76415895ae08607b2039cdbb02117d7ad2174152907fc006a7236c8144aa51e8

Analysis

max time kernel
16s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 11:56 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b5e5aa2900daf8563278a499faa3e51.html
Size

180KB
MD5

4b5e5aa2900daf8563278a499faa3e51
SHA1

87e39c7660b623c8e745ad684faa9bb742ec9d1b
SHA256

76415895ae08607b2039cdbb02117d7ad2174152907fc006a7236c8144aa51e8
SHA512

a57b65de4b14fc8ba3de193467f5aed744b24d8439557b5b33c0060101f88ff2946c25148706d5ebd643b92316078fb1234b0da252805dfdeab9e280f8424d55
SSDEEP

3072:ibWiF4OpBH0xsPsPl9aj7cUWwmJYhiKuvoQFcSKC82/xlL8M3/:ibWA4OpBUPnajOB+hiKuQQcz+/XN

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{03A4355E-AE1D-11EE-A0B6-56EE10B1B424} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2572	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2572	iexplore.exe
2572	iexplore.exe
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2716	2572	iexplore.exe	88
PID 2572 wrote to memory of 2716	2572	iexplore.exe	88
PID 2572 wrote to memory of 2716	2572	iexplore.exe	88

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4b5e5aa2900daf8563278a499faa3e51.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2716

Network

DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.238
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A
DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
DNS

lh6.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh6.ggpht.com

IN A

Response

lh6.ggpht.com

IN A

172.217.16.225
DNS

oi41.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

oi41.tinypic.com

IN A

Response
DNS

2.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

1.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

ibxk.com.br

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ibxk.com.br

IN A

Response
DNS

www.baixaki.com.br

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.baixaki.com.br

IN A

Response

www.baixaki.com.br

IN CNAME

3196813v.ha.azioncdn.net

3196813v.ha.azioncdn.net

IN A

179.191.165.65
DNS

3.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

img2.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img2.blogblog.com

IN A

Response

img2.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
GET

http://lh6.ggpht.com/_oqrzFCWGmxk/TACY4mivcyI/AAAAAAAAGB8/syIBRTpeap0/PES-SETA.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /_oqrzFCWGmxk/TACY4mivcyI/AAAAAAAAGB8/syIBRTpeap0/PES-SETA.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:56 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh6.ggpht.com/_7wsQzULWIwo/S6z7j2K2ixI/AAAAAAAAC8w/aBjS3JiC9fA/s800/emoticon-0101-sadsmile.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /_7wsQzULWIwo/S6z7j2K2ixI/AAAAAAAAC8w/aBjS3JiC9fA/s800/emoticon-0101-sadsmile.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0101-sadsmile.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1110
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:50 GMT
Expires: Tue, 09 Jan 2024 11:56:50 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6
ETag: "v2904"
Content-Type: image/gif
Vary: Origin
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A
DNS

lh3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh3.ggpht.com

IN A

Response

lh3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

lh3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh3.ggpht.com

IN A
DNS

lh4.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh4.ggpht.com

IN A

Response

lh4.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

lh4.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh4.ggpht.com

IN A
DNS

lh5.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh5.ggpht.com

IN A

Response

lh5.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.200.33
DNS

lh5.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh5.ggpht.com

IN A
GET

http://1.bp.blogspot.com/-3M2pfb31QWM/TWLDk8-AznI/AAAAAAAABLg/YuLPG6xEJwA/s200/Google+Chrome.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-3M2pfb31QWM/TWLDk8-AznI/AAAAAAAABLg/YuLPG6xEJwA/s200/Google+Chrome.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Google Chrome.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 60319
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:50 GMT
Expires: Tue, 09 Jan 2024 11:56:50 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v4b8"
Content-Type: image/png
Vary: Origin
Age: 6
GET

http://1.bp.blogspot.com/-3c9SxGcgsQw/TXSRIpxYIdI/AAAAAAAAH2g/anXeV38UAC4/s1600/Acesse-www.riptors.blogspot.com.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-3c9SxGcgsQw/TXSRIpxYIdI/AAAAAAAAH2g/anXeV38UAC4/s1600/Acesse-www.riptors.blogspot.com.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Acesse-www.riptors.blogspot.com.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 959
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f68"
Content-Type: image/png
Vary: Origin
Age: 29
GET

http://1.bp.blogspot.com/_DwWAlgqYyyc/TPMGIykO-LI/AAAAAAAAAp8/HhtGx2i8ujc/s1600/Feed%25C2%25B3.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_DwWAlgqYyyc/TPMGIykO-LI/AAAAAAAAAp8/HhtGx2i8ujc/s1600/Feed%25C2%25B3.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Feed_.png";filename*=UTF-8''Feed%C2%B3.png
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 77945
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:50 GMT
Expires: Tue, 09 Jan 2024 11:56:50 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v29f"
Content-Type: image/png
Vary: Origin
Age: 6
GET

http://1.bp.blogspot.com/-evOGehHV9V4/TXSRfLGGamI/AAAAAAAAH2w/LklshocoaLQ/s1600/by-RIPTORS.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-evOGehHV9V4/TXSRfLGGamI/AAAAAAAAH2w/LklshocoaLQ/s1600/by-RIPTORS.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="by-RIPTORS.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 226
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v347a"
Content-Type: image/gif
Vary: Origin
Age: 28
GET

http://lh6.ggpht.com/_7wsQzULWIwo/S6z9DpaPbrI/AAAAAAAAC9c/M74FsmQxqrw/s800/emoticon-0133-wait.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /_7wsQzULWIwo/S6z9DpaPbrI/AAAAAAAAC9c/M74FsmQxqrw/s800/emoticon-0133-wait.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0133-wait.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1806
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:50 GMT
Expires: Tue, 09 Jan 2024 11:56:50 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6
ETag: "v29f6"
Content-Type: image/gif
Vary: Origin
GET

http://lh6.ggpht.com/_7wsQzULWIwo/S6z9-FFVEeI/AAAAAAAAC94/T1IXnlT43-M/s800/emoticon-0178-rock.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /_7wsQzULWIwo/S6z9-FFVEeI/AAAAAAAAC94/T1IXnlT43-M/s800/emoticon-0178-rock.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0178-rock.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1843
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:50 GMT
Expires: Tue, 09 Jan 2024 11:56:50 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6
ETag: "v295a"
Content-Type: image/gif
Vary: Origin
DNS

s10.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A

Response

s10.histats.com

IN CNAME

s10.histats.com.cdn.cloudflare.net

s10.histats.com.cdn.cloudflare.net

IN A

104.20.80.99

s10.histats.com.cdn.cloudflare.net

IN A

104.20.79.99
GET

http://3.bp.blogspot.com/-ymCi6IDKZ0M/TWLDJz0YVMI/AAAAAAAABLc/HCWaYv1Zuvk/s200/download21.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-ymCi6IDKZ0M/TWLDJz0YVMI/AAAAAAAABLc/HCWaYv1Zuvk/s200/download21.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="download21.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8720
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:53 GMT
Expires: Tue, 09 Jan 2024 11:56:53 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "va0f"
Content-Type: image/gif
Vary: Origin
Age: 3
GET

http://3.bp.blogspot.com/-loKloNQaqYE/Ts_jwB3B9DI/AAAAAAAAC3A/rBAZS8zEAO4/s1600/banner%2Bgif.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-loKloNQaqYE/Ts_jwB3B9DI/AAAAAAAAC3A/rBAZS8zEAO4/s1600/banner%2Bgif.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:56 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/-FyVDfs7DOIE/TXSSOivqQcI/AAAAAAAAH3I/2Qjxpfxi86U/s1600/by-RIPTORS.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-FyVDfs7DOIE/TXSSOivqQcI/AAAAAAAAH3I/2Qjxpfxi86U/s1600/by-RIPTORS.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="by-RIPTORS.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 378
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v3441"
Content-Type: image/gif
Vary: Origin
Age: 29
GET

http://3.bp.blogspot.com/-75VjaU9-nPI/TXSTnwmdrqI/AAAAAAAAH3o/mHgDJ0XumeI/s1600/Acesse-www.riptors.blogspot.com.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-75VjaU9-nPI/TXSTnwmdrqI/AAAAAAAAH3o/mHgDJ0XumeI/s1600/Acesse-www.riptors.blogspot.com.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Acesse-www.riptors.blogspot.com.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 520
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f7a"
Content-Type: image/png
Vary: Origin
Age: 73
GET

http://2.bp.blogspot.com/-VdT3_Ti8GSU/TpheARVWQHI/AAAAAAAAAHE/jZyZu7EBPh0/s1600/33xyqo9.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-VdT3_Ti8GSU/TpheARVWQHI/AAAAAAAAAHE/jZyZu7EBPh0/s1600/33xyqo9.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:56 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://2.bp.blogspot.com/-mQJDdNdHjec/TmZ4GUjcphI/AAAAAAAABOg/gmkL2dRBN-Q/s1600/not+plagio.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-mQJDdNdHjec/TmZ4GUjcphI/AAAAAAAABOg/gmkL2dRBN-Q/s1600/not+plagio.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="not plagio.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2541
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:52 GMT
Expires: Tue, 09 Jan 2024 11:56:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v4e8"
Content-Type: image/png
Vary: Origin
Age: 4
GET

http://2.bp.blogspot.com/-KYTKk55eO4g/TkSG-h5UkQI/AAAAAAAAABk/R6aunYtpuUY/s1600/arrowhover.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-KYTKk55eO4g/TkSG-h5UkQI/AAAAAAAAABk/R6aunYtpuUY/s1600/arrowhover.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="arrowhover.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 517
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v19"
Content-Type: image/png
Vary: Origin
Age: 29
DNS

www.top30.com.br

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.top30.com.br

IN A

Response

www.top30.com.br

IN CNAME

top30.com.br

top30.com.br

IN A

192.185.223.169
GET

http://img2.blogblog.com/img/icon18_edit_allbkg.gif

IEXPLORE.EXE

Remote address:

216.58.212.233:80

Request

GET /img/icon18_edit_allbkg.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img2.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 02 Jan 2024 12:10:29 GMT
Expires: Tue, 09 Jan 2024 12:10:29 GMT
Cache-Control: public, max-age=604800
Last-Modified: Mon, 01 Jan 2024 21:50:16 GMT
Content-Type: image/gif
Age: 517587
DNS

img411.imageshack.us

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img411.imageshack.us

IN A

Response

img411.imageshack.us

IN CNAME

imagizer-cv.imageshack.us

imagizer-cv.imageshack.us

IN A

38.99.77.16

imagizer-cv.imageshack.us

IN A

38.99.77.17
DNS

1.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.181.190.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

i.imgur.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.imgur.com

IN A

Response

i.imgur.com

IN CNAME

ipv4.imgur.map.fastly.net

ipv4.imgur.map.fastly.net

IN A

199.232.168.193
DNS

i.imgur.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.imgur.com

IN A
GET

http://2.bp.blogspot.com/-pCiNUOeAU_c/TlZv13UZuII/AAAAAAAAAt8/GLc4byNbE6U/s1600/baner.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-pCiNUOeAU_c/TlZv13UZuII/AAAAAAAAAt8/GLc4byNbE6U/s1600/baner.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="baner.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13430
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2df"
Content-Type: image/png
Vary: Origin
Age: 5
GET

http://2.bp.blogspot.com/-o18cI-zTyEo/TWLDHgRh6GI/AAAAAAAABLY/2Ni0WVXbRLM/s1600/download21.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-o18cI-zTyEo/TWLDHgRh6GI/AAAAAAAABLY/2Ni0WVXbRLM/s1600/download21.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="download21.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 26344
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v9d7"
Content-Type: image/gif
Vary: Origin
Age: 5
GET

http://2.bp.blogspot.com/-C4xs7CmC4yo/TXSQDtqtoXI/AAAAAAAAH2A/QYxttg7z5-c/s1600/by-RIPTORS.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-C4xs7CmC4yo/TXSQDtqtoXI/AAAAAAAAH2A/QYxttg7z5-c/s1600/by-RIPTORS.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="by-RIPTORS.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1312
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 29
ETag: "v34fa"
Content-Type: image/gif
Vary: Origin
DNS

lh6.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh6.googleusercontent.com

IN A

Response

lh6.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.212.225
GET

http://1.bp.blogspot.com/-UpTOBugwiSI/TsEFuS0trWI/AAAAAAAAAKU/sno-ABYVR2Q/s1600/180X40-4.jpg

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-UpTOBugwiSI/TsEFuS0trWI/AAAAAAAAAKU/sno-ABYVR2Q/s1600/180X40-4.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="180X40-4.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 6666
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:50 GMT
Expires: Tue, 09 Jan 2024 11:56:50 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "va5"
Content-Type: image/jpeg
Vary: Origin
Age: 6
DNS

i39.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i39.tinypic.com

IN A

Response
DNS

i39.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i39.tinypic.com

IN A
GET

http://s10.histats.com/js15_giftop.js

IEXPLORE.EXE

Remote address:

