68553441df19c9e5076086fd87f2a9a76dc4a310e8eef65d0fb2b339f412c4d0

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 16:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af07604374adc750e7695a90573d8eb_JaffaCakes118.html
Size

63KB
MD5

3af07604374adc750e7695a90573d8eb
SHA1

c8cd2de050dc390e75d0a0195dda849e8854605b
SHA256

68553441df19c9e5076086fd87f2a9a76dc4a310e8eef65d0fb2b339f412c4d0
SHA512

4ca4651fea5c93cccfbcdf58ba6431a561de2f8949fab9025a2e0b6d032932c02d05bba98591173c4d4fe4f3c862dbf0cfccd71b547e79924eb5e489864faae8
SSDEEP

1536:7DIHDImEI9m20jgGH86/OdiUxUFYayr5q/oD9k6uEVCJCEkGfopkUvL4cX7xSNXe:7DIHDI5E6/TUxUFYayr5qA2MrX7xSNXe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434911561"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000fa80072a6b709a8313930c45aef372ab0f7bc411209125f82a0ee0de583a5cca000000000e8000000002000020000000a82ed7beb096c15a819b1200c25814f13e3a471b8210ab0a9723a367d979c7c32000000053d1ad61916a629ce69708010d3f792ff26892393b07e6650fdf68dd0c3e99b4400000004913ee0caf63d1c16d24ac7220b765534e9d90951e1756a07c44a95ac8219d4db6d4328f389d3b10f11c8472dc11e7c196e5b501bddd9a5912b722b6845e4060	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D3FEED1-88B5-11EF-9A25-6E295C7D81A3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0731cf5c11cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000d88f94dbcd164d518b0b96560bc7cc099e0863c27da3e64b301abd71880db5b0000000000e8000000002000020000000ff4c4ff9024ebc1b15ef736e2b9404c99b9451131796ea69bb1dcaaf5fd83a0490000000c31d0792ab119204812d485bb6fd153cb75fcc4f197300121027a7845c02afd38e5169b4761d4095ec5d73723ccd53b0f8effb8fec6a0997f229778e89ac2b65c11dd3112f3f5a5748b09f12c572ad5a52ab4aa5cc28708af9ee88c1c13e9d74070370cc08eea652fac32c0dfd074a18161dcb4d413dad80853626b77f9db069e5b608052ce11b3583226eae3a15da9f4000000056c128b108d41b5cb955937f2f8fcaa69896e22dd2e2db2ea861f9c00f07c2e88ca2a80d3d6d65c571a0cf5da47b2df9cc334ec9b4e35aa7c8b6eacdb59ff2b0	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2828	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2828	iexplore.exe
2828	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2752	2828	iexplore.exe	30
PID 2828 wrote to memory of 2752	2828	iexplore.exe	30
PID 2828 wrote to memory of 2752	2828	iexplore.exe	30
PID 2828 wrote to memory of 2752	2828	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3af07604374adc750e7695a90573d8eb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2752

Network

DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

172.217.169.73
DNS

3.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
DNS

opi.yahoo.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

opi.yahoo.com

IN A

Response
DNS

nguyenhuytap.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

nguyenhuytap.googlecode.com

IN A

Response

nguyenhuytap.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

172.217.218.82
DNS

helloximo-com.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

helloximo-com.googlecode.com

IN A

Response

helloximo-com.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

172.217.218.82
DNS

yophim.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yophim.googlecode.com

IN A

Response

yophim.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

172.217.218.82
DNS

2.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
DNS

resources.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

172.217.169.73
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.238
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 15036
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 11 Oct 2024 05:29:48 GMT
Expires: Sat, 11 Oct 2025 05:29:48 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 07 Oct 2024 18:50:53 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 125108
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sat, 12 Oct 2024 16:14:55 GMT
Expires: Sat, 12 Oct 2024 16:14:55 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "ac0769eb425b6652"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 57774
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 11 Oct 2024 03:55:50 GMT
Expires: Sat, 11 Oct 2025 03:55:50 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 07 Oct 2024 18:50:53 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 130746
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=732430501679180501&zx=484d1b27-3172-4572-8e53-97b5f29092f0

IEXPLORE.EXE

Remote address:

172.217.169.73:443

Request

GET /dyn-css/authorization.css?targetBlogID=732430501679180501&zx=484d1b27-3172-4572-8e53-97b5f29092f0 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/css; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 12 Oct 2024 16:14:56 GMT
Last-Modified: Sat, 12 Oct 2024 16:14:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

IEXPLORE.EXE

Remote address:

