c52a46922aaf3e58b81b24512be09894aa6a9fc2fce2f561c2e103a232a1fa20

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 12:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
Size

159KB
MD5

d645be115c3f4d55390c25e1a882a915
SHA1

85c41c90cbd05a0278e13eabfe2d1fdc9ca79a74
SHA256

c52a46922aaf3e58b81b24512be09894aa6a9fc2fce2f561c2e103a232a1fa20
SHA512

53007d6088d715b7b397b04d8e76b1354423881122f2dbb92dc90c8d51416854637966398920cd15653b94175d714e564127d0aaa75acd9d48399d7bd27d786e
SSDEEP

3072:3HRcVhIVs2LQe2U0Dzvj40MZEPjLpUxAfYxslxNcl8CLcXmNRSxrfeOG9pr1a9a9:Bc7J/jXmNRT1RkR8h

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
4872	msedge.exe
4872	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 4172	4872	msedge.exe	85
PID 4872 wrote to memory of 4172	4872	msedge.exe	85
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 4124	4872	msedge.exe	86
PID 4872 wrote to memory of 1392	4872	msedge.exe	87
PID 4872 wrote to memory of 1392	4872	msedge.exe	87
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88
PID 4872 wrote to memory of 2392	4872	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f70346f8,0x7ff9f7034708,0x7ff9f7034718
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.41
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.42
GET

http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js

msedge.exe

Remote address:

142.250.200.42:80

Request

GET /ajax/libs/mootools/1.2.4/mootools-yui-compressed.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 21029
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 04 Sep 2024 13:57:28 GMT
Expires: Thu, 04 Sep 2025 13:57:28 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 425207
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
GET

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

msedge.exe

Remote address:

142.250.200.42:80

Request

GET /ajax/libs/jquery/1.5.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30082
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 06 Sep 2024 09:34:42 GMT
Expires: Sat, 06 Sep 2025 09:34:42 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 268173
GET

https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

msedge.exe

Remote address:

142.250.200.41:443

Request

GET /static/v1/widgets/254310735-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/2230271354-widgets.js

msedge.exe

Remote address:

142.250.200.41:443

Request

GET /static/v1/widgets/2230271354-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733

msedge.exe

Remote address:

142.250.200.41:443

Request

GET /dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733 HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scs

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scs

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www.google.co.id

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.co.id

IN A

Response

www.google.co.id

IN A

172.217.169.35
GET

http://www.blogger.com/img/icon18_edit_allbkg.gif

msedge.exe

Remote address:

142.250.200.41:80

Request

GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: www.blogger.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 06 Sep 2024 20:33:15 GMT
Expires: Fri, 13 Sep 2024 20:33:15 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 06 Sep 2024 18:00:17 GMT
Content-Type: image/gif
Age: 228660
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.41
DNS

agenprediksibola.net

msedge.exe

Remote address:

8.8.8.8:53

Request

agenprediksibola.net

IN A

Response
DNS

icons.iconarchive.com

msedge.exe

Remote address:

8.8.8.8:53

Request

icons.iconarchive.com

IN A

Response

icons.iconarchive.com

IN A

104.21.235.213

icons.iconarchive.com

IN A

104.21.235.214
DNS

3.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
GET

http://www.google.co.id/cse/brand?form=cse-search-box&lang=en

msedge.exe

Remote address:

172.217.169.35:80

Request

GET /cse/brand?form=cse-search-box&lang=en HTTP/1.1
Host: www.google.co.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.gstatic.com/prose/brandjs.js
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Mon, 09 Sep 2024 12:34:15 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 237
X-XSS-Protection: 0
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

16.43.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.43.107.13.in-addr.arpa

IN PTR

Response
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

41.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.200.250.142.in-addr.arpa

IN PTR

Response

41.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f91e100net
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
GET

http://4.bp.blogspot.com/-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="contentwrap-bg.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 199
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32ac"
Content-Type: image/png
Vary: Origin
Age: 0
GET

http://4.bp.blogspot.com/-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v32b8"
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="rss.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Server: fife
Content-Length: 1080
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v68a"
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="date.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Server: fife
Content-Length: 643
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="nav-bg.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 238
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32b0"
Content-Type: image/png
Vary: Origin
Age: 0
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

142.250.200.41:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://icons.iconarchive.com/icons/deleket/folder/24/Mozilla-Thunderbird-icon.png

msedge.exe

Remote address:

104.21.235.213:80

Request

GET /icons/deleket/folder/24/Mozilla-Thunderbird-icon.png HTTP/1.1
Host: icons.iconarchive.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Mon, 09 Sep 2024 12:04:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=5356800
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foRnLeSA6bDWBMPLPzXo1Z36tBkwN7VxiiPYD2Z%2F%2BwFJ7WGE3MtuGjzzex6Iivz93bD3TNzQd14xbSOTYANO3aimVblWrXOKP0kpa58VvUbZOyqXzgVDL17I77WDZa%2B7kjSoDo%2Bqlek%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c070a2bda5abea0-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mt1hh_I/AAAAAAAAMrY/exBKat_juV8/s1600/post-line.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_4HKUHirY_2U/TVV-mt1hh_I/AAAAAAAAMrY/exBKat_juV8/s1600/post-line.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v32b6"
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="post-line.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Server: fife
Content-Length: 343
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="user.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 841
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v68b"
Content-Type: image/png
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="wrapper-bg.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 248
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:16 GMT
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32c2"
Content-Type: image/png
Vary: Origin
Age: 0
GET

http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v32b4"
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="nav-seperator.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:16 GMT
Server: fife
Content-Length: 226
X-XSS-Protection: 0
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80

msedge.exe

Remote address:

157.240.221.35:80

Request

GET /plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 09 Sep 2024 12:04:16 GMT
Connection: keep-alive
Content-Length: 0
GET

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

msedge.exe

Remote address:

157.240.221.35:80

Request

GET /plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 09 Sep 2024 12:04:38 GMT
Connection: keep-alive
Content-Length: 0
DNS

2.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

s10.histats.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A

Response

s10.histats.com

IN CNAME

s10.histats.com.cdn.cloudflare.net

s10.histats.com.cdn.cloudflare.net

IN A

172.66.132.118

s10.histats.com.cdn.cloudflare.net

IN A

172.66.132.114
GET

https://www.google.com/cse/static/images/1x/en/branding.png

msedge.exe

Remote address:

142.250.178.4:443

Request

GET /cse/static/images/1x/en/branding.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://2.bp.blogspot.com/_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.png HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="sidebar-tab.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 367
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:16 GMT
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32be"
Content-Type: image/png
Vary: Origin
Age: 0
DNS

35.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.169.217.172.in-addr.arpa

IN PTR

Response

35.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f31e100net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

213.235.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.235.21.104.in-addr.arpa

IN PTR

Response
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR

Response

227.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f31e100net
GET

http://s10.histats.com/js15.js

msedge.exe

Remote address:

172.66.132.118:80

Request

GET /js15.js HTTP/1.1
Host: s10.histats.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Mon, 09 Sep 2024 12:04:16 GMT
Content-Type: text/javascript
Content-Length: 4405
Connection: keep-alive
Content-Encoding: gzip
ETag: "980881274"
Last-Modified: Thu, 16 Apr 2020 10:44:16 GMT
Vary: Accept-Encoding
Cache-Control: max-age=28800
CF-Cache-Status: HIT
Age: 59898
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 8c070a31ea5455ea-LHR
GET

http://1.bp.blogspot.com/_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.png

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="twitter.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 890
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:16 GMT
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32c0"
Content-Type: image/png
Vary: Origin
Age: 0
GET

http://1.bp.blogspot.com/_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmp

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmp HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:16 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.102.84
GET

https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=true

msedge.exe

Remote address:

142.250.102.84:443

Request

GET /ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=true HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

s4.histats.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s4.histats.com

IN A

Response

s4.histats.com

IN A

54.39.128.162

s4.histats.com

IN A

149.56.240.130

s4.histats.com

IN A

54.39.156.32

s4.histats.com

IN A

149.56.240.128

s4.histats.com

IN A

149.56.240.131

s4.histats.com

IN A

149.56.240.31

s4.histats.com

IN A

54.39.128.117

s4.histats.com

IN A

149.56.240.132

s4.histats.com

IN A

142.4.219.198

s4.histats.com

IN A

158.69.254.144

s4.histats.com

IN A

149.56.240.129

s4.histats.com

IN A

149.56.240.27

s4.histats.com

IN A

149.56.240.127
GET

https://s4.histats.com/stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@w

msedge.exe

Remote address:

54.39.128.162:443

Request

GET /stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@w HTTP/1.1
Host: s4.histats.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Mon, 09 Sep 2024 12:03:59 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 103
Connection: close
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

118.132.66.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.132.66.172.in-addr.arpa

IN PTR

Response
DNS

84.102.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.102.250.142.in-addr.arpa

IN PTR

Response

84.102.250.142.in-addr.arpa

IN PTR

rb-in-f841e100net
DNS

162.128.39.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.128.39.54.in-addr.arpa