104.20.80.99:80

Request

GET /js15_giftop.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s10.histats.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 08 Jan 2024 11:56:56 GMT
Content-Type: text/javascript
Content-Length: 4470
Connection: keep-alive
Content-Encoding: gzip
ETag: "-1741118570"
Last-Modified: Thu, 16 Apr 2020 10:44:17 GMT
Vary: Accept-Encoding
Cache-Control: max-age=28800
CF-Cache-Status: HIT
Age: 63279
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 842442935a777767-LHR
GET

http://s10.histats.com/js15.js

IEXPLORE.EXE

Remote address:

104.20.80.99:80

Request

GET /js15.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s10.histats.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 08 Jan 2024 11:57:22 GMT
Content-Type: text/javascript
Content-Length: 4405
Connection: keep-alive
Content-Encoding: gzip
ETag: "980881274"
Last-Modified: Thu, 16 Apr 2020 10:44:16 GMT
Vary: Accept-Encoding
Cache-Control: max-age=28800
CF-Cache-Status: HIT
Age: 15384
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 84244337ecf37767-LHR
DNS

i1109.photobucket.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i1109.photobucket.com

IN A

Response

i1109.photobucket.com

IN A

13.224.81.9

i1109.photobucket.com

IN A

13.224.81.93

i1109.photobucket.com

IN A

13.224.81.90

i1109.photobucket.com

IN A

13.224.81.73
DNS

img267.imageshack.us

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img267.imageshack.us

IN A

Response

img267.imageshack.us

IN CNAME

imagizer-cv.imageshack.us

imagizer-cv.imageshack.us

IN A

38.99.77.17

imagizer-cv.imageshack.us

IN A

38.99.77.16
DNS

img267.imageshack.us

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img267.imageshack.us

IN A
GET

http://img411.imageshack.us/img411/3563/1zp2jhi.png

IEXPLORE.EXE

Remote address:

38.99.77.16:80

Request

GET /img411/3563/1zp2jhi.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img411.imageshack.us
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx/1.2.8
Date: Mon, 08 Jan 2024 11:56:57 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A

Response
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A
DNS

i44.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i44.tinypic.com

IN A

Response
GET

https://lh6.googleusercontent.com/-Oh5JD7e7XqY/Tlq7a648qcI/AAAAAAAAB6g/MY7c9M-o1Mk/brizatrafego180x40.jpg

IEXPLORE.EXE

Remote address:

216.58.212.225:443

Request

GET /-Oh5JD7e7XqY/Tlq7a648qcI/AAAAAAAAB6g/MY7c9M-o1Mk/brizatrafego180x40.jpg HTTP/2.0
host: lh6.googleusercontent.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="brizatrafego180x40.jpg"
x-content-type-options: nosniff
server: fife
content-length: 8825
x-xss-protection: 0
date: Mon, 08 Jan 2024 11:56:58 GMT
expires: Tue, 09 Jan 2024 11:56:58 GMT
cache-control: public, max-age=86400, no-transform
etag: "v7a8"
content-type: image/jpeg
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://2.bp.blogspot.com/-_Yd3GobMEp8/TugCdMT22vI/AAAAAAAAAfg/RmsPmXeDRo8/s1600/Banner+180+x+40.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-_Yd3GobMEp8/TugCdMT22vI/AAAAAAAAAfg/RmsPmXeDRo8/s1600/Banner+180+x+40.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Banner 180 x 40.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 16228
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:52 GMT
Expires: Tue, 09 Jan 2024 11:56:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f8"
Content-Type: image/png
Vary: Origin
Age: 4
GET

http://2.bp.blogspot.com/_ndiGBBqXMlY/TPj9BmnOpUI/AAAAAAAACPI/aKrQPdx6jIs/s1600/Google+Chrome.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_ndiGBBqXMlY/TPj9BmnOpUI/AAAAAAAACPI/aKrQPdx6jIs/s1600/Google+Chrome.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Google Chrome.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 158521
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v8f2"
Content-Type: image/png
Vary: Origin
Age: 5
GET

http://2.bp.blogspot.com/-fEqhrrYaoDI/TXSPbrLJlrI/AAAAAAAAH1o/W9EyL5lNrgM/s1600/by-RIPTORS.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-fEqhrrYaoDI/TXSPbrLJlrI/AAAAAAAAH1o/W9EyL5lNrgM/s1600/by-RIPTORS.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="by-RIPTORS.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 287
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 28
ETag: "v3413"
Content-Type: image/gif
Vary: Origin
DNS

erexim.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

erexim.com

IN A

Response

erexim.com

IN A

66.45.246.141
DNS

pr.s12.com.br

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pr.s12.com.br

IN A

Response

pr.s12.com.br

IN A

172.67.130.36

pr.s12.com.br

IN A

104.21.3.29
GET

http://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif

IEXPLORE.EXE

Remote address:

13.224.81.9:80

Request

GET /albums/h425/higorxxt/180x50pokp.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1109.photobucket.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Mon, 08 Jan 2024 11:56:58 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif
X-Cache: Redirect from cloudfront
Via: 1.1 d009dc50477dace1d119377ea49dbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MAN50-C2
X-Amz-Cf-Id: VZIFPaBLqm5lF7Dg7Z-QeOb7EAjrDM7_1qsAuARgUs4X9aQTO4bYUQ==
Vary: Origin
GET

https://www.blogger.com/static/v1/widgets/1258645123-widgets.js

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/widgets/1258645123-widgets.js HTTP/2.0
host: www.blogger.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 10:14:39 GMT
expires: Wed, 01 Jan 2025 10:14:39 GMT
cache-control: public, max-age=31536000
age: 524540
last-modified: Thu, 09 Sep 2021 01:51:04 GMT
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/204402360-widget_css_bundle.css

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/widgets/204402360-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6583
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 13:42:45 GMT
expires: Wed, 01 Jan 2025 13:42:45 GMT
cache-control: public, max-age=31536000
age: 512054
last-modified: Thu, 05 Aug 2021 23:01:50 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6257412836446475597&zx=12eeba94-87de-4bae-ab55-0b602b8b3dba

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /dyn-css/authorization.css?targetBlogID=6257412836446475597&zx=12eeba94-87de-4bae-ab55-0b602b8b3dba HTTP/2.0
host: www.blogger.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 55217
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 07 Jan 2024 13:44:57 GMT
expires: Mon, 06 Jan 2025 13:44:57 GMT
cache-control: public, max-age=31536000
age: 79922
last-modified: Tue, 27 Jul 2021 02:53:35 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/jsbin/1639926472-comment_from_post_iframe.js

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/jsbin/1639926472-comment_from_post_iframe.js HTTP/2.0
host: www.blogger.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:56:59 GMT
last-modified: Mon, 08 Jan 2024 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/navbar.g?targetBlogID=6257412836446475597&blogName=%C2%BB+CAPS+LOCK+DOWNS+%C2%AB%C2%AE&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://capslock-downs.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://capslock-downs.blogspot.com/&targetPostID=7444881962205571878&blogPostOrPageUrl=http://capslock-downs.blogspot.com/2011/02/google-chrome-9059798-para-linux.html&vt=-7780375092929788990&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /navbar.g?targetBlogID=6257412836446475597&blogName=%C2%BB+CAPS+LOCK+DOWNS+%C2%AB%C2%AE&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://capslock-downs.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://capslock-downs.blogspot.com/&targetPostID=7444881962205571878&blogPostOrPageUrl=http://capslock-downs.blogspot.com/2011/02/google-chrome-9059798-para-linux.html&vt=-7780375092929788990&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__ HTTP/2.0
host: www.blogger.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:57:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2650
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110 HTTP/2.0
host: www.blogger.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
location: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D6257412836446475597%26postID%3D7444881962205571878%26blogspotRpcToken%3D9850110%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D6257412836446475597%26postID%3D7444881962205571878%26blogspotRpcToken%3D9850110%26bpli%3D1&go=true
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Mon, 08 Jan 2024 11:57:22 GMT
expires: Mon, 08 Jan 2024 11:57:22 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 322
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/followers.g?blogID=6257412836446475597&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50&pageSize=21&postID=7444881962205571878&origin=http://capslock-downs.blogspot.com/&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /followers.g?blogID=6257412836446475597&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50&pageSize=21&postID=7444881962205571878&origin=http://capslock-downs.blogspot.com/&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__ HTTP/2.0
host: www.blogger.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
location: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D6257412836446475597%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7444881962205571878%26origin%3Dhttp://capslock-downs.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.y0xCMa4KeeI.O/d%253D1/rs%253DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D6257412836446475597%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7444881962205571878%26origin%3Dhttp://capslock-downs.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.y0xCMa4KeeI.O/d%253D1/rs%253DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/m%253D__features__%26bpli%3D1&go=true
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Mon, 08 Jan 2024 11:57:22 GMT
expires: Mon, 08 Jan 2024 11:57:22 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 550
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110&bpli=1

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110&bpli=1 HTTP/2.0
host: www.blogger.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1805
server: GSE
set-cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA; Domain=.blogger.com; Path=/; Secure; HttpOnly; Priority=LOW; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/followers.g?blogID=6257412836446475597&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50&pageSize=21&postID=7444881962205571878&origin=http://capslock-downs.blogspot.com/&usegapi=1&jsh=m;/_/scs/abc-static/_/js/k%3Dgapi.lb.en.y0xCMa4KeeI.O/d%3D1/rs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/m%3D__features__&bpli=1

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /followers.g?blogID=6257412836446475597&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50&pageSize=21&postID=7444881962205571878&origin=http://capslock-downs.blogspot.com/&usegapi=1&jsh=m;/_/scs/abc-static/_/js/k%3Dgapi.lb.en.y0xCMa4KeeI.O/d%3D1/rs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/m%3D__features__&bpli=1 HTTP/2.0
host: www.blogger.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2623
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/577263412-widgets.js

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/widgets/577263412-widgets.js HTTP/2.0
host: www.blogger.com
accept: application/javascript, */*;q=0.8
referer: https://www.usuarionovo.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59320
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 08 Jan 2024 02:56:41 GMT
expires: Tue, 07 Jan 2025 02:56:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Jan 2024 20:06:15 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 32486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/2.0
host: www.blogger.com
accept: text/css, */*
referer: http://brizasistema.blogspot.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 17:37:10 GMT
expires: Wed, 01 Jan 2025 17:37:10 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 Jan 2024 13:00:04 GMT
content-type: text/css
vary: Accept-Encoding
age: 498057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3003018080935338590&zx=5e6a9bc7-46b3-4a61-a06a-b63c744a2a6e

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /dyn-css/authorization.css?targetBlogID=3003018080935338590&zx=5e6a9bc7-46b3-4a61-a06a-b63c744a2a6e HTTP/2.0
host: www.blogger.com
accept: text/css, */*
referer: http://brizasistema.blogspot.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 35312
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 05 Jan 2024 12:12:19 GMT
expires: Sat, 04 Jan 2025 12:12:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Jan 2024 20:06:15 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 258348
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/v-css/2621646369-cmtfp.css HTTP/2.0
host: www.blogger.com
accept: text/css, */*
referer: https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110&bpli=1
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 3701
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 07:08:33 GMT
expires: Wed, 01 Jan 2025 07:08:33 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 01 Jan 2024 22:49:53 GMT
content-type: text/css
vary: Accept-Encoding
age: 535774
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/jsbin/960979135-cmt__pt_br.js

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /static/v1/jsbin/960979135-cmt__pt_br.js HTTP/2.0
host: www.blogger.com
accept: application/javascript, */*;q=0.8
referer: https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110&bpli=1
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:58:07 GMT
last-modified: Mon, 08 Jan 2024 11:58:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/navbar.g?targetBlogID=3003018080935338590&blogName=Briza+Trafego+Sistema&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://brizasistema.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://brizasistema.blogspot.com/&vt=-9095585768776303526&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /navbar.g?targetBlogID=3003018080935338590&blogName=Briza+Trafego+Sistema&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://brizasistema.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://brizasistema.blogspot.com/&vt=-9095585768776303526&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__ HTTP/2.0
host: www.blogger.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: http://brizasistema.blogspot.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:58:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2571
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=pBq_eaGNeQPMek60CnKWy_ILlX9gRsLLbk3WGYw_FYY

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /comment-iframe-bg.g?bgresponse=js_disabled&bgint=pBq_eaGNeQPMek60CnKWy_ILlX9gRsLLbk3WGYw_FYY HTTP/2.0
host: www.blogger.com
accept: */*
referer: https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110&bpli=1
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 08 Jan 2024 11:58:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 17487
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/img/blogger_logo_round_35.png