172.217.169.73:443

Request

GET /static/v1/widgets/254310735-widget_css_bundle.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 7524
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 11 Oct 2024 04:18:22 GMT
Expires: Sat, 11 Oct 2025 04:18:22 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 05 Mar 2019 03:12:59 GMT
Content-Type: text/css
Vary: Accept-Encoding
Age: 129393
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/2017279985-widgets.js

IEXPLORE.EXE

Remote address:

172.217.169.73:443

Request

GET /static/v1/widgets/2017279985-widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 52263
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 12:54:03 GMT
Expires: Sun, 12 Oct 2025 12:54:03 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 19 Nov 2018 19:29:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 12052
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://helloximo-com.googlecode.com/files/jquery.min.js

IEXPLORE.EXE

Remote address:

172.217.218.82:80

Request

GET /files/jquery.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: helloximo-com.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1580
Date: Sat, 12 Oct 2024 16:14:55 GMT
GET

http://2.bp.blogspot.com/-uyssxJYDrFA/UaX-Q0PqgEI/AAAAAAAABxo/HCgqo2mGMIg/s1600/logo.png

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-uyssxJYDrFA/UaX-Q0PqgEI/AAAAAAAABxo/HCgqo2mGMIg/s1600/logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v71a"
Expires: Sun, 13 Oct 2024 16:14:55 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="logo.png"
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:55 GMT
Server: fife
Content-Length: 11299
X-XSS-Protection: 0
GET

http://2.bp.blogspot.com/-X--re-h3x1g/UA9zZyuEIEI/AAAAAAAAAA4/Prmvahj2pp4/s1600/search.gif

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-X--re-h3x1g/UA9zZyuEIEI/AAAAAAAAAA4/Prmvahj2pp4/s1600/search.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:56 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
GET

http://2.bp.blogspot.com/-RtYmrLdfySU/UCErZeiEE1I/AAAAAAAABOg/ev7jbRyq46M/s1600/bg_outer.gif

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-RtYmrLdfySU/UCErZeiEE1I/AAAAAAAABOg/ev7jbRyq46M/s1600/bg_outer.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:56 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

IEXPLORE.EXE

Remote address:

172.217.169.73:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 11 Oct 2024 04:15:34 GMT
Expires: Fri, 18 Oct 2024 04:15:34 GMT
Cache-Control: public, max-age=604800
Last-Modified: Mon, 07 Oct 2024 13:59:46 GMT
Content-Type: image/png
Age: 129561
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://3.bp.blogspot.com/-2yncUqDxkhA/T9H2Td-dLcI/AAAAAAAAAGE/SAgE2QHPktI/s1600/new.gif

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-2yncUqDxkhA/T9H2Td-dLcI/AAAAAAAAAGE/SAgE2QHPktI/s1600/new.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:55 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/-NCoeUHH77NI/T_17-vYBCuI/AAAAAAAAAVI/w68X40lulXM/s1600/news.gif

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-NCoeUHH77NI/T_17-vYBCuI/AAAAAAAAAVI/w68X40lulXM/s1600/news.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="news.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 406
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:14:56 GMT
Expires: Sun, 13 Oct 2024 16:14:56 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v23d"
Content-Type: image/gif
Vary: Origin
Age: 0
GET

https://nguyenhuytap.googlecode.com/files/recent14.js

IEXPLORE.EXE

Remote address:

172.217.218.82:443

Request

GET /files/recent14.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: nguyenhuytap.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1578
Date: Sat, 12 Oct 2024 16:14:55 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://4.bp.blogspot.com/-8WmOI6h0o_A/UaBsrtEQYCI/AAAAAAAABtI/fSMJnMX1K_E/s1600/lienhequangcao.jpg

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-8WmOI6h0o_A/UaBsrtEQYCI/AAAAAAAABtI/fSMJnMX1K_E/s1600/lienhequangcao.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v6d2"
Expires: Sun, 13 Oct 2024 16:14:55 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="lienhequangcao.jpg"
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:55 GMT
Server: fife
Content-Length: 31622
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-0XuNaC__-Og/UBEpLCFMGaI/AAAAAAAAAbE/mzaRCoWJtuc/s1600/topbar_bg.png

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-0XuNaC__-Og/UBEpLCFMGaI/AAAAAAAAAbE/mzaRCoWJtuc/s1600/topbar_bg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:56 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
GET

http://yophim.googlecode.com/files/jcarousellite.js

IEXPLORE.EXE

Remote address:

172.217.218.82:80

Request

GET /files/jcarousellite.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yophim.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1583
Date: Sat, 12 Oct 2024 16:14:55 GMT
GET

http://yophim.googlecode.com/files/switch.display.js

IEXPLORE.EXE

Remote address:

172.217.218.82:80

Request

GET /files/switch.display.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yophim.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1584
Date: Sat, 12 Oct 2024 16:14:55 GMT
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.187.227
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/gsr1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 15:59:08 GMT
Expires: Sat, 12 Oct 2024 16:49:08 GMT
Cache-Control: public, max-age=3000
Age: 948
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 15:37:45 GMT
Expires: Sat, 12 Oct 2024 16:27:45 GMT
Cache-Control: public, max-age=3000
Age: 2231
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.187.227:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 15:47:42 GMT
Expires: Sat, 12 Oct 2024 16:37:42 GMT
Cache-Control: public, max-age=3000
Age: 1633
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 12 Oct 2024 16:01:47 GMT
Expires: Sat, 12 Oct 2024 16:51:47 GMT
Cache-Control: public, max-age=3000
Age: 788
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:23:46 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3069
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:59:38 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 917
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:57:49 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1026
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:23:46 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3069
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:57:49 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1026
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:23:46 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3069
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:23:46 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3069
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:23:46 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3069
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 12 Oct 2024 15:59:38 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 917
DNS

www.megastar.vn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.megastar.vn

IN A

Response
DNS

cdn1.iconfinder.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn1.iconfinder.com

IN A

Response

cdn1.iconfinder.com

IN A

172.66.42.211

cdn1.iconfinder.com

IN A

172.66.41.45
DNS

1.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
DNS

traidatmuidotcom.appspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

traidatmuidotcom.appspot.com

IN A

Response

traidatmuidotcom.appspot.com

IN A

172.217.16.244
GET

http://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png

IEXPLORE.EXE

Remote address:

172.66.42.211:80

Request

GET /data/icons/splashyIcons/arrow_state_grey_expanded.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdn1.iconfinder.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 12 Oct 2024 16:14:56 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 12 Oct 2024 17:14:56 GMT
Location: https://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NiovtpMJTu32wyT7YfMyg2t8SdlWIP3fy9PtqWyhAUkMCh8xe6oYGBkpXlfuVxXW%2FVwl9B08DfL5jzvEz%2F58pzytZ5oWGRPKZIVFz%2B4gtYnwdSuGKYmQGoUeJkw22Bd6Kj%2FFqfo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8d1862c3a98fbd8c-LHR
alt-svc: h3=":443"; ma=86400
GET

http://traidatmuidotcom.appspot.com/background/home2.gif

IEXPLORE.EXE

Remote address:

172.217.16.244:80

Request

GET /background/home2.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: traidatmuidotcom.appspot.com
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Date: Sat, 12 Oct 2024 16:14:56 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Frontend
Content-Length: 323
GET

http://1.bp.blogspot.com/-WQraah1OChk/T_5MKRddtLI/AAAAAAAAAVM/EW6MjtdQYLc/s1600/fade.gif

IEXPLORE.EXE

Remote address:

142.250.178.1:80

Request

GET /-WQraah1OChk/T_5MKRddtLI/AAAAAAAAAVM/EW6MjtdQYLc/s1600/fade.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Sat, 12 Oct 2024 16:14:56 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
GET

https://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png

IEXPLORE.EXE

Remote address:

172.66.42.211:443

Request

GET /data/icons/splashyIcons/arrow_state_grey_expanded.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdn1.iconfinder.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 12 Oct 2024 16:14:56 GMT
Content-Type: image/png
Content-Length: 118
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=182, status=webp_bigger
Content-Disposition: inline; filename="31514.png"
Expires: Sun, 12 Oct 2025 16:14:56 GMT
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1728022813&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=NoSkCUlztWvmHCZyPL545M5Jg%2BMM5ANOrkF%2FgnG553A%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1728022813&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=NoSkCUlztWvmHCZyPL545M5Jg%2BMM5ANOrkF%2FgnG553A%3D
Via: 1.1 vegur
X-Request-Id: 90af61c9-0617-49e5-9470-badf36c78f06
last-modified: Fri, 04 Oct 2024 06:20:13 GMT
CF-Cache-Status: HIT
Age: 560533
Accept-Ranges: bytes
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8d1862c4fe5560fd-LHR
alt-svc: h3=":443"; ma=86400
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.19.117.18

a1363.dscg.akamai.net

IN A

2.19.117.22
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.19.117.18:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
ETag: 0x8DCDDD1E3AF2C76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28c4ea1-d01e-0016-0ebc-0fa13d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 12 Oct 2024 16:15:26 GMT
Connection: keep-alive
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.17.5.133
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.17.5.133