IN PTR

Response

162.128.39.54.in-addr.arpa

IN PTR

ns562109ip-54-39-128net
GET

https://s10.histats.com/counters/cc_604.js

msedge.exe

Remote address:

172.66.132.118:443

Request

GET /counters/cc_604.js HTTP/2.0
host: s10.histats.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 09 Sep 2024 12:04:31 GMT
content-type: text/javascript
content-length: 4509
content-encoding: gzip
etag: "1135266286"
last-modified: Thu, 16 Apr 2020 10:45:32 GMT
vary: Accept-Encoding
cache-control: max-age=28800
cf-cache-status: HIT
age: 59720
accept-ranges: bytes
server: cloudflare
cf-ray: 8c070a8dde40654d-LHR
DNS

lh3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.ggpht.com

IN A

Response

lh3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
GET

http://lh3.ggpht.com/_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpg

msedge.exe

Remote address:

142.250.200.33:80

Request

GET /_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpg HTTP/1.1
Host: lh3.ggpht.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:38 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
DNS

ayanojou.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ayanojou.blogspot.com

IN A

Response

ayanojou.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

216.58.213.1
GET

http://ayanojou.blogspot.com/favicon.ico

msedge.exe

Remote address:

216.58.213.1:80

Request

GET /favicon.ico HTTP/1.1
Host: ayanojou.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon; charset=UTF-8
Expires: Mon, 09 Sep 2024 12:04:39 GMT
Date: Mon, 09 Sep 2024 12:04:39 GMT
Cache-Control: private, max-age=86400
Last-Modified: Thu, 05 Sep 2024 11:29:35 GMT
ETag: W/"3108a7d0825c544079b5441dbcab39f50d75618031bf8021fc4c450d780b18dc"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
DNS

1.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.213.58.216.in-addr.arpa

IN PTR

Response

1.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f11e100net

1.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f1�F
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR
DNS

92.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.12.20.2.in-addr.arpa

IN PTR

Response

92.12.20.2.in-addr.arpa

IN PTR

a2-20-12-92deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

142.250.200.42:80

http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js

http

msedge.exe

1.0kB
22.9kB
15
22

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js

HTTP Response

200
142.250.200.42:80

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

http

msedge.exe

1.2kB
32.2kB
18
28

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

HTTP Response

200
142.250.200.41:443

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733

tls, http2

msedge.exe

4.5kB
70.5kB
63
70

HTTP Request

GET https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/static/v1/widgets/2230271354-widgets.js

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scs

tls, http2

msedge.exe

4.4kB
109.5kB
64
92

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scs

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scs
142.250.200.41:80

http://www.blogger.com/img/icon18_edit_allbkg.gif

http

msedge.exe

694 B
1.0kB
7
6

HTTP Request

GET http://www.blogger.com/img/icon18_edit_allbkg.gif

HTTP Response

200
172.217.169.35:80

http://www.google.co.id/cse/brand?form=cse-search-box&lang=en

http

msedge.exe

656 B
854 B
7
6

HTTP Request

GET http://www.google.co.id/cse/brand?form=cse-search-box&lang=en

HTTP Response

301
142.250.200.33:80

http://4.bp.blogspot.com/-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.png

http

msedge.exe

743 B
948 B
7
6

HTTP Request

GET http://4.bp.blogspot.com/-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.png

HTTP Response

200
142.250.200.33:80

http://4.bp.blogspot.com/-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.png

http

msedge.exe

778 B
1.9kB
8
7

HTTP Request

GET http://4.bp.blogspot.com/-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.png

HTTP Response

200
142.250.200.33:80

http://4.bp.blogspot.com/_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.png

http

msedge.exe

732 B
1.4kB
7
6

HTTP Request

GET http://4.bp.blogspot.com/_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.png

HTTP Response

200
142.250.200.33:80

http://3.bp.blogspot.com/-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.png

http

msedge.exe

735 B
979 B
7
6

HTTP Request

GET http://3.bp.blogspot.com/-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.png

HTTP Response

200
142.250.200.41:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

msedge.exe

2.4kB
7.1kB
16
19

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png
104.21.235.213:80

http://icons.iconarchive.com/icons/deleket/folder/24/Mozilla-Thunderbird-icon.png

http

msedge.exe

1.1kB
1.1kB
6
5

HTTP Request

GET http://icons.iconarchive.com/icons/deleket/folder/24/Mozilla-Thunderbird-icon.png