IEXPLORE.EXE

Remote address:

216.58.212.233:443

Request

GET /img/blogger_logo_round_35.png HTTP/2.0
host: www.blogger.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.usuarionovo.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: S=blogger=IDmnfMpAmbgWInNHgezj1MDZuyjTQjG6uJNn78AJFsA

Response

HTTP/2.0 200

accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2531
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 07:01:57 GMT
expires: Tue, 09 Jan 2024 07:01:57 GMT
cache-control: public, max-age=604800
last-modified: Mon, 01 Jan 2024 11:50:32 GMT
content-type: image/png
age: 536171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

dl.dropbox.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dl.dropbox.com

IN A

Response

dl.dropbox.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
GET

http://pr.s12.com.br/ad.js?id=bDddwxC6

IEXPLORE.EXE

Remote address:

172.67.130.36:80

Request

GET /ad.js?id=bDddwxC6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pr.s12.com.br
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 08 Jan 2024 11:56:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 08 Jan 2024 12:56:59 GMT
Location: https://pr.s12.com.br/ad.js?id=bDddwxC6
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OALO2Jgz3CdzKhm7W3X%2FHZqfcXDU6OpaC5AjwkrQ29L46hg021KAblvj5fjo%2FBlVVbwlunzRhZkjDhy%2FzPjVbttXeDFOaLIqbAZJs%2B5mnBICfKliWE0c108gAcVXTmcp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 842442a6cd8660dc-LHR
alt-svc: h3=":443"; ma=86400
GET

http://erexim.com/ereimg/blogerexim/pagerank-2.gif

IEXPLORE.EXE

Remote address:

66.45.246.141:80

Request

GET /ereimg/blogerexim/pagerank-2.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: erexim.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx/1.19.5
Date: Mon, 08 Jan 2024 12:56:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Set-Cookie: PHPSESSID=4ur6l3snj92tb21d972m8nrgk0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: nui=Qi32jWWb8RBS9Bp67cTxAg==; expires=Tue, 07-Jan-25 12:56:48 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
GET

http://www.top30.com.br/img/selovotar.gif

IEXPLORE.EXE

Remote address:

192.185.223.169:80

Request

GET /img/selovotar.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.top30.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 08 Jan 2024 11:56:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 19 Mar 2007 22:59:54 GMT
Accept-Ranges: bytes
Content-Length: 2912
Keep-Alive: timeout=5, max=75
Content-Type: image/gif
DNS

s4i.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s4i.histats.com

IN A

Response

s4i.histats.com

IN A

142.4.219.198

s4i.histats.com

IN A

149.56.240.132

s4i.histats.com

IN A

149.56.240.130

s4i.histats.com

IN A

149.56.240.129

s4i.histats.com

IN A

149.56.240.127

s4i.histats.com

IN A

149.56.240.31
GET

https://s4i.histats.com/stats/i/1736392.gif?1736392&@f16&@g1&@h1&@i1&@j1704715015581&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s10012&@ten-US&@u1280&@b1:-54596053&@b3:1704715016&@b4:js15_giftop.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C4b5e5aa2900daf8563278a499faa3e51.html&@w

IEXPLORE.EXE

Remote address:

142.4.219.198:443

Request

GET /stats/i/1736392.gif?1736392&@f16&@g1&@h1&@i1&@j1704715015581&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s10012&@ten-US&@u1280&@b1:-54596053&@b3:1704715016&@b4:js15_giftop.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C4b5e5aa2900daf8563278a499faa3e51.html&@w HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s4i.histats.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 08 Jan 2024 11:57:00 GMT
Content-Type: image/png
Content-Length: 2778
Connection: close
ETag: 1449474725
GET

https://dl.dropbox.com/u/51723293/kf.js

IEXPLORE.EXE

Remote address:

162.125.64.15:443

Request

GET /u/51723293/kf.js HTTP/2.0
host: dl.dropbox.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 404

content-type: text/html
date: Mon, 08 Jan 2024 11:56:57 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: fa8ba86bc7174654979686bb921a2ba2
GET

http://www.baixaki.com.br/imagens/59820/121427.jpg

IEXPLORE.EXE

Remote address:

179.191.165.65:80

Request

GET /imagens/59820/121427.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.baixaki.com.br
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: azion webserver
Date: Mon, 08 Jan 2024 11:56:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.baixaki.com.br/imagens/59820/121427.jpg
Expires: Mon, 08 Jan 2024 12:01:57 GMT
Cache-Control: max-age=300
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 21930
date: Mon, 08 Jan 2024 11:56:58 GMT
expires: Mon, 08 Jan 2024 11:56:58 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "198f19c141a8a438"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
set-cookie: NID=511=UplnnafmkhACz6H6dC_kiBUjqVy15CFOpsjHESeRmcOs5OOhSM5u6mJ87wUnD3RHTydPipz6neYm1nunan6y8E1_b2pjxvN2y1ABxKbo9deq-RNFKZ4HuO9c12XO9d1myp1aDkJsw3Pr5ac2MyipriSoO4FzhDWhCILL5WRzi2s; expires=Tue, 09-Jul-2024 11:56:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=UplnnafmkhACz6H6dC_kiBUjqVy15CFOpsjHESeRmcOs5OOhSM5u6mJ87wUnD3RHTydPipz6neYm1nunan6y8E1_b2pjxvN2y1ABxKbo9deq-RNFKZ4HuO9c12XO9d1myp1aDkJsw3Pr5ac2MyipriSoO4FzhDWhCILL5WRzi2s

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 55872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 01 Jan 2024 19:23:22 GMT
expires: Tue, 31 Dec 2024 19:23:22 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 06 Dec 2023 19:05:16 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 578017
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=UplnnafmkhACz6H6dC_kiBUjqVy15CFOpsjHESeRmcOs5OOhSM5u6mJ87wUnD3RHTydPipz6neYm1nunan6y8E1_b2pjxvN2y1ABxKbo9deq-RNFKZ4HuO9c12XO9d1myp1aDkJsw3Pr5ac2MyipriSoO4FzhDWhCILL5WRzi2s

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 15125
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 Jan 2024 20:32:06 GMT
expires: Wed, 01 Jan 2025 20:32:06 GMT
cache-control: public, max-age=31536000
age: 487493
last-modified: Wed, 06 Dec 2023 19:05:16 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FdrL9dI/AAAAAAAAC9E/rbB37xy1Ybw/s800/emoticon-0109-kiss.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z8FdrL9dI/AAAAAAAAC9E/rbB37xy1Ybw/s800/emoticon-0109-kiss.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0109-kiss.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1513
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32af"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FBbw3UI/AAAAAAAAC9A/8iSol6bUSDk/s800/emoticon-0106-crying.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z8FBbw3UI/AAAAAAAAC9A/8iSol6bUSDk/s800/emoticon-0106-crying.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0106-crying.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1707
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2e8f"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FmT-INI/AAAAAAAAC9M/GOURDHmPe9E/s800/emoticon-0110-tongueout.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z8FmT-INI/AAAAAAAAC9M/GOURDHmPe9E/s800/emoticon-0110-tongueout.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0110-tongueout.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1077
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2e46"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z9DcebxfI/AAAAAAAAC9Y/Xew2m0j1B9I/s800/emoticon-0130-devil.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z9DcebxfI/AAAAAAAAC9Y/Xew2m0j1B9I/s800/emoticon-0130-devil.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0130-devil.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1652
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v3209"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8Fw5N1LI/AAAAAAAAC9Q/xY9rjSFroCY/s800/emoticon-0126-nerd.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z8Fw5N1LI/AAAAAAAAC9Q/xY9rjSFroCY/s800/emoticon-0126-nerd.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0126-nerd.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1380
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2af4"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z9D6YdKmI/AAAAAAAAC9k/io_WlgJQL2w/s800/emoticon-0136-giggle.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z9D6YdKmI/AAAAAAAAC9k/io_WlgJQL2w/s800/emoticon-0136-giggle.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0136-giggle.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1098
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v29f1"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z99sMaIFI/AAAAAAAAC9w/gIu5t9057us/s800/emoticon-0149-no.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z99sMaIFI/AAAAAAAAC9w/gIu5t9057us/s800/emoticon-0149-no.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0149-no.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1587
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2b56"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_7wsQzULWIwo/S6z99zPt4vI/AAAAAAAAC90/SOCwFsYa4M4/s800/emoticon-0155-flower.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z99zPt4vI/AAAAAAAAC90/SOCwFsYa4M4/s800/emoticon-0155-flower.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0155-flower.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2176
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:49 GMT
Expires: Tue, 09 Jan 2024 11:56:49 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2d86"
Content-Type: image/gif
Vary: Origin
Age: 8
GET

http://lh5.ggpht.com/_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh5.ggpht.com/_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh4.ggpht.com/_7wsQzULWIwo/S6z9D-KY1cI/AAAAAAAAC9g/PZppx2BcToc/s800/emoticon-0137-clapping.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z9D-KY1cI/AAAAAAAAC9g/PZppx2BcToc/s800/emoticon-0137-clapping.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0137-clapping.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2165
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2db4"
Content-Type: image/gif
Vary: Origin
Age: 6
GET

http://lh4.ggpht.com/_7wsQzULWIwo/S6z7kDXfZsI/AAAAAAAAC80/JrDuueBH-mE/s800/emoticon-0102-bigsmile.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z7kDXfZsI/AAAAAAAAC80/JrDuueBH-mE/s800/emoticon-0102-bigsmile.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0102-bigsmile.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1586
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2d29"
Content-Type: image/gif
Vary: Origin
Age: 6
GET

http://lh4.ggpht.com/_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh4.ggpht.com/_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-GkuWkHgor68/Tn00-jKdTUI/AAAAAAAAAKQ/aWNxm_2iJPY/s1600/01.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-GkuWkHgor68/Tn00-jKdTUI/AAAAAAAAAKQ/aWNxm_2iJPY/s1600/01.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="01.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 16565
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "va4"
Content-Type: image/png
Vary: Origin
Age: 6
GET

http://4.bp.blogspot.com/-3npbKZliv48/TXSOpV-42RI/AAAAAAAAH1I/hiasq69iRnI/s1600/Acesse-www.riptors.blogspot.com.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-3npbKZliv48/TXSOpV-42RI/AAAAAAAAH1I/hiasq69iRnI/s1600/Acesse-www.riptors.blogspot.com.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Acesse-www.riptors.blogspot.com.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 516
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 5
ETag: "v1f52"
Content-Type: image/png
Vary: Origin
GET

http://4.bp.blogspot.com/-UqCXUcdef74/TXSQufXUpeI/AAAAAAAAH2Q/722pBTTBP_8/s1600/by-RIPTORS.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-UqCXUcdef74/TXSQufXUpeI/AAAAAAAAH2Q/722pBTTBP_8/s1600/by-RIPTORS.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="by-RIPTORS.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 283
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v33fd"
Content-Type: image/gif
Vary: Origin
Age: 28
GET

http://4.bp.blogspot.com/-bnlGFfndH_w/TXSUWwbGxGI/AAAAAAAAH4I/g5FU3jNvQ98/s1600/0%2Bwww.baixartemplatesnovos.blogspot.com.jpg