142.250.179.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_1?le=scs

tls, http

IEXPLORE.EXE

1.6kB
21.4kB
18
22

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_1?le=scs

HTTP Response

200
142.250.179.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

3.1kB
93.1kB
45
76

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

HTTP Response

200
172.217.169.73:443

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=732430501679180501&zx=484d1b27-3172-4572-8e53-97b5f29092f0

tls, http

IEXPLORE.EXE

1.2kB
6.1kB
13
13

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=732430501679180501&zx=484d1b27-3172-4572-8e53-97b5f29092f0

HTTP Response

200
172.217.169.73:443

https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

tls, http

IEXPLORE.EXE

1.3kB
13.3kB
15
16

HTTP Request

GET https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

HTTP Response

200
172.217.169.73:443

https://www.blogger.com/static/v1/widgets/2017279985-widgets.js

tls, http

IEXPLORE.EXE

2.0kB
60.3kB
31
49

HTTP Request

GET https://www.blogger.com/static/v1/widgets/2017279985-widgets.js

HTTP Response

200
172.217.218.82:80

yophim.googlecode.com

IEXPLORE.EXE

190 B
92 B
4
2
172.217.218.82:80

http://helloximo-com.googlecode.com/files/jquery.min.js

http

IEXPLORE.EXE

554 B
1.9kB
6
4

HTTP Request

GET http://helloximo-com.googlecode.com/files/jquery.min.js

HTTP Response

404
142.250.178.1:80

http://2.bp.blogspot.com/-X--re-h3x1g/UA9zZyuEIEI/AAAAAAAAAA4/Prmvahj2pp4/s1600/search.gif

http

IEXPLORE.EXE

1.3kB
14.7kB
13
15

HTTP Request

GET http://2.bp.blogspot.com/-uyssxJYDrFA/UaX-Q0PqgEI/AAAAAAAABxo/HCgqo2mGMIg/s1600/logo.png

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-X--re-h3x1g/UA9zZyuEIEI/AAAAAAAAAA4/Prmvahj2pp4/s1600/search.gif

HTTP Response

404
142.250.178.1:80

http://2.bp.blogspot.com/-RtYmrLdfySU/UCErZeiEE1I/AAAAAAAABOg/ev7jbRyq46M/s1600/bg_outer.gif

http

IEXPLORE.EXE

660 B
2.5kB
7
5

HTTP Request

GET http://2.bp.blogspot.com/-RtYmrLdfySU/UCErZeiEE1I/AAAAAAAABOg/ev7jbRyq46M/s1600/bg_outer.gif

HTTP Response

404
172.217.169.73:443

resources.blogblog.com

tls

IEXPLORE.EXE

759 B
4.6kB
10
9
172.217.169.73:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http

IEXPLORE.EXE

1.1kB
5.7kB
11
10

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200
142.250.178.1:80

http://3.bp.blogspot.com/-NCoeUHH77NI/T_17-vYBCuI/AAAAAAAAAVI/w68X40lulXM/s1600/news.gif

http

IEXPLORE.EXE

1.0kB
4.3kB
8
8

HTTP Request

GET http://3.bp.blogspot.com/-2yncUqDxkhA/T9H2Td-dLcI/AAAAAAAAAGE/SAgE2QHPktI/s1600/new.gif

HTTP Response

404

HTTP Request

GET http://3.bp.blogspot.com/-NCoeUHH77NI/T_17-vYBCuI/AAAAAAAAAVI/w68X40lulXM/s1600/news.gif

HTTP Response

200
142.250.178.1:80

4.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
172.217.218.82:443

nguyenhuytap.googlecode.com

tls

IEXPLORE.EXE

712 B
4.7kB
9
8
172.217.218.82:443

https://nguyenhuytap.googlecode.com/files/recent14.js

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
11
11

HTTP Request

GET https://nguyenhuytap.googlecode.com/files/recent14.js

HTTP Response

404
142.250.178.1:80

http://4.bp.blogspot.com/-0XuNaC__-Og/UBEpLCFMGaI/AAAAAAAAAbE/mzaRCoWJtuc/s1600/topbar_bg.png

http

IEXPLORE.EXE

1.6kB
35.6kB
21
30

HTTP Request

GET http://4.bp.blogspot.com/-8WmOI6h0o_A/UaBsrtEQYCI/AAAAAAAABtI/fSMJnMX1K_E/s1600/lienhequangcao.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-0XuNaC__-Og/UBEpLCFMGaI/AAAAAAAAAbE/mzaRCoWJtuc/s1600/topbar_bg.png