HTTP Response

404
142.250.200.33:80

3.bp.blogspot.com

msedge.exe

288 B
156 B
6
3
142.250.200.33:80

3.bp.blogspot.com

msedge.exe

288 B
156 B
6
3
142.250.200.33:80

3.bp.blogspot.com

msedge.exe

288 B
156 B
6
3
142.250.200.33:80

http://3.bp.blogspot.com/_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.png

http

msedge.exe

1.6kB
2.5kB
9
8

HTTP Request

GET http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mt1hh_I/AAAAAAAAMrY/exBKat_juV8/s1600/post-line.png

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.png

HTTP Response

200
172.217.169.66:445

pagead2.googlesyndication.com

260 B
5
142.250.200.33:80

http://4.bp.blogspot.com/_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.png

http

msedge.exe

739 B
941 B
7
5

HTTP Request

GET http://4.bp.blogspot.com/_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.png

HTTP Response

200
142.250.200.33:80

http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.png

http

msedge.exe

846 B
2.4kB
9
7

HTTP Request

GET http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.png

HTTP Response

200
157.240.221.35:80

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

http

msedge.exe

1.6kB
1.0kB
8
6

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80

HTTP Response

301

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

HTTP Response

301
142.250.178.4:443

https://www.google.com/cse/static/images/1x/en/branding.png

tls, http2

msedge.exe

2.2kB
11.6kB
23
23

HTTP Request

GET https://www.google.com/cse/static/images/1x/en/branding.png
142.250.200.33:80

http://2.bp.blogspot.com/_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.png

http

msedge.exe

792 B
2.0kB
8
7

HTTP Request

GET http://2.bp.blogspot.com/_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.png

HTTP Response

200
172.66.132.118:80

http://s10.histats.com/js15.js

http

msedge.exe

870 B
7.3kB
10
10

HTTP Request

GET http://s10.histats.com/js15.js

HTTP Response

200
142.250.200.33:80

http://1.bp.blogspot.com/_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.png

http

msedge.exe

742 B
3.0kB
7
7

HTTP Request

GET http://1.bp.blogspot.com/_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.png

HTTP Response

200
142.250.200.33:80

http://1.bp.blogspot.com/_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmp

http

msedge.exe

741 B
2.6kB
7
7

HTTP Request

GET http://1.bp.blogspot.com/_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmp

HTTP Response

404
157.240.221.35:443

www.facebook.com

tls

msedge.exe

2.9kB
9.0kB
20
24
142.250.102.84:443

https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=true

tls, http2

msedge.exe

2.7kB
7.7kB
18
19

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=true
142.250.102.84:443

accounts.google.com

tls, http2

msedge.exe

1.0kB
5.7kB
10
10
54.39.128.162:443

https://s4.histats.com/stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@w

tls, http

msedge.exe

3.7kB
3.9kB
11
9

HTTP Request

GET https://s4.histats.com/stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@w

HTTP Response

200
172.217.16.226:139

pagead2.googlesyndication.com

260 B
5
172.66.132.118:443

https://s10.histats.com/counters/cc_604.js

tls, http2

msedge.exe

1.7kB
8.3kB
15
16

HTTP Request

GET https://s10.histats.com/counters/cc_604.js

HTTP Response

200
172.66.132.118:443

s10.histats.com

tls, http2

msedge.exe

988 B
1.0kB
8
6
142.250.200.33:80

http://lh3.ggpht.com/_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpg

http

msedge.exe

684 B
1.4kB
6
5

HTTP Request

GET http://lh3.ggpht.com/_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpg

HTTP Response

404
216.58.213.1:80

http://ayanojou.blogspot.com/favicon.ico

http

msedge.exe

639 B
1.1kB
6
6

HTTP Request

GET http://ayanojou.blogspot.com/favicon.ico

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.200.41
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.42
8.8.8.8:53

www.google.co.id

dns

msedge.exe

62 B
78 B
1
1

DNS Request

www.google.co.id

DNS Response

172.217.169.35
142.250.200.41:443

www.blogger.com

https

msedge.exe

7.9kB
13.0kB
25
29
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

126 B
124 B
2
1

DNS Request

1.bp.blogspot.com

DNS Request

1.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.200.41
142.250.200.14:443

apis.google.com

https

msedge.exe

7.4kB
157.8kB
63
127
8.8.8.8:53

agenprediksibola.net

dns

msedge.exe

66 B
139 B
1
1

DNS Request

agenprediksibola.net
8.8.8.8:53

icons.iconarchive.com

dns

msedge.exe

67 B
99 B
1
1

DNS Request

icons.iconarchive.com

DNS Response

104.21.235.213

104.21.235.214
8.8.8.8:53

3.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

16.43.107.13.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

16.43.107.13.in-addr.arpa
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

41.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

41.200.250.142.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

2.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

s10.histats.com

dns

msedge.exe

61 B
141 B
1
1

DNS Request

s10.histats.com

DNS Response

172.66.132.118

172.66.132.114
8.8.8.8:53

35.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.169.217.172.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