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-bnlGFfndH_w/TXSUWwbGxGI/AAAAAAAAH4I/g5FU3jNvQ98/s1600/0%2Bwww.baixartemplatesnovos.blogspot.com.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="0 www.baixartemplatesnovos.blogspot.com.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 7600
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f82"
Content-Type: image/jpeg
Vary: Origin
Age: 6
GET

http://4.bp.blogspot.com/-Jn1wt_EKd6w/TXSRtyaKCeI/AAAAAAAAH24/QSiGsXr0Gws/s1600/Acesse-www.riptors.blogspot.com.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-Jn1wt_EKd6w/TXSRtyaKCeI/AAAAAAAAH24/QSiGsXr0Gws/s1600/Acesse-www.riptors.blogspot.com.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Acesse-www.riptors.blogspot.com.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 540
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f6e"
Content-Type: image/png
Vary: Origin
Age: 28
GET

http://4.bp.blogspot.com/-UXTOWu-qNMU/TXSSfz6SPVI/AAAAAAAAH3Q/rNEPvU9qdBU/s1600/Acesse-www.riptors.blogspot.com.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /-UXTOWu-qNMU/TXSSfz6SPVI/AAAAAAAAH3Q/rNEPvU9qdBU/s1600/Acesse-www.riptors.blogspot.com.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Acesse-www.riptors.blogspot.com.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 472
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:54 GMT
Expires: Tue, 09 Jan 2024 11:56:54 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f74"
Content-Type: image/png
Vary: Origin
Age: 29
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z7kQ8V_nI/AAAAAAAAC84/9WEQPmHLJiI/s800/emoticon-0105-wink.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z7kQ8V_nI/AAAAAAAAC84/9WEQPmHLJiI/s800/emoticon-0105-wink.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0105-wink.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1090
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2f3a"
Content-Type: image/gif
Vary: Origin
Age: 6
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z7jnvQpuI/AAAAAAAAC8s/kgswZH3dAng/s800/emoticon-0100-smile.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z7jnvQpuI/AAAAAAAAC8s/kgswZH3dAng/s800/emoticon-0100-smile.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0100-smile.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1049
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:51 GMT
Expires: Tue, 09 Jan 2024 11:56:51 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2920"
Content-Type: image/gif
Vary: Origin
Age: 6
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z7kWgRFeI/AAAAAAAAC88/2jjlfg01MIA/s800/emoticon-0104-surprised.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z7kWgRFeI/AAAAAAAAC88/2jjlfg01MIA/s800/emoticon-0104-surprised.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0104-surprised.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1275
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:52 GMT
Expires: Tue, 09 Jan 2024 11:56:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2d6c"
Content-Type: image/gif
Vary: Origin
Age: 5
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z8FpL8dkI/AAAAAAAAC9I/p_OhzAyH-SQ/s800/emoticon-0111-blush.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z8FpL8dkI/AAAAAAAAC9I/p_OhzAyH-SQ/s800/emoticon-0111-blush.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0111-blush.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1472
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:52 GMT
Expires: Tue, 09 Jan 2024 11:56:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2b84"
Content-Type: image/gif
Vary: Origin
Age: 5
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z9DendQuI/AAAAAAAAC9U/jtRdRpcopRQ/s800/emoticon-0103-cool.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z9DendQuI/AAAAAAAAC9U/jtRdRpcopRQ/s800/emoticon-0103-cool.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0103-cool.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1152
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:52 GMT
Expires: Tue, 09 Jan 2024 11:56:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2f4d"
Content-Type: image/gif
Vary: Origin
Age: 5
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z99cfdl1I/AAAAAAAAC9o/aJP10AXzhGE/s800/emoticon-0141-whew.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z99cfdl1I/AAAAAAAAC9o/aJP10AXzhGE/s800/emoticon-0141-whew.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0141-whew.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3193
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:53 GMT
Expires: Tue, 09 Jan 2024 11:56:53 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2ed0"
Content-Type: image/gif
Vary: Origin
Age: 4
GET

http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh3.ggpht.com/_7wsQzULWIwo/S6z99UcZMKI/AAAAAAAAC9s/p7NVe245uP4/s800/emoticon-0148-yes.gif

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_7wsQzULWIwo/S6z99UcZMKI/AAAAAAAAC9s/p7NVe245uP4/s800/emoticon-0148-yes.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="emoticon-0148-yes.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1736
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:53 GMT
Expires: Tue, 09 Jan 2024 11:56:53 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2b15"
Content-Type: image/gif
Vary: Origin
Age: 4
GET

http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
GET

http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png

IEXPLORE.EXE

Remote address:

142.250.200.33:80

Request

GET /_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 11:56:57 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
DNS

233.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.212.58.216.in-addr.arpa

IN PTR

Response

233.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2331e100net

233.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f9�J

233.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f9�J
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f1�H
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

225.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.212.58.216.in-addr.arpa

IN PTR

Response

225.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f11e100net

225.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f1�H

225.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f225�H
DNS

99.80.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.80.20.104.in-addr.arpa

IN PTR

Response
DNS

15.64.125.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.64.125.162.in-addr.arpa

IN PTR

Response
DNS

141.246.45.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.246.45.66.in-addr.arpa

IN PTR

Response
DNS

169.223.185.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.223.185.192.in-addr.arpa

IN PTR

Response

169.223.185.192.in-addr.arpa

IN PTR

srv124-ip05prodnscombr
DNS

198.219.4.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.219.4.142.in-addr.arpa

IN PTR

Response

198.219.4.142.in-addr.arpa

IN PTR

ns5000868ip-142-4-219net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
GET

http://i.imgur.com/wCLDS.gif

IEXPLORE.EXE

Remote address:

199.232.168.193:80

Request

GET /wCLDS.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.imgur.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: close
Content-Length: 0
Retry-After: 0
Location: https://i.imgur.com/wCLDS.gif
Accept-Ranges: bytes
Date: Mon, 08 Jan 2024 11:56:59 GMT
X-Served-By: cache-par-lfpg1960085-PAR
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1704715019.290727,VS0,VE0
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
GET

http://i.imgur.com/PO1my.png

IEXPLORE.EXE

Remote address:

199.232.168.193:80

Request

GET /PO1my.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.imgur.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: close
Content-Length: 0
Retry-After: 0
Location: https://i.imgur.com/PO1my.png
Accept-Ranges: bytes
Date: Mon, 08 Jan 2024 11:56:59 GMT
X-Served-By: cache-par-lfpg1960044-PAR
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1704715019.321508,VS0,VE0
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
GET

http://i.imgur.com/KesZG.jpg

IEXPLORE.EXE

Remote address:

199.232.168.193:80

Request

GET /KesZG.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.imgur.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: close
Content-Length: 0
Retry-After: 0
Location: https://i.imgur.com/KesZG.jpg
Accept-Ranges: bytes
Date: Mon, 08 Jan 2024 11:56:59 GMT
X-Served-By: cache-par-lfpg1960041-PAR
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1704715019.287495,VS0,VE0
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
GET

http://img267.imageshack.us/img267/9172/babbe3.png

IEXPLORE.EXE

Remote address:

38.99.77.17:80

Request

GET /img267/9172/babbe3.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img267.imageshack.us
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx/1.2.8
Date: Mon, 08 Jan 2024 11:56:58 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
GET

https://www.baixaki.com.br/imagens/59820/121427.jpg

IEXPLORE.EXE

Remote address:

179.191.165.65:443

Request

GET /imagens/59820/121427.jpg HTTP/2.0
host: www.baixaki.com.br
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 404

date: Mon, 08 Jan 2024 11:57:08 GMT
content-type: text/html; charset=utf-8
x-nextjs-cache: HIT
x-powered-by: Next.js
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
version: 3.0.7
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

16.77.99.38.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.77.99.38.in-addr.arpa

IN PTR

Response

16.77.99.38.in-addr.arpa

IN PTR

imagizer-cv imageshackus
DNS

185.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.178.17.96.in-addr.arpa

IN PTR

Response

185.178.17.96.in-addr.arpa

IN PTR

a96-17-178-185deploystaticakamaitechnologiescom
DNS

185.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.178.17.96.in-addr.arpa

IN PTR

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
DNS

resources.blogblog.com

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A
DNS

65.165.191.179.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.165.191.179.in-addr.arpa

IN PTR

Response
DNS

17.77.99.38.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.77.99.38.in-addr.arpa

IN PTR

Response

17.77.99.38.in-addr.arpa

IN PTR

imagizer-cv imageshackus
GET

https://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif

IEXPLORE.EXE

Remote address:

13.224.81.9:443

Request

GET /albums/h425/higorxxt/180x50pokp.gif HTTP/2.0
host: i1109.photobucket.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: image/gif
content-length: 4815
date: Mon, 08 Jan 2024 11:57:04 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="180x50pokp.gif"
content-security-policy: script-src 'none'
expires: Tue, 07 Jan 2025 11:57:04 GMT
server: photobucket
x-amzn-trace-id: Root=1-659be310-6725bf5d12badeba4c455180
x-request-id: SicpQqg1UIhbCl8Vu5nam
vary: Accept
x-cache: Miss from cloudfront
via: 1.1 fd93e612b7bd34be3c80aeae727fa182.cloudfront.net (CloudFront)
x-amz-cf-pop: MAN50-C2
x-amz-cf-id: DhV6QwP0cWMJEvBNsz-nW4tu2NvncbZnuYc8pEgnfKlxGiTrkTHQBw==
vary: Origin
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=023D2028539564E304EA3428522E6587; domain=.bing.com; expires=Sat, 01-Feb-2025 11:56:59 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AA2B2B678FE64F5FA0CC9E5733FD87CD Ref B: LON04EDGE0914 Ref C: 2024-01-08T11:56:59Z
date: Mon, 08 Jan 2024 11:56:58 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=023D2028539564E304EA3428522E6587

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ObrUe5px6vV_IzlESORBg41CQ6Zh5Ps7JSnayxkKfq0; domain=.bing.com; expires=Sat, 01-Feb-2025 11:56:59 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FEBABE2AB34E45DDAB11B27D35948362 Ref B: LON04EDGE0914 Ref C: 2024-01-08T11:56:59Z
date: Mon, 08 Jan 2024 11:56:58 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=023D2028539564E304EA3428522E6587; MSPTC=ObrUe5px6vV_IzlESORBg41CQ6Zh5Ps7JSnayxkKfq0

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DA59E71AB19D438C9572A9B283259992 Ref B: LON04EDGE0914 Ref C: 2024-01-08T11:56:59Z
date: Mon, 08 Jan 2024 11:56:58 GMT
DNS

9.81.224.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.81.224.13.in-addr.arpa

IN PTR

Response

9.81.224.13.in-addr.arpa

IN PTR

server-13-224-81-9man50r cloudfrontnet
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR

Response

40.13.222.173.in-addr.arpa

IN PTR

a173-222-13-40deploystaticakamaitechnologiescom
GET

https://i.imgur.com/PO1my.png

IEXPLORE.EXE

Remote address:

199.232.168.193:443

Request

GET /PO1my.png HTTP/2.0
host: i.imgur.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: image/png
last-modified: Thu, 10 Nov 2011 05:18:56 GMT
etag: "3d17e824a303956ed798a347e1b23745"
x-amz-cf-pop: IAD55-P2
x-amz-cf-id: KIfYCJtNbFyETMiXVU_k8vRvV2pdT9B4QrxrQBRMtd1oQvbFPCenDw==
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 08 Jan 2024 11:57:02 GMT
age: 2952333
x-served-by: cache-iad-kjyo7100042-IAD, cache-par-lfpg1960083-PAR
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 8, 1
x-timer: S1704715022.405888,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 13640
GET

https://i.imgur.com/KesZG.jpg

IEXPLORE.EXE

Remote address:

199.232.168.193:443

Request

GET /KesZG.jpg HTTP/2.0
host: i.imgur.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: image/jpeg
last-modified: Sun, 06 Nov 2011 19:30:08 GMT
etag: "2150a272a9a31488a9c8b4ee995bc9cf"
x-amz-cf-pop: IAD55-P2
x-amz-cf-id: zMZnLbihjt6D_1EcY8oxiSq_uw2jOKNF05cDGubk9nz1EfgvnNNkvA==
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 08 Jan 2024 11:57:02 GMT
age: 9
x-served-by: cache-iad-kjyo7100147-IAD, cache-par-lfpg1960083-PAR
x-cache: Miss from cloudfront, MISS, HIT
x-cache-hits: 0, 1
x-timer: S1704715022.405857,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 12860
GET

https://i.imgur.com/wCLDS.gif

IEXPLORE.EXE

Remote address:

199.232.168.193:443

Request

GET /wCLDS.gif HTTP/2.0
host: i.imgur.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: image/gif
last-modified: Fri, 04 Nov 2011 19:47:35 GMT
etag: "b64984c33d421755560b1bb136b75ac0"
x-amz-cf-pop: IAD89-P1
x-amz-cf-id: vywMeLVHwrr_tGo6TELykuAVwfGPARHVI6BIm3wxz27V9sXrJlIVxw==
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 08 Jan 2024 11:57:02 GMT
age: 360907
x-served-by: cache-iad-kiad7000150-IAD, cache-par-lfpg1960083-PAR
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 6, 1
x-timer: S1704715022.406003,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 17457
GET

https://pr.s12.com.br/ad.js?id=bDddwxC6

IEXPLORE.EXE

Remote address:

172.67.130.36:443

Request

GET /ad.js?id=bDddwxC6 HTTP/2.0
host: pr.s12.com.br
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Mon, 08 Jan 2024 11:57:00 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.3.3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lP3RwEbj6VUJwhxKrCt%2BI8jaH4BozHqwfhhKyMsUUcufGtocpTH08sRUn8tOb1%2F2k%2FybjveoFuOHfCXUn%2FY2s7G7GdpwPZ3U4keg0kfd6T38klZyxmqY4BRTggsDNUuo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 842442ae8ef853a4-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

36.130.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.130.67.172.in-addr.arpa

IN PTR

Response
DNS

193.168.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.168.232.199.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

31.19.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.19.162.3.in-addr.arpa

IN PTR

Response

31.19.162.3.in-addr.arpa

IN PTR

server-3-162-19-31man51r cloudfrontnet
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

44.143.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.143.84.52.in-addr.arpa