HTTP Response

404
142.250.178.1:80

4.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
172.217.218.82:80

http://yophim.googlecode.com/files/jcarousellite.js

http

IEXPLORE.EXE

550 B
1.9kB
6
4

HTTP Request

GET http://yophim.googlecode.com/files/jcarousellite.js

HTTP Response

404
172.217.218.82:80

http://yophim.googlecode.com/files/switch.display.js

http

IEXPLORE.EXE

551 B
1.9kB
6
4

HTTP Request

GET http://yophim.googlecode.com/files/switch.display.js

HTTP Response

404
142.250.178.3:80

http://c.pki.goog/r/gsr1.crl

http

IEXPLORE.EXE

554 B
4.3kB
7
6

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r4.crl

http

IEXPLORE.EXE

552 B
2.9kB
7
5

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.187.227:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

http

IEXPLORE.EXE

518 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD

http

IEXPLORE.EXE

514 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t

http

IEXPLORE.EXE

516 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

http

IEXPLORE.EXE

518 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t

http

IEXPLORE.EXE

516 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCH271%2Bk2JRZArWFND9Nu6t

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

http

IEXPLORE.EXE

466 B
844 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

http

IEXPLORE.EXE

466 B
844 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

http

IEXPLORE.EXE

466 B
844 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED87s7g%2FIiJjCsKe1UrZ4IA%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD

http

IEXPLORE.EXE

462 B
844 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCaE54ZuIE3cQmg5k7JeagD

HTTP Response

200
172.66.42.211:80

cdn1.iconfinder.com

IEXPLORE.EXE

236 B
172 B
5
4
172.66.42.211:80

http://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png

http

IEXPLORE.EXE

596 B
1.1kB
6
4

HTTP Request

GET http://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png

HTTP Response

301
172.217.16.244:80

http://traidatmuidotcom.appspot.com/background/home2.gif

http

IEXPLORE.EXE

572 B
656 B
6
4

HTTP Request

GET http://traidatmuidotcom.appspot.com/background/home2.gif

HTTP Response

500
172.217.16.244:80

traidatmuidotcom.appspot.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.178.1:80

http://1.bp.blogspot.com/-WQraah1OChk/T_5MKRddtLI/AAAAAAAAAVM/EW6MjtdQYLc/s1600/fade.gif

http

IEXPLORE.EXE

656 B
2.5kB
7
5

HTTP Request

GET http://1.bp.blogspot.com/-WQraah1OChk/T_5MKRddtLI/AAAAAAAAAVM/EW6MjtdQYLc/s1600/fade.gif

HTTP Response

404
142.250.178.1:80

1.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
172.66.42.211:443

https://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png

tls, http

IEXPLORE.EXE

1.0kB
5.0kB
9
10

HTTP Request

GET https://cdn1.iconfinder.com/data/icons/splashyIcons/arrow_state_grey_expanded.png

HTTP Response

200
2.19.117.18:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

399 B
1.7kB
4
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

172.217.169.73
8.8.8.8:53

3.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

opi.yahoo.com

dns

IEXPLORE.EXE

59 B
120 B
1
1

DNS Request

opi.yahoo.com
8.8.8.8:53

nguyenhuytap.googlecode.com

dns

IEXPLORE.EXE

73 B
134 B
1
1

DNS Request

nguyenhuytap.googlecode.com

DNS Response

172.217.218.82
8.8.8.8:53

helloximo-com.googlecode.com

dns

IEXPLORE.EXE

74 B
135 B
1
1

DNS Request

helloximo-com.googlecode.com

DNS Response

172.217.218.82
8.8.8.8:53

yophim.googlecode.com

dns

IEXPLORE.EXE

67 B
128 B
1
1

DNS Request

yophim.googlecode.com

DNS Response

172.217.218.82
8.8.8.8:53

2.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

4.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

resources.blogblog.com

dns

IEXPLORE.EXE

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

172.217.169.73
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.179.238
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.187.227
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

www.megastar.vn

dns

IEXPLORE.EXE

61 B
125 B
1
1

DNS Request

www.megastar.vn
8.8.8.8:53

cdn1.iconfinder.com

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

cdn1.iconfinder.com

DNS Response

172.66.42.211

172.66.41.45
8.8.8.8:53

1.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

traidatmuidotcom.appspot.com

dns

IEXPLORE.EXE

74 B
90 B
1
1

DNS Request

traidatmuidotcom.appspot.com

DNS Response

172.217.16.244
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.19.117.18

2.19.117.22
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.17.5.133
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.17.5.133