213.235.21.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

213.235.21.104.in-addr.arpa
8.8.8.8:53

227.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.179.250.142.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.102.84
8.8.8.8:53

s4.histats.com

dns

msedge.exe

60 B
268 B
1
1

DNS Request

s4.histats.com

DNS Response

54.39.128.162

149.56.240.130

54.39.156.32

149.56.240.128

149.56.240.131

149.56.240.31

54.39.128.117

149.56.240.132

142.4.219.198

158.69.254.144

149.56.240.129

149.56.240.27

149.56.240.127
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
8.8.8.8:53

118.132.66.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

118.132.66.172.in-addr.arpa
8.8.8.8:53

84.102.250.142.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

84.102.250.142.in-addr.arpa
8.8.8.8:53

162.128.39.54.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

162.128.39.54.in-addr.arpa
224.0.0.251:5353

msedge.exe

445 B
7
8.8.8.8:53

lh3.ggpht.com

dns

msedge.exe

59 B
120 B
1
1

DNS Request

lh3.ggpht.com

DNS Response

142.250.200.33
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

ayanojou.blogspot.com

dns

msedge.exe

67 B
126 B
1
1

DNS Request

ayanojou.blogspot.com

DNS Response

216.58.213.1
8.8.8.8:53

1.213.58.216.in-addr.arpa

dns

71 B
138 B
1
1

DNS Request

1.213.58.216.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

198.187.3.20.in-addr.arpa

DNS Request

198.187.3.20.in-addr.arpa

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

92.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

92.12.20.2.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
18c4a6e2d586af484a0c0bbd5fdabd2a

SHA1
b55c956c1d31e943f71df4fc355fde69782066a0

SHA256
f6a293ff3f2234a9277c8f68dccdb1aae95de2d3124d7ad5acd59e65cbe0899c

SHA512
bf96cfc9332a72783294163f6b00e1dfb014eb5daf344f967c005b2ca1fef0b82207808676545ed7cde75d77c9878c4c6ce81c99ed537dd61dbaca71cb45607c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1c36bbe069099d72bbad12a21fbbd3d9

SHA1
b6c27533fd16e9f414bc75b1d9c480fe82f1879b

SHA256
4327db11266c2a3e3ca97fc173554e601d7ac635543f765b8a853657cebbb794

SHA512
2b6c73faa584f7d77c7fcbe1096b6b741c584fb76d3d23782def935cbd540b91abdfbbd8d20fc6cc1e6f49c134ceba5e16ad0f75837b7b58d1e82f4ac8e23e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cefe94a9b285d7293915859b053588d0

SHA1
3f0ea4b505954989323e46c295623c190a7c2a02

SHA256
7a65151af141a7beafa933e6f5be1312bf00f8c26d994fa3f2e6455a9d618833

SHA512
9031b2e07254fb25643f8e64f8aeb7d8a909af583ed5285c3e8388b4b11ac92dc9409fe374e1a04e585001efede13c4dcee24de78e0b6eb4837ff212151dfc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42e09e3b691d6d0404ec1d3daab05631

SHA1
bd8f120c86f828d924fbd8029f6c21b379fcf095

SHA256
0045e5a9d6e05ab95d26df4fbcb314f939cd718d9b05b84d5d5855230fb9df72

SHA512
c48517bdc05074592efc581651c8ff80848888bfa4c74533e357d155886ed360402a959f17747736b2e4c5ccdb1dbda3ad01b41ef027ad92c4a0f5cbb3c52522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6490958a8f73ab566048d1c7bc6291fd

SHA1
83c251dcb382feb47b1349013a3450848f8e407f

SHA256
2d55af8f5bb52d7a39d03a7e4cd21db8826660be8d392b86ff41adb2d4538d09

SHA512
37603670b8ae27a509988a9f9bccad43ace1df8355bf6633ec23c11b394dd4c45f1ba764f609aa93596a1f543a5cfe599ab6022c4b8f5910057aeba3233ed9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c296db35e57a0715a2d91e150a4add1e

SHA1
069ddab1771bdf04f363581a9cfadc9341e379d9

SHA256
41e1db4468c50ce927bc9652810242e560ed47a77429341c5b88ccbd2ba671e3

SHA512
2fd13e44a052e3bd729956ed651e23193cb0f2520b6a7733a455147081af4e24560cd678d76ced040f5d3afbd5dbe0b161c7ca871cf7614d2e2ff6cff2b25009

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request