IN PTR

Response

44.143.84.52.in-addr.arpa

IN PTR

server-52-84-143-44man50r cloudfrontnet
DNS

193.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.179.17.96.in-addr.arpa

IN PTR

Response

193.179.17.96.in-addr.arpa

IN PTR

a96-17-179-193deploystaticakamaitechnologiescom
DNS

23.149.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

www.usuarionovo.com

Remote address:

8.8.8.8:53

Request

www.usuarionovo.com

IN A

Response

www.usuarionovo.com

IN CNAME

ghs.google.com

ghs.google.com

IN A

216.58.204.83
DNS

img821.imageshack.us

Remote address:

8.8.8.8:53

Request

img821.imageshack.us

IN A

Response

img821.imageshack.us

IN CNAME

imagizer-cv.imageshack.us

imagizer-cv.imageshack.us

IN A

38.99.77.17

imagizer-cv.imageshack.us

IN A

38.99.77.16
DNS

www4.cbox.ws

Remote address:

8.8.8.8:53

Request

www4.cbox.ws

IN A

Response

www4.cbox.ws

IN A

195.201.153.71
DNS

www.minhaconexao.com.br

Remote address:

8.8.8.8:53

Request

www.minhaconexao.com.br

IN A

Response

www.minhaconexao.com.br

IN A

104.26.7.49

www.minhaconexao.com.br

IN A

172.67.68.84

www.minhaconexao.com.br

IN A

104.26.6.49
DNS

goo.gl

Remote address:

8.8.8.8:53

Request

goo.gl

IN A

Response

goo.gl

IN A

172.217.16.238
DNS

widgets.amung.us

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

104.22.75.171

widgets.amung.us

IN A

172.67.8.141

widgets.amung.us

IN A

104.22.74.171
DNS

www.leetleech.org

Remote address:

8.8.8.8:53

Request

www.leetleech.org

IN A

Response

www.leetleech.org

IN A

185.53.177.54
GET

http://img821.imageshack.us/img821/6263/lolst.jpg

Remote address:

38.99.77.17:80

Request

GET /img821/6263/lolst.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img821.imageshack.us
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx/1.2.8
Date: Mon, 08 Jan 2024 11:57:22 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
GET

http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=form

Remote address:

195.201.153.71:80

Request

GET /box/?boxid=4105603&boxtag=27d6cn&sec=form HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www4.cbox.ws
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 08 Jan 2024 11:57:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa OUR NOR"
Expires: Tue, 07 Jan 2025 11:56:55 GMT
Cache-Control: public, max-age=31536000
X-Cache: HIT
GET

http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=main

Remote address:

195.201.153.71:80

Request

GET /box/?boxid=4105603&boxtag=27d6cn&sec=main HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www4.cbox.ws
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 08 Jan 2024 11:57:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa OUR NOR"
Cache-Control: public, max-age=300
X-Cache: HIT
Content-Encoding: gzip
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A

Response
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A
DNS

i40.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i40.tinypic.com

IN A
GET

http://widgets.amung.us/colored.js

Remote address:

104.22.75.171:80

Request

GET /colored.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 08 Jan 2024 11:57:23 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:40 GMT
etag: W/"63c0412c-2194"
expires: Tue, 09 Jan 2024 11:57:23 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8424433a5ca0b97a-AMS
alt-svc: h3=":443"; ma=86400
GET

http://widgets.amung.us/small.js

Remote address:

104.22.75.171:80

Request

GET /small.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 08 Jan 2024 11:57:22 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:26 GMT
etag: W/"63c0411e-2170"
expires: Tue, 09 Jan 2024 11:21:04 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
CF-Cache-Status: HIT
Age: 2178
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8424433a5e3cb791-AMS
alt-svc: h3=":443"; ma=86400
GET

http://www.minhaconexao.com.br/mini-velocimetro/velocimetro.php?model=1&width=160&height=160

Remote address:

104.26.7.49:80

Request

GET /mini-velocimetro/velocimetro.php?model=1&width=160&height=160 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.minhaconexao.com.br
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 08 Jan 2024 11:57:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.minhaconexao.com.br:443/mini-velocimetro/velocimetro.php?height=160&model=1&width=160
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yj1O%2FnyhGz3uPL18dAp%2F1kdD6V91SAOGnhTgUc7e2HaPLRf6D7uZe19wvwd5PrMXJNWE3NbKRz7A%2FKJ0VYXgICxN2DpdXzqHvRBRL7T8I5WebpyvISAUDkCKVjDCeAoVm8fMd04svSrs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 84244338abc67312-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.leetleech.org/images/13782234222471213913.png

Remote address:

185.53.177.54:80

Request

GET /images/13782234222471213913.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.leetleech.org
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Server: nginx
Date: Mon, 08 Jan 2024 11:57:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Blocked: 11015.10
DNS

s4.histats.com

Remote address:

8.8.8.8:53

Request

s4.histats.com

IN A

Response

s4.histats.com

IN A

54.39.128.162

s4.histats.com

IN A

149.56.240.127

s4.histats.com

IN A

142.4.219.198

s4.histats.com

IN A

149.56.240.131

s4.histats.com

IN A

158.69.254.144

s4.histats.com

IN A

54.39.128.117

s4.histats.com

IN A

149.56.240.31

s4.histats.com

IN A

149.56.240.27

s4.histats.com

IN A

54.39.156.32

s4.histats.com

IN A

149.56.240.129

s4.histats.com

IN A

149.56.240.128

s4.histats.com

IN A

149.56.240.130

s4.histats.com

IN A

149.56.240.132
DNS

accounts.google.com

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

64.233.167.84
GET

http://www.usuarionovo.com/

Remote address:

216.58.204.83:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.usuarionovo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.usuarionovo.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 08 Jan 2024 11:57:23 GMT
Expires: Mon, 08 Jan 2024 11:57:23 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 176
Server: GSE
DNS

brizasistema.blogspot.com

Remote address:

8.8.8.8:53

Request

brizasistema.blogspot.com

IN A

Response

brizasistema.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

142.250.178.1
DNS

brizasistema.blogspot.com

Remote address:

8.8.8.8:53

Request

brizasistema.blogspot.com

IN A
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR
DNS

171.75.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.75.22.104.in-addr.arpa

IN PTR

Response
DNS

49.7.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.7.26.104.in-addr.arpa

IN PTR

Response
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR
DNS

54.177.53.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.177.53.185.in-addr.arpa

IN PTR

Response
DNS

83.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.204.58.216.in-addr.arpa

IN PTR

Response

83.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f191e100net

83.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f83�H

83.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f19�H
DNS

162.128.39.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.128.39.54.in-addr.arpa

IN PTR

Response

162.128.39.54.in-addr.arpa

IN PTR

ns562109ip-54-39-128net
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
GET

http://brizasistema.blogspot.com/

Remote address:

142.250.178.1:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: brizasistema.blogspot.com

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8
Expires: Mon, 08 Jan 2024 11:57:24 GMT
Date: Mon, 08 Jan 2024 11:57:24 GMT
Cache-Control: private, max-age=0
Last-Modified: Fri, 03 Dec 2021 18:38:40 GMT
ETag: W/"865ae315c4927f8fc6355d40c39cc4a9bf77254d91076ca8da730fa53e312634"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 7095
Server: GSE
GET

http://brizasistema.blogspot.com/js/cookienotice.js

Remote address:

142.250.178.1:80

Request

GET /js/cookienotice.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://brizasistema.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: brizasistema.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 08 Jan 2024 11:56:57 GMT
Expires: Mon, 15 Jan 2024 11:56:57 GMT
Cache-Control: public, max-age=604800
Last-Modified: Wed, 03 Jan 2024 20:06:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 70
DNS

71.153.201.195.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.153.201.195.in-addr.arpa

IN PTR

Response

71.153.201.195.in-addr.arpa

IN PTR

static71153201195clientsyour-serverde
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

s10.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A

Response

s10.histats.com

IN CNAME

s10.histats.com.cdn.cloudflare.net

s10.histats.com.cdn.cloudflare.net

IN A

104.20.80.99

s10.histats.com.cdn.cloudflare.net

IN A

104.20.79.99
DNS

s10.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A
DNS

s10.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

84.167.233.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.167.233.64.in-addr.arpa

IN PTR

Response

84.167.233.64.in-addr.arpa

IN PTR

wl-in-f841e100net
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

whos.amung.us

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

104.22.74.171

whos.amung.us

IN A

172.67.8.141

whos.amung.us

IN A

104.22.75.171
DNS

whos.amung.us

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

104.22.74.171

whos.amung.us

IN A

104.22.75.171

whos.amung.us

IN A

172.67.8.141
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

cdn-comparador.minhaconexao.com.br

Remote address:

8.8.8.8:53

Request

cdn-comparador.minhaconexao.com.br

IN A

Response

cdn-comparador.minhaconexao.com.br

IN A

104.26.6.49

cdn-comparador.minhaconexao.com.br

IN A

172.67.68.84

cdn-comparador.minhaconexao.com.br

IN A

104.26.7.49
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
DNS

leetleech.org

Remote address:

8.8.8.8:53

Request

leetleech.org

IN A

Response

leetleech.org

IN A

185.53.177.54
DNS

i39.tinypic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i39.tinypic.com

IN A

Response
DNS

cdn.melhorplano.net

Remote address:

8.8.8.8:53

Request

cdn.melhorplano.net

IN A

Response

cdn.melhorplano.net

IN A

172.67.68.22

cdn.melhorplano.net

IN A

104.26.12.249

cdn.melhorplano.net

IN A

104.26.13.249
DNS

cdn.melhorplano.net

Remote address:

8.8.8.8:53

Request

cdn.melhorplano.net

IN A
GET

http://leetleech.org/images/15497066296358075390.png

Remote address:

185.53.177.54:80

Request

GET /images/15497066296358075390.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: leetleech.org
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Server: nginx
Date: Mon, 08 Jan 2024 11:58:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Blocked: 11015.10
GET

http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=form

Remote address:

195.201.153.71:80

Request

GET /box/?boxid=4105603&boxtag=27d6cn&sec=form HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www4.cbox.ws
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 08 Jan 2024 11:58:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa OUR NOR"
Expires: Tue, 07 Jan 2025 11:56:55 GMT
Cache-Control: public, max-age=31536000
X-Cache: HIT
DNS

themes.googleusercontent.com

Remote address:

8.8.8.8:53

Request

themes.googleusercontent.com

IN A

Response

themes.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.212.225
GET

http://pagead2.googlesyndication.com/pagead/js/google_top_exp.js

Remote address:

172.217.16.226:80

Request

GET /pagead/js/google_top_exp.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://brizasistema.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Sun, 07 Jan 2024 18:23:39 GMT
Expires: Sun, 21 Jan 2024 18:23:39 GMT
Cache-Control: public, max-age=1209600
Age: 63268
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
DNS

lh3.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.212.225
DNS

lh3.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR

Response

4.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f41e100net
DNS

226.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.16.217.172.in-addr.arpa

IN PTR

Response

226.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f21e100net

226.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f2�H
DNS

232.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.187.250.142.in-addr.arpa

IN PTR

Response

232.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f81e100net
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

22.68.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.68.67.172.in-addr.arpa

IN PTR

Response
DNS

49.6.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.6.26.104.in-addr.arpa

IN PTR

Response
DNS

t.melhorplano.net

Remote address:

8.8.8.8:53

Request

t.melhorplano.net

IN A

Response

t.melhorplano.net

IN A

172.67.68.22

t.melhorplano.net

IN A

104.26.13.249

t.melhorplano.net

IN A

104.26.12.249
DNS

t.melhorplano.net

Remote address:

8.8.8.8:53

Request

t.melhorplano.net

IN A
DNS

region1.analytics.google.com

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

stats.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

74.125.206.156

stats.g.doubleclick.net

IN A

74.125.206.154

stats.g.doubleclick.net

IN A

74.125.206.157

stats.g.doubleclick.net

IN A

74.125.206.155
DNS

www.google.co.uk

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

142.250.179.227
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR

Response

227.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f31e100net
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

156.206.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.206.125.74.in-addr.arpa

IN PTR

Response

156.206.125.74.in-addr.arpa

IN PTR

wk-in-f1561e100net
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

104.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.241.123.92.in-addr.arpa

IN PTR

Response

104.241.123.92.in-addr.arpa

IN PTR

a92-123-241-104deploystaticakamaitechnologiescom

172.217.16.225:80

http://lh6.ggpht.com/_oqrzFCWGmxk/TACY4mivcyI/AAAAAAAAGB8/syIBRTpeap0/PES-SETA.gif

http

IEXPLORE.EXE

708 B
2.3kB
8
5

HTTP Request

GET http://lh6.ggpht.com/_oqrzFCWGmxk/TACY4mivcyI/AAAAAAAAGB8/syIBRTpeap0/PES-SETA.gif