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1a59df6c289a1d854a026404b15a2135

SHA1
13f5b70076de35b26d8470a723645c962df69320

SHA256
a4449204c7effd91c3f970bf8badc05be30eba358cb33bb6c92ddd4ede941add

SHA512
b2b6d28b4f1ded37f9e2e39c896e6d05623b1034ccdbf06fa02803da74abaa5e6b8d898c2b757ac8de9fd80ed7c3229a6cd2948dc17aa81397f3fa5e2d8f984c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_5FE95D49B80FAF65EB065E4DD6522D71

Filesize
471B

MD5
def0b99b392cbf309a48954ed6f765b6

SHA1
938a9f8e97c364d857b2c0eaf6ccc23a6e6e2b78

SHA256
3a6ad1489f6c472d5970e40c2fcbc51f269f14c4ba50960ad2a9fa996897b82e

SHA512
2d2447366e503703f87743aa31e6f7041b2ecfe6e55eed1ad9ff2ad538f63b6a6052a4c3b6af7cf86f9a5e7e9c2099711792cda78b97bfc5ee95c12e04a3b405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
3d09214553b7c37ac299d8ff8ee8d8ee

SHA1
2df5f04a5b17fe12939264a98c441a76eb8b762b

SHA256
f5a648617053a4ce2b832750aa630ab3e9051e92388ce2912726fa2ebd315372

SHA512
9debc3469ad932565b3a218c40e2de32ab84c3a495cf617b3c39ab8f3d7fd570733114603196d5a863e8c32e87c322bf92a7ad2d3d4275b71a67da8daf9449ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
20a9d0a40064460fd60020d8330fe6c7

SHA1
eca8a6642ef16855dbf4a242c54006a669312e42

SHA256
77a73aa749df11cfb89709adfd08e76f98903aa22d8642b3c4e6961eff400bc4

SHA512
80b299a3485fb8521543f2da9ae7ae5a731389e90bea0abebe1e502bf17cb0cb09cef3755261d525f3f0e979aa3ea3a7d3ba37103b80dcb7e0e32f4719e38666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
96d018bb45e8969d958be05c29111a20

SHA1
825ef6988c3e318bcbaf9b3ca367cdb8432fe477

SHA256
5dd3996b4e7c9e5f866a28b193c0dae8fc42c9602f7cd1263422376a546db1a0

SHA512
b1804f712be31d19f8363149cf03aa8fdb096f168a2eb1f45fa1b8ad32d0901fd07f7e71eb60550032b4529539ee667ef01c1200fdc4a38b0ca162b5dcac541c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
26fbc3c81704523a1fcba8d23872ac22

SHA1
7360d341924c41e45cf8fefac6f79a84674978ed

SHA256
625baba5b25211d90bf362f55deb20a0344c9e37aea1559bc5bb06f43670da60

SHA512
0f39350e7450f368adb12e8bc0d7ee3a21e1061abe4ac317f58fa71692e0806aafd67682ac4e519f3f87f82cfc62993765ec1bfa49f94524d7ff3aee1369bd55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_5FE95D49B80FAF65EB065E4DD6522D71

Filesize
406B

MD5
acc5537441246e9d3da5774e249f3e9e

SHA1
82b6a87f48b442b7ad5f797ee85d288609139b01

SHA256
c7b38b0e22211aa0c58e6d4221d2a853163d680365d282f5c9dcca1a92a505d7

SHA512
d184b41778ad8335da634dd908bc7f4394b7f9c54cd7547e9351141f037f2e32629ffdfafc0d85e01ea38a67ff0ed76be43478c4ba5accdca100533cb8e6b026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d32f275110e74b6395db8c7078a060cd

SHA1
3d2601f9b3207194bc9b6157078f24ece92cc4ab

SHA256
37169d9675383fecbdfb01612522d3acf1653b5b954ba1e5a18e0d149bc9d94b

SHA512
3020fd77f92032e4609caee6dcd9e8de332672b87815511b27c055b948ab2cedce981f398aacf493a7f1b32091af39b33b0ff6af018123fd88dd26bca289f544

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3a687d49f18b4cdda541093444a2c98

SHA1
bce748a93a5e8d5a904f09e81f8f7d1a53a40c84

SHA256
430ff3a2b009698285cdebe315cc8c19a7e2fe5af5b512e38f4c12ca44a5a93d

SHA512
53e8674f28bcc44c524bdafa875df88113ec3a42d307cb387e4bd2ef892cfa2cf61e24ca357348856faaaaf094115a4f697c88b427beb1c95c2b58a00859c809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58e3dce9c28e95a6627fb7686711a44f

