017fd05546c7ccafd86daa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fd1c7396-4d9e-45e7-a2c6-7aae93d29642.tmp

Filesize
11KB

MD5
cdb63b4326fa67a0ca5b3f4d6639db44

SHA1
0012ad889fe2db4acc85f56b209fbb540ef45fe4

SHA256
bd9705c1888dae26acb1b3fbdb25c16f0e893e03512c5aee24a3db4ab12785d4

SHA512
47969552e110f087c9b8ee0ad7a46ee3c01bace7f29a14b13949d7a90c2b0bd73d470caf7da1fde306f51eb84c45395a2c9be1fd7e717214cda201b67c953148

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response