HTTP Response

404
216.58.212.233:443

www.blogger.com

tls, http2

IEXPLORE.EXE

1.3kB
5.1kB
16
11
172.217.16.225:80

http://lh6.ggpht.com/_7wsQzULWIwo/S6z7j2K2ixI/AAAAAAAAC8w/aBjS3JiC9fA/s800/emoticon-0101-sadsmile.gif

http

IEXPLORE.EXE

767 B
1.8kB
9
6

HTTP Request

GET http://lh6.ggpht.com/_7wsQzULWIwo/S6z7j2K2ixI/AAAAAAAAC8w/aBjS3JiC9fA/s800/emoticon-0101-sadsmile.gif

HTTP Response

200
216.58.212.233:443

www.blogger.com

tls, http2

IEXPLORE.EXE

1.3kB
5.1kB
15
10
142.250.200.33:80

3.bp.blogspot.com

IEXPLORE.EXE

334 B
132 B
7
3
142.250.200.33:80

3.bp.blogspot.com

IEXPLORE.EXE

334 B
132 B
7
3
142.250.200.33:80

http://1.bp.blogspot.com/-3c9SxGcgsQw/TXSRIpxYIdI/AAAAAAAAH2g/anXeV38UAC4/s1600/Acesse-www.riptors.blogspot.com.png

http

IEXPLORE.EXE

4.2kB
64.2kB
56
50

HTTP Request

GET http://1.bp.blogspot.com/-3M2pfb31QWM/TWLDk8-AznI/AAAAAAAABLg/YuLPG6xEJwA/s200/Google+Chrome.png

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-3c9SxGcgsQw/TXSRIpxYIdI/AAAAAAAAH2g/anXeV38UAC4/s1600/Acesse-www.riptors.blogspot.com.png

HTTP Response

200
142.250.200.33:80

http://1.bp.blogspot.com/-evOGehHV9V4/TXSRfLGGamI/AAAAAAAAH2w/LklshocoaLQ/s1600/by-RIPTORS.gif

http

IEXPLORE.EXE

4.3kB
81.6kB
68
63

HTTP Request

GET http://1.bp.blogspot.com/_DwWAlgqYyyc/TPMGIykO-LI/AAAAAAAAAp8/HhtGx2i8ujc/s1600/Feed%25C2%25B3.png

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-evOGehHV9V4/TXSRfLGGamI/AAAAAAAAH2w/LklshocoaLQ/s1600/by-RIPTORS.gif

HTTP Response

200
172.217.16.225:80

http://lh6.ggpht.com/_7wsQzULWIwo/S6z9DpaPbrI/AAAAAAAAC9c/M74FsmQxqrw/s800/emoticon-0133-wait.gif

http

IEXPLORE.EXE

763 B
2.5kB
9
6

HTTP Request

GET http://lh6.ggpht.com/_7wsQzULWIwo/S6z9DpaPbrI/AAAAAAAAC9c/M74FsmQxqrw/s800/emoticon-0133-wait.gif

HTTP Response

200
172.217.16.225:80

http://lh6.ggpht.com/_7wsQzULWIwo/S6z9-FFVEeI/AAAAAAAAC94/T1IXnlT43-M/s800/emoticon-0178-rock.gif

http

IEXPLORE.EXE

763 B
2.6kB
9
6

HTTP Request

GET http://lh6.ggpht.com/_7wsQzULWIwo/S6z9-FFVEeI/AAAAAAAAC94/T1IXnlT43-M/s800/emoticon-0178-rock.gif

HTTP Response

200
142.250.200.33:80

http://3.bp.blogspot.com/-ymCi6IDKZ0M/TWLDJz0YVMI/AAAAAAAABLc/HCWaYv1Zuvk/s200/download21.gif

http

IEXPLORE.EXE

943 B
9.6kB
13
11

HTTP Request

GET http://3.bp.blogspot.com/-ymCi6IDKZ0M/TWLDJz0YVMI/AAAAAAAABLc/HCWaYv1Zuvk/s200/download21.gif

HTTP Response

200
142.250.200.33:80

http://3.bp.blogspot.com/-75VjaU9-nPI/TXSTnwmdrqI/AAAAAAAAH3o/mHgDJ0XumeI/s1600/Acesse-www.riptors.blogspot.com.png

http

IEXPLORE.EXE

2.2kB
4.2kB
11
7

HTTP Request

GET http://3.bp.blogspot.com/-loKloNQaqYE/Ts_jwB3B9DI/AAAAAAAAC3A/rBAZS8zEAO4/s1600/banner%2Bgif.gif

HTTP Response

404

HTTP Request

GET http://3.bp.blogspot.com/-FyVDfs7DOIE/TXSSOivqQcI/AAAAAAAAH3I/2Qjxpfxi86U/s1600/by-RIPTORS.gif

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-75VjaU9-nPI/TXSTnwmdrqI/AAAAAAAAH3o/mHgDJ0XumeI/s1600/Acesse-www.riptors.blogspot.com.png

HTTP Response

200
216.58.212.233:443

www.blogger.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
15
11
142.250.200.33:80

http://2.bp.blogspot.com/-KYTKk55eO4g/TkSG-h5UkQI/AAAAAAAAABk/R6aunYtpuUY/s1600/arrowhover.png

http

IEXPLORE.EXE

2.4kB
5.4kB
15
9

HTTP Request

GET http://2.bp.blogspot.com/-VdT3_Ti8GSU/TpheARVWQHI/AAAAAAAAAHE/jZyZu7EBPh0/s1600/33xyqo9.gif

HTTP Response

404

HTTP Request

GET http://2.bp.blogspot.com/-mQJDdNdHjec/TmZ4GUjcphI/AAAAAAAABOg/gmkL2dRBN-Q/s1600/not+plagio.png

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-KYTKk55eO4g/TkSG-h5UkQI/AAAAAAAAABk/R6aunYtpuUY/s1600/arrowhover.png

HTTP Response

200
216.58.212.233:80

http://img2.blogblog.com/img/icon18_edit_allbkg.gif

http

IEXPLORE.EXE

671 B
960 B
8
5

HTTP Request

GET http://img2.blogblog.com/img/icon18_edit_allbkg.gif

HTTP Response

200
216.58.212.233:80

img2.blogblog.com

IEXPLORE.EXE

282 B
132 B
6
3
142.250.200.33:80

http://2.bp.blogspot.com/-C4xs7CmC4yo/TXSQDtqtoXI/AAAAAAAAH2A/QYxttg7z5-c/s1600/by-RIPTORS.gif

http

IEXPLORE.EXE

3.7kB
43.9kB
43
36

HTTP Request

GET http://2.bp.blogspot.com/-pCiNUOeAU_c/TlZv13UZuII/AAAAAAAAAt8/GLc4byNbE6U/s1600/baner.png

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-o18cI-zTyEo/TWLDHgRh6GI/AAAAAAAABLY/2Ni0WVXbRLM/s1600/download21.gif

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-C4xs7CmC4yo/TXSQDtqtoXI/AAAAAAAAH2A/QYxttg7z5-c/s1600/by-RIPTORS.gif

HTTP Response

200
142.250.200.33:80

http://1.bp.blogspot.com/-UpTOBugwiSI/TsEFuS0trWI/AAAAAAAAAKU/sno-ABYVR2Q/s1600/180X40-4.jpg

http

IEXPLORE.EXE

994 B
7.9kB
14
11

HTTP Request

GET http://1.bp.blogspot.com/-UpTOBugwiSI/TsEFuS0trWI/AAAAAAAAAKU/sno-ABYVR2Q/s1600/180X40-4.jpg

HTTP Response

200
104.20.80.99:80

s10.histats.com

IEXPLORE.EXE

190 B
132 B
4
3
104.20.80.99:80

http://s10.histats.com/js15.js

http

IEXPLORE.EXE

1.2kB
10.1kB
16
12

HTTP Request

GET http://s10.histats.com/js15_giftop.js

HTTP Response

200

HTTP Request

GET http://s10.histats.com/js15.js

HTTP Response

200
38.99.77.16:80

img267.imageshack.us

IEXPLORE.EXE

386 B
172 B
8
4
38.99.77.16:80

http://img411.imageshack.us/img411/3563/1zp2jhi.png

http

IEXPLORE.EXE

677 B
534 B
8
5

HTTP Request

GET http://img411.imageshack.us/img411/3563/1zp2jhi.png

HTTP Response

404
216.58.212.225:443

https://lh6.googleusercontent.com/-Oh5JD7e7XqY/Tlq7a648qcI/AAAAAAAAB6g/MY7c9M-o1Mk/brizatrafego180x40.jpg

tls, http2

IEXPLORE.EXE

2.1kB
19.7kB
30
22

HTTP Request

GET https://lh6.googleusercontent.com/-Oh5JD7e7XqY/Tlq7a648qcI/AAAAAAAAB6g/MY7c9M-o1Mk/brizatrafego180x40.jpg

HTTP Response

200
216.58.212.225:443

lh6.googleusercontent.com

tls, http2

IEXPLORE.EXE

2.0kB
11.0kB
25
17
142.250.200.33:80

http://2.bp.blogspot.com/-fEqhrrYaoDI/TXSPbrLJlrI/AAAAAAAAH1o/W9EyL5lNrgM/s1600/by-RIPTORS.gif

http

IEXPLORE.EXE

8.3kB
182.6kB
142
136

HTTP Request

GET http://2.bp.blogspot.com/-_Yd3GobMEp8/TugCdMT22vI/AAAAAAAAAfg/RmsPmXeDRo8/s1600/Banner+180+x+40.png

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/_ndiGBBqXMlY/TPj9BmnOpUI/AAAAAAAACPI/aKrQPdx6jIs/s1600/Google+Chrome.png

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-fEqhrrYaoDI/TXSPbrLJlrI/AAAAAAAAH1o/W9EyL5lNrgM/s1600/by-RIPTORS.gif

HTTP Response

200
13.224.81.9:80

http://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif

http

IEXPLORE.EXE

690 B
792 B
8
4

HTTP Request

GET http://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif

HTTP Response

301
13.224.81.9:80

i1109.photobucket.com

IEXPLORE.EXE

334 B
92 B
7
2
142.250.200.33:80

lh5.ggpht.com

IEXPLORE.EXE

334 B
132 B
7
3
216.58.212.233:443

https://www.blogger.com/img/blogger_logo_round_35.png

tls, http2

IEXPLORE.EXE

16.0kB
232.2kB
229
213

HTTP Request

GET https://www.blogger.com/static/v1/widgets/1258645123-widgets.js

HTTP Request

GET https://www.blogger.com/static/v1/widgets/204402360-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6257412836446475597&zx=12eeba94-87de-4bae-ab55-0b602b8b3dba

HTTP Request

GET https://www.blogger.com/static/v1/jsbin/1639926472-comment_from_post_iframe.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.blogger.com/navbar.g?targetBlogID=6257412836446475597&blogName=%C2%BB+CAPS+LOCK+DOWNS+%C2%AB%C2%AE&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://capslock-downs.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://capslock-downs.blogspot.com/&targetPostID=7444881962205571878&blogPostOrPageUrl=http://capslock-downs.blogspot.com/2011/02/google-chrome-9059798-para-linux.html&vt=-7780375092929788990&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

HTTP Request

GET https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110

HTTP Request

GET https://www.blogger.com/followers.g?blogID=6257412836446475597&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50&pageSize=21&postID=7444881962205571878&origin=http://capslock-downs.blogspot.com/&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

HTTP Response

200

HTTP Response

302

HTTP Response

302

HTTP Request

GET https://www.blogger.com/comment-iframe.g?blogID=6257412836446475597&postID=7444881962205571878&blogspotRpcToken=9850110&bpli=1

HTTP Request

GET https://www.blogger.com/followers.g?blogID=6257412836446475597&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50&pageSize=21&postID=7444881962205571878&origin=http://capslock-downs.blogspot.com/&usegapi=1&jsh=m;/_/scs/abc-static/_/js/k%3Dgapi.lb.en.y0xCMa4KeeI.O/d%3D1/rs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/m%3D__features__&bpli=1

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.blogger.com/static/v1/widgets/577263412-widgets.js

HTTP Request

GET https://www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3003018080935338590&zx=5e6a9bc7-46b3-4a61-a06a-b63c744a2a6e

HTTP Request

GET https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

HTTP Request

GET https://www.blogger.com/static/v1/jsbin/960979135-cmt__pt_br.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.blogger.com/navbar.g?targetBlogID=3003018080935338590&blogName=Briza+Trafego+Sistema&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://brizasistema.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://brizasistema.blogspot.com/&vt=-9095585768776303526&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

HTTP Request

GET https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=pBq_eaGNeQPMek60CnKWy_ILlX9gRsLLbk3WGYw_FYY

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.blogger.com/img/blogger_logo_round_35.png