SHA1
4fd37364b57962ae4a3b6e9ce86f5457b3387764

SHA256
75d34cb9b1aec2ebef8e4985d04ec15e66131adb1c9e5a3a691a9c14d7a54727

SHA512
9c58ff5aeb3edf9985f237160b59e37210f26b29b1add1d56bd5a31bea8bab9444d0a56c974af7ba6a050e846f7252a02b32c101842c0c260926a113668c9613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2aa1faec00b12441262b5b2adeb114d0

SHA1
54d88c36bec1040b3597023f2adeb8c0b56ee680

SHA256
34d098c7e98645229acc5ece8a68f96daf5831e228b193286e6bebaad10c3807

SHA512
512a12e5dfa22d5f55a4ec0edcd39e25eea74cb3a1261c700e146015560872b1cbf0d2f5bc3d67a35cda6510b4e4c31491a224bc8dc35d55419d10176c2707db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1284dc403b8a04963b4bd116a2d4fc6

SHA1
4300b3eff2dbbfc2492334560b788f4b8c45fc48

SHA256
5cefa4b262a87e9342423900c397381bac2a8881421657febd9524e67663beb1

SHA512
562ac47bd6ef98a6818f65cbdf0fd0ff227267c09a7221fd07c058cf755803fa3cc003e62790083cb78ad9bff7f2bc0ffeab63b2c5ba56d0f7b374d80b89dee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52cad155e6c9a8b0e37c81b059f5462a

SHA1
5952108766887e7f841d7d3de50a306a4c07210c

SHA256
a89ef9a28228eb0cc05c13390bf1f2b0b4bce48bbbdeb95a4b6519cbeb2de6ae

SHA512
f18ca66c193a8096a19e05fbcdc6f53cce525beb9c356e93903028d6c6df4df744930510f4c390b60e49dc6d86b397a08ffd3c01ddddf5bae80d641110c9afdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59fed37d5794b3c25c8518b605c3e5ca

SHA1
6c6347cd12ad4515f4b6735a725d6cc660876312

SHA256
e2fbff9e75da702e2e37732a6d65c948bb9037ee3ebc8804bb285b7c40dd8b65

SHA512
346a4b234831e95fcc276ac3b8d3a6688ec790f239408d8aa6d5d03327cd6a30453b928062ae86bf7529c6ca4a597077d6a93c776e33d616d532d291e29847fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aa7fa5a7e64710e734d32564a5da228

SHA1
720527bad596f5afbfe9673a000a7919d6612d3e

SHA256
5834f39dbb0853e62b5012b7683cf0263618f911dc6b087a4684ad9d2d47df95

SHA512
87efad5ce7cccce589f483f635dce26aa70ff37f7856f69a886e0f6203cb7a542bb272ddd44142e3494682f200b7bf73a106074e86adf7877acfa1acf2bfb075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39eb02518d6d1f634df6916c7b43a301

SHA1
ae916d0faf1dfc275f990b2324db41271c4b4095

SHA256
f75ccfc63e33241ac0aef49f81b971706b0b3da7c45cba1a053418ee4aa576dc

SHA512
221b8556c906252813f37ee22c278238489b25653b00f5ccec0df3a6ac7fb7f33979d920a5075f6a579aaceaa55c033d153d4c5e1b151fca251d0d6ef592b082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
432163f099a971f32602d70ead688317

SHA1
593ff220e56935c52534e20e8b0034ad51a13660

SHA256
2677906523fd351a09c84c276c0bad22cc61290a229f8b56542631a25d561ef8

SHA512
d313613d8a122e56a0df5598d71a0c3c4722ff9b98788d62a2e3b7170163c28545001dd966938431e6d0e6e20cb344fde0a364d8c392d7f9985fcc82130e95a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
913baf217a621000551e2dbdd11024df

SHA1
64791d79e7d398d023c846dfc333912cd6f2274f

SHA256
4961a5292141a2ca98787b36a31e39240bb64d72702ee001e4e5513ffe1d12ec

SHA512
0bf579a5a81eb4da3a76655e60e58eff0c72d3ebeed79b5c2b5a12b222298966463d222ece8fb9a41863c9b80e594a5074291331c8da945107a7505bd91afccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9387bc6073f812bd9c25378ced8779ef