HTTP Response

200
172.67.130.36:80

pr.s12.com.br

IEXPLORE.EXE

386 B
172 B
8
4
172.67.130.36:80

http://pr.s12.com.br/ad.js?id=bDddwxC6

http

IEXPLORE.EXE

740 B
1.6kB
10
5

HTTP Request

GET http://pr.s12.com.br/ad.js?id=bDddwxC6

HTTP Response

301
66.45.246.141:80

http://erexim.com/ereimg/blogerexim/pagerank-2.gif

http

IEXPLORE.EXE

1.3kB
20.5kB
21
19

HTTP Request

GET http://erexim.com/ereimg/blogerexim/pagerank-2.gif

HTTP Response

404
192.185.223.169:80

www.top30.com.br

IEXPLORE.EXE

190 B
92 B
4
2
66.45.246.141:80

erexim.com

IEXPLORE.EXE

282 B
132 B
6
3
192.185.223.169:80

http://www.top30.com.br/img/selovotar.gif

http

IEXPLORE.EXE

937 B
3.4kB
14
6

HTTP Request

GET http://www.top30.com.br/img/selovotar.gif

HTTP Response

200
142.4.219.198:443

https://s4i.histats.com/stats/i/1736392.gif?1736392&@f16&@g1&@h1&@i1&@j1704715015581&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s10012&@ten-US&@u1280&@b1:-54596053&@b3:1704715016&@b4:js15_giftop.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C4b5e5aa2900daf8563278a499faa3e51.html&@w

tls, http

IEXPLORE.EXE

2.7kB
9.5kB
21
14

HTTP Request

GET https://s4i.histats.com/stats/i/1736392.gif?1736392&@f16&@g1&@h1&@i1&@j1704715015581&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s10012&@ten-US&@u1280&@b1:-54596053&@b3:1704715016&@b4:js15_giftop.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C4b5e5aa2900daf8563278a499faa3e51.html&@w

HTTP Response

200
142.4.219.198:443

s4i.histats.com

tls

IEXPLORE.EXE

1.1kB
5.1kB
15
10
162.125.64.15:443

dl.dropbox.com

tls, http2

IEXPLORE.EXE

1.6kB
6.5kB
20
15
162.125.64.15:443

https://dl.dropbox.com/u/51723293/kf.js

tls, http2

IEXPLORE.EXE

1.7kB
7.3kB
20
16

HTTP Request

GET https://dl.dropbox.com/u/51723293/kf.js

HTTP Response

404
179.191.165.65:80

www.baixaki.com.br

IEXPLORE.EXE

340 B
184 B
7
4
179.191.165.65:80

http://www.baixaki.com.br/imagens/59820/121427.jpg

http

IEXPLORE.EXE

722 B
711 B
9
6

HTTP Request

GET http://www.baixaki.com.br/imagens/59820/121427.jpg

HTTP Response

301
142.250.179.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_1?le=scs

tls, http2

IEXPLORE.EXE

5.7kB
105.1kB
95
88

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_1?le=scs

HTTP Response

200

HTTP Response

200
142.250.179.238:443

apis.google.com

tls, http2

IEXPLORE.EXE

1.2kB
5.1kB
16
12
142.250.200.33:80

http://lh5.ggpht.com/_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png

http

IEXPLORE.EXE

1.2kB
4.5kB
12
9

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FdrL9dI/AAAAAAAAC9E/rbB37xy1Ybw/s800/emoticon-0109-kiss.gif

HTTP Response

200

HTTP Request

GET http://lh5.ggpht.com/_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png

HTTP Response

404
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FBbw3UI/AAAAAAAAC9A/8iSol6bUSDk/s800/emoticon-0106-crying.gif

http

IEXPLORE.EXE

765 B
2.4kB
9
6

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FBbw3UI/AAAAAAAAC9A/8iSol6bUSDk/s800/emoticon-0106-crying.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FmT-INI/AAAAAAAAC9M/GOURDHmPe9E/s800/emoticon-0110-tongueout.gif

http

IEXPLORE.EXE

768 B
1.8kB
9
6

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z8FmT-INI/AAAAAAAAC9M/GOURDHmPe9E/s800/emoticon-0110-tongueout.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z9DcebxfI/AAAAAAAAC9Y/Xew2m0j1B9I/s800/emoticon-0130-devil.gif

http

IEXPLORE.EXE

764 B
2.4kB
9
6

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z9DcebxfI/AAAAAAAAC9Y/Xew2m0j1B9I/s800/emoticon-0130-devil.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z8Fw5N1LI/AAAAAAAAC9Q/xY9rjSFroCY/s800/emoticon-0126-nerd.gif

http

IEXPLORE.EXE

809 B
2.1kB
10
7

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z8Fw5N1LI/AAAAAAAAC9Q/xY9rjSFroCY/s800/emoticon-0126-nerd.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z9D6YdKmI/AAAAAAAAC9k/io_WlgJQL2w/s800/emoticon-0136-giggle.gif

http

IEXPLORE.EXE

765 B
1.8kB
9
6

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z9D6YdKmI/AAAAAAAAC9k/io_WlgJQL2w/s800/emoticon-0136-giggle.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z99sMaIFI/AAAAAAAAC9w/gIu5t9057us/s800/emoticon-0149-no.gif

http

IEXPLORE.EXE

767 B
2.3kB
9
6

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z99sMaIFI/AAAAAAAAC9w/gIu5t9057us/s800/emoticon-0149-no.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_7wsQzULWIwo/S6z99zPt4vI/AAAAAAAAC90/SOCwFsYa4M4/s800/emoticon-0155-flower.gif

http

IEXPLORE.EXE

765 B
2.9kB
9
6

HTTP Request

GET http://lh5.ggpht.com/_7wsQzULWIwo/S6z99zPt4vI/AAAAAAAAC90/SOCwFsYa4M4/s800/emoticon-0155-flower.gif

HTTP Response

200
142.250.200.33:80

http://lh5.ggpht.com/_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png

http

IEXPLORE.EXE

653 B
1.2kB
7
4

HTTP Request

GET http://lh5.ggpht.com/_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png

HTTP Response

404
142.250.200.33:80

http://lh5.ggpht.com/_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png

http

IEXPLORE.EXE

699 B
1.2kB
8
4

HTTP Request

GET http://lh5.ggpht.com/_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png

HTTP Response

404
142.250.200.33:80

http://lh4.ggpht.com/_7wsQzULWIwo/S6z9D-KY1cI/AAAAAAAAC9g/PZppx2BcToc/s800/emoticon-0137-clapping.gif

http

IEXPLORE.EXE

767 B
2.8kB
9
5

HTTP Request

GET http://lh4.ggpht.com/_7wsQzULWIwo/S6z9D-KY1cI/AAAAAAAAC9g/PZppx2BcToc/s800/emoticon-0137-clapping.gif

HTTP Response

200
142.250.200.33:80

http://lh4.ggpht.com/_7wsQzULWIwo/S6z7kDXfZsI/AAAAAAAAC80/JrDuueBH-mE/s800/emoticon-0102-bigsmile.gif

http

IEXPLORE.EXE

767 B
2.3kB
9
6

HTTP Request

GET http://lh4.ggpht.com/_7wsQzULWIwo/S6z7kDXfZsI/AAAAAAAAC80/JrDuueBH-mE/s800/emoticon-0102-bigsmile.gif

HTTP Response

200
142.250.200.33:80

http://lh4.ggpht.com/_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png

http

IEXPLORE.EXE

700 B
1.3kB
8
5

HTTP Request

GET http://lh4.ggpht.com/_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png

HTTP Response

404
142.250.200.33:80

http://lh4.ggpht.com/_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png

http

IEXPLORE.EXE

736 B
1.3kB
8
5

HTTP Request

GET http://lh4.ggpht.com/_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png

HTTP Response

404
142.250.200.33:80

http://4.bp.blogspot.com/-UqCXUcdef74/TXSQufXUpeI/AAAAAAAAH2Q/722pBTTBP_8/s1600/by-RIPTORS.gif

http

IEXPLORE.EXE

3.0kB
20.4kB
27
22

HTTP Request

GET http://4.bp.blogspot.com/-GkuWkHgor68/Tn00-jKdTUI/AAAAAAAAAKQ/aWNxm_2iJPY/s1600/01.png

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-3npbKZliv48/TXSOpV-42RI/AAAAAAAAH1I/hiasq69iRnI/s1600/Acesse-www.riptors.blogspot.com.png

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-UqCXUcdef74/TXSQufXUpeI/AAAAAAAAH2Q/722pBTTBP_8/s1600/by-RIPTORS.gif

HTTP Response

200
142.250.200.33:80

http://4.bp.blogspot.com/-UXTOWu-qNMU/TXSSfz6SPVI/AAAAAAAAH3Q/rNEPvU9qdBU/s1600/Acesse-www.riptors.blogspot.com.png

http

IEXPLORE.EXE

2.3kB
10.6kB
18
12

HTTP Request

GET http://4.bp.blogspot.com/-bnlGFfndH_w/TXSUWwbGxGI/AAAAAAAAH4I/g5FU3jNvQ98/s1600/0%2Bwww.baixartemplatesnovos.blogspot.com.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-Jn1wt_EKd6w/TXSRtyaKCeI/AAAAAAAAH24/QSiGsXr0Gws/s1600/Acesse-www.riptors.blogspot.com.png

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-UXTOWu-qNMU/TXSSfz6SPVI/AAAAAAAAH3Q/rNEPvU9qdBU/s1600/Acesse-www.riptors.blogspot.com.png

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z7kQ8V_nI/AAAAAAAAC84/9WEQPmHLJiI/s800/emoticon-0105-wink.gif

http

IEXPLORE.EXE

1.2kB
1.8kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z7kQ8V_nI/AAAAAAAAC84/9WEQPmHLJiI/s800/emoticon-0105-wink.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z7jnvQpuI/AAAAAAAAC8s/kgswZH3dAng/s800/emoticon-0100-smile.gif

http

IEXPLORE.EXE

1.2kB
1.8kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z7jnvQpuI/AAAAAAAAC8s/kgswZH3dAng/s800/emoticon-0100-smile.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z7kWgRFeI/AAAAAAAAC88/2jjlfg01MIA/s800/emoticon-0104-surprised.gif

http

IEXPLORE.EXE

1.2kB
2.0kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z7kWgRFeI/AAAAAAAAC88/2jjlfg01MIA/s800/emoticon-0104-surprised.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z8FpL8dkI/AAAAAAAAC9I/p_OhzAyH-SQ/s800/emoticon-0111-blush.gif

http

IEXPLORE.EXE

1.2kB
2.2kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z8FpL8dkI/AAAAAAAAC9I/p_OhzAyH-SQ/s800/emoticon-0111-blush.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z9DendQuI/AAAAAAAAC9U/jtRdRpcopRQ/s800/emoticon-0103-cool.gif

http

IEXPLORE.EXE

1.2kB
1.9kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z9DendQuI/AAAAAAAAC9U/jtRdRpcopRQ/s800/emoticon-0103-cool.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z99cfdl1I/AAAAAAAAC9o/aJP10AXzhGE/s800/emoticon-0141-whew.gif

http

IEXPLORE.EXE

1.2kB
4.0kB
11
7

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z99cfdl1I/AAAAAAAAC9o/aJP10AXzhGE/s800/emoticon-0141-whew.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png

http

IEXPLORE.EXE

1.1kB
1.3kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png

HTTP Response

404
142.250.200.33:80

http://lh3.ggpht.com/_7wsQzULWIwo/S6z99UcZMKI/AAAAAAAAC9s/p7NVe245uP4/s800/emoticon-0148-yes.gif

http

IEXPLORE.EXE

1.1kB
2.5kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_7wsQzULWIwo/S6z99UcZMKI/AAAAAAAAC9s/p7NVe245uP4/s800/emoticon-0148-yes.gif

HTTP Response

200
142.250.200.33:80

http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png

http

IEXPLORE.EXE

1.1kB
1.3kB
10
6

HTTP Request

GET http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png

HTTP Response

404
142.250.200.33:80

http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png

http

IEXPLORE.EXE

1.1kB
1.3kB
9
5

HTTP Request

GET http://lh3.ggpht.com/_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png

HTTP Response

404
199.232.168.193:80

http://i.imgur.com/wCLDS.gif

http

IEXPLORE.EXE

608 B
649 B
7
5

HTTP Request

GET http://i.imgur.com/wCLDS.gif

HTTP Response

301
199.232.168.193:80

http://i.imgur.com/PO1my.png

http

IEXPLORE.EXE

608 B
649 B
7
5

HTTP Request

GET http://i.imgur.com/PO1my.png

HTTP Response

301
199.232.168.193:80

http://i.imgur.com/KesZG.jpg

http

IEXPLORE.EXE

608 B
649 B
7
5

HTTP Request

GET http://i.imgur.com/KesZG.jpg

HTTP Response

301
38.99.77.17:80

img267.imageshack.us

IEXPLORE.EXE

288 B
184 B
6
4
38.99.77.17:80

http://img267.imageshack.us/img267/9172/babbe3.png

http

IEXPLORE.EXE

1.3kB
534 B
9
5

HTTP Request

GET http://img267.imageshack.us/img267/9172/babbe3.png

HTTP Response

404
179.191.165.65:443

https://www.baixaki.com.br/imagens/59820/121427.jpg

tls, http2

IEXPLORE.EXE

2.0kB
14.9kB
29
26

HTTP Request

GET https://www.baixaki.com.br/imagens/59820/121427.jpg

HTTP Response

404
13.224.81.9:443

https://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif

tls, http2

IEXPLORE.EXE

1.6kB
12.2kB
22
17

HTTP Request

GET https://i1109.photobucket.com/albums/h425/higorxxt/180x50pokp.gif

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

tls, http2

2.2kB
12.2kB
25
21

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204
199.232.168.193:443

i.imgur.com

tls, http2

IEXPLORE.EXE

1.3kB
7.9kB
19
16
199.232.168.193:443

i.imgur.com

tls, http2

IEXPLORE.EXE

1.5kB
7.9kB
22
16
199.232.168.193:443

https://i.imgur.com/wCLDS.gif

tls, http2

IEXPLORE.EXE

3.5kB
53.9kB
60
53

HTTP Request

GET https://i.imgur.com/PO1my.png

HTTP Request

GET https://i.imgur.com/KesZG.jpg

HTTP Request

GET https://i.imgur.com/wCLDS.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200
172.67.130.36:443

https://pr.s12.com.br/ad.js?id=bDddwxC6

tls, http2

IEXPLORE.EXE

1.6kB
7.1kB
22
15

HTTP Request

GET https://pr.s12.com.br/ad.js?id=bDddwxC6

HTTP Response

200
172.217.16.226:445

pagead2.googlesyndication.com

260 B
5
142.250.200.34:139

pagead2.googlesyndication.com

260 B
5
38.99.77.17:80

img821.imageshack.us

426 B
252 B
9
6
38.99.77.17:80

http://img821.imageshack.us/img821/6263/lolst.jpg

http

681 B
1.2kB
8
6

HTTP Request

GET http://img821.imageshack.us/img821/6263/lolst.jpg

HTTP Response

404
195.201.153.71:80

http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=form

http

680 B
808 B
8
6

HTTP Request

GET http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=form

HTTP Response

204
195.201.153.71:80

http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=main

http

680 B
2.2kB
8
6

HTTP Request

GET http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=main

HTTP Response

200
142.250.200.33:80

lh5.ggpht.com

340 B
144 B
7
3
104.22.75.171:80

http://widgets.amung.us/colored.js

http

1.0kB
3.9kB
11
7

HTTP Request

GET http://widgets.amung.us/colored.js

HTTP Response

200
104.22.75.171:80

http://widgets.amung.us/small.js

http

1.1kB
5.7kB
13
9

HTTP Request

GET http://widgets.amung.us/small.js

HTTP Response

200
172.217.16.238:443

goo.gl

tls

1.8kB
8.9kB
24
18
172.217.16.238:443

goo.gl

tls

1.4kB
7.6kB
18
12
104.26.7.49:80

www.minhaconexao.com.br

466 B
92 B
10
2
104.26.7.49:80

http://www.minhaconexao.com.br/mini-velocimetro/velocimetro.php?model=1&width=160&height=160

http

849 B
2.8kB
11
8

HTTP Request

GET http://www.minhaconexao.com.br/mini-velocimetro/velocimetro.php?model=1&width=160&height=160

HTTP Response

301
185.53.177.54:80

http://www.leetleech.org/images/13782234222471213913.png

http

860 B
428 B
12
5

HTTP Request

GET http://www.leetleech.org/images/13782234222471213913.png

HTTP Response

400
185.53.177.54:80

www.leetleech.org

466 B
124 B
10
3
104.20.80.99:445

s10.histats.com

260 B
5
54.39.128.162:443

s4.histats.com

tls

1.6kB
6.5kB
18
12
54.39.128.162:443

s4.histats.com

tls

1.8kB
5.4kB
15
12
64.233.167.84:443

accounts.google.com

tls

1.5kB
5.1kB
19
11
64.233.167.84:443

accounts.google.com

tls

3.4kB
7.3kB
29
19
216.58.204.83:80

www.usuarionovo.com

190 B
92 B
4
2
216.58.204.83:80

http://www.usuarionovo.com/

http

732 B
1.1kB
10
7

HTTP Request

GET http://www.usuarionovo.com/

HTTP Response

301
104.26.7.49:443

www.minhaconexao.com.br

tls

2.5kB
8.8kB
33
23
216.58.204.83:443

www.usuarionovo.com

tls

3.5kB
28.5kB
54
47
104.20.79.99:445

s10.histats.com

260 B
5
142.250.178.1:80

http://brizasistema.blogspot.com/js/cookienotice.js

http

1.3kB
10.7kB
14
13

HTTP Request

GET http://brizasistema.blogspot.com/

HTTP Response

200

HTTP Request

GET http://brizasistema.blogspot.com/js/cookienotice.js

HTTP Response

200
142.250.178.1:80

brizasistema.blogspot.com

236 B
132 B
5
3
20.231.121.79:80

46 B
1
104.20.80.99:443

s10.histats.com

tls

2.3kB
12.0kB
27
19
104.22.74.171:445

whos.amung.us

260 B
5
172.67.8.141:445

whos.amung.us

260 B
5
104.22.75.171:445

whos.amung.us

260 B
5
204.79.197.200:443

ieonline.microsoft.com

tls

2.3kB
28.6kB
35
31
204.79.197.200:443

ieonline.microsoft.com

tls

1.2kB
8.3kB
16
14
142.250.179.238:443

apis.google.com

tls

11.0kB
211.7kB
173
165
142.250.179.238:443

apis.google.com

tls

1.5kB
535 B
11
7
54.39.128.162:443

s4.histats.com

tls

2.0kB
621 B
12
5
54.39.128.162:443

s4.histats.com

tls

1.2kB
709 B
11
7
216.58.212.233:443

resources.blogblog.com

tls

2.0kB
5.2kB
20
12
216.58.212.233:443

resources.blogblog.com

tls

4.3kB
60.4kB
62
54
185.53.177.54:80

leetleech.org

236 B
164 B
5
4
185.53.177.54:80

http://leetleech.org/images/15497066296358075390.png

http

626 B
468 B
7
6

HTTP Request

GET http://leetleech.org/images/15497066296358075390.png

HTTP Response

400
104.26.6.49:443

cdn-comparador.minhaconexao.com.br

tls

1.2kB
3.7kB
15
10
104.26.6.49:443

cdn-comparador.minhaconexao.com.br

tls

1.7kB
8.1kB
21
16
142.250.200.4:443

www.google.com

tls

2.5kB
30.2kB
35
30
142.250.200.4:443

www.google.com

tls

997 B
5.0kB
13
10
195.201.153.71:80

www4.cbox.ws

236 B
132 B
5
3
195.201.153.71:80

http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=form

http

720 B
848 B
9
7

HTTP Request

GET http://www4.cbox.ws/box/?boxid=4105603&boxtag=27d6cn&sec=form

HTTP Response

204
216.58.212.225:443

themes.googleusercontent.com

tls

2.4kB
35.0kB
37
32
216.58.212.225:443

themes.googleusercontent.com

tls

1.1kB
9.9kB
16
13
172.217.16.226:80

http://pagead2.googlesyndication.com/pagead/js/google_top_exp.js

http

568 B
1.4kB
5
3

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/js/google_top_exp.js

HTTP Response

200
172.217.16.226:80

pagead2.googlesyndication.com

236 B
92 B
5
2
216.58.212.233:443

resources.blogblog.com

tls

1.7kB
547 B
13
7
216.58.212.233:443

resources.blogblog.com

tls

1.1kB
483 B
10
6
172.67.68.22:443

cdn.melhorplano.net

tls

1.5kB
6.9kB
16
10
172.67.68.22:443

cdn.melhorplano.net

tls

2.5kB
10.8kB
22
16
216.58.212.225:443

lh3.googleusercontent.com

tls

1.3kB
9.9kB
16
12
216.58.212.225:443

lh3.googleusercontent.com

tls

1.4kB
9.9kB
17
13
216.58.212.225:443

lh3.googleusercontent.com

tls

6.8kB
23.3kB
44
36
216.58.212.225:443

lh3.googleusercontent.com

tls

1.3kB
10.7kB
16
12
172.67.68.22:443

t.melhorplano.net

tls

1.1kB
5.9kB
14
10
172.67.68.22:443

t.melhorplano.net

tls

1.4kB
7.5kB
18
15
216.239.34.36:443

region1.analytics.google.com

tls

1.0kB
5.5kB
13
10
216.239.34.36:443

region1.analytics.google.com

tls

3.0kB
6.0kB
21
14
74.125.206.156:443

stats.g.doubleclick.net

tls

1.6kB
5.7kB
18
13
74.125.206.156:443

stats.g.doubleclick.net

tls

1.0kB
5.3kB
13
10
142.250.179.227:443

www.google.co.uk

tls

1.2kB
5.2kB
16
11
142.250.179.227:443

www.google.co.uk

tls

1.8kB
5.9kB
21
15
204.79.197.200:443

tse1.mm.bing.net

tls

1.3kB
8.3kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls

1.4kB
8.7kB
19
14
204.79.197.200:443

tse1.mm.bing.net

tls

56.0kB
1.6MB
1140
1133
204.79.197.200:443

tse1.mm.bing.net

tls

1.4kB
8.7kB
19
14
204.79.197.200:443

tse1.mm.bing.net

tls

1.2kB
8.3kB
16
14

8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

122 B
98 B
2
1

DNS Request

apis.google.com

DNS Request

apis.google.com

DNS Response

142.250.179.238
8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

216.58.212.233
8.8.8.8:53

lh6.ggpht.com

dns

IEXPLORE.EXE

59 B
75 B
1
1

DNS Request

lh6.ggpht.com

DNS Response

172.217.16.225
8.8.8.8:53

oi41.tinypic.com

dns

IEXPLORE.EXE

62 B
146 B
1
1

DNS Request

oi41.tinypic.com
8.8.8.8:53

2.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

1.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

ibxk.com.br

dns

IEXPLORE.EXE

57 B
124 B
1
1

DNS Request

ibxk.com.br
8.8.8.8:53

www.baixaki.com.br

dns

IEXPLORE.EXE

64 B
118 B
1
1

DNS Request

www.baixaki.com.br

DNS Response

179.191.165.65
8.8.8.8:53

3.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

img2.blogblog.com

dns

IEXPLORE.EXE

63 B
110 B
1
1

DNS Request

img2.blogblog.com

DNS Response

216.58.212.233
8.8.8.8:53

4.bp.blogspot.com

dns

IEXPLORE.EXE

126 B
124 B
2
1

DNS Request

4.bp.blogspot.com

DNS Request

4.bp.blogspot.com

DNS Response

142.250.200.33
8.8.8.8:53

lh3.ggpht.com

dns

IEXPLORE.EXE

118 B
120 B
2
1

DNS Request

lh3.ggpht.com

DNS Request

lh3.ggpht.com

DNS Response

142.250.200.33
8.8.8.8:53

lh4.ggpht.com

dns

IEXPLORE.EXE

118 B
120 B
2
1

DNS Request

lh4.ggpht.com

DNS Request

lh4.ggpht.com

DNS Response

142.250.200.33
8.8.8.8:53

lh5.ggpht.com

dns

IEXPLORE.EXE

118 B
120 B
2
1

DNS Request

lh5.ggpht.com

DNS Request

lh5.ggpht.com

DNS Response

142.250.200.33
8.8.8.8:53

s10.histats.com

dns

IEXPLORE.EXE

61 B
141 B
1
1

DNS Request

s10.histats.com

DNS Response

104.20.80.99

104.20.79.99
8.8.8.8:53

www.top30.com.br

dns

IEXPLORE.EXE

62 B
92 B
1
1

DNS Request

www.top30.com.br

DNS Response

192.185.223.169
8.8.8.8:53

img411.imageshack.us

dns

IEXPLORE.EXE

66 B
124 B
1
1

DNS Request

img411.imageshack.us

DNS Response

38.99.77.16

38.99.77.17
8.8.8.8:53

1.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

1.181.190.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

i.imgur.com

dns

IEXPLORE.EXE

114 B
112 B
2
1

DNS Request

i.imgur.com

DNS Request

i.imgur.com

DNS Response

199.232.168.193
8.8.8.8:53

lh6.googleusercontent.com

dns

IEXPLORE.EXE

71 B
116 B
1
1

DNS Request

lh6.googleusercontent.com

DNS Response