SHA1
1d3844129aa7a4b9b476887ad2b273ede0599981

SHA256
c5108e1bcc07668f960ecaeaae58f68a52834644107bc1468281bbcc2320cef9

SHA512
b606735829ba56f6c9c9bb6a387d4d1551742409fe1f9fbfc3127c438ce490c563ce81af62dedfbd9ff5fdb20455949c0080e9290a99deb5402bd0c8a20b5065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e92617c2ab0ce72872be34f1881af4

SHA1
2291708b40fab3cc05cf3178f2b93f079ac4ea99

SHA256
035d7403834a0ccf4b7431c924f337c9133dec897cc368291f4051e0b00815a8

SHA512
82b26f70765b342f0fcf86f5f9b6bf3c3b14acd131a6f1d5a19ce6b263abdfbb68cbab479e60df01b69920e71a580e4ec6e9c997ce4e231dfffabbada3abcc5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5d655203172cd42da5bda846689e397

SHA1
94fbc231d3c085a29fdeec48a4ed0ba5659511ce

SHA256
be7b7c1fb02df7e8fafe544ca3d4ea3eb264248413c75b228a579407f9e40f1f

SHA512
1c32eb05729ce16c01eb7b62e8b42d12d7473e3630105bf4c19d3014b70acf206ec1c0b678d041749de7477e0bddeb3075014f7fa98932e3a24fc5d973a1aaba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
528403c02fdcf4985082812cc4a26648

SHA1
23871d4fdb6a16c55653e5adffb73a431050ee74

SHA256
e1b185fbd2078ff8af6998de08c00d23108830e994679d3a08fced18f230d119

SHA512
1d90750abb319a8710eb0df03823e22542c51d60274b89011971ef0c8085534925d132dec6904dd37f2a314a3c8456ea1789385dac109213aa59bef7ea55a18a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6f6cca7777b19752969fd5c40aa78bb

SHA1
06b8a14858414ae69959999bd73933eaf57d5599

SHA256
3ba4847484d99d4a611e43c29d27e1d8d95188ab7121f35a30890030876815e7

SHA512
61e682fae8210e8b8cf57cc65bcbdbafdfe376695bf237b88fb216c4583f3757a4611ab6ff2b3c467acdec7454136ba9c80f191223fa4dad04483ce4f2a334b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46dc05ba19af9e20fd9f4f0687cdfaae

SHA1
42625c68381b48060e03e8be214be4feb5bc8591

SHA256
06d42cc00cc14d665fdbde4830e02e5913d7b9e05cf56d7fb928a7b2018c7426

SHA512
e56241ac558b33ebd8392043292cec46540dd0bdb20ea47f5e1e0abe908ab68bb8ce6c1855abf68688ac445986374edab74c360c7c8c3ed54fd3e779b68cb4b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b006f298bfbe9f406221cece61465333

SHA1
f424754530812b176d63fbb5d40543ed89475e36

SHA256
2c59dc27dc1bfcb6f90a26a1d4a771ea43b978cf4fe849cca0ccd1e334b90ea0

SHA512
e80da2c1bb74aec92c0429107efa69fcba246d40dd4fbefa2399b676eb4f81bea18162517e8fc2b1cd2b755736e8427f390ed58776255ef8c564371eb0bfd16e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6626b320ba9e653ac8397ce489cc399

SHA1
a875eae4d40166a78932c67c8295171ab5e5796f

SHA256
7bcfdf0a68ec4523389691b323e06d37195b749c75fe88253621944ab0971233

SHA512
6f059c1cb156150b8eac891945087717bb4987692ee2ff97856df812604fb355bcee4cf512a5ae2957f11f9548a1b144f853c1432768592ac64331f7866b90a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2337d71fc25ee2b6c141f6ef7b8f385e

SHA1
59caca3df42b6e777e1d5b55d214efe9286534df

SHA256
1051a8301f0626fe47577d6b0d1e3877b502aedea9710e567fb574e4903cd4f9

SHA512
d5d8eaf140d33fdc455449efb8875b55bc1696888deba8a5a51649c8f9e497d0a90df6b920fc0c1cde2505f1175c8a03119c2fb2fe83f74203553f65e4fb91c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\plusone[1].js

Filesize
62KB

MD5
9ad3205f5f0f66cb45c2f100a08ae92d

SHA1
f1508ec579134f528c8edac4bbca7dcf71e3a393

SHA256
56bb0f796579a6692add8776a44c2c57a321e78b0fcf7f005fa629bfdb8cce9d

SHA512
25bfcd410e493ea6bc72bdf11d309c24f738353d6d8d2e83abbe69cdb56eff744eb2e4410d35ea930d1b8df026daed1ef0555d518e972afe6e41f198dc8225da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1871.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1874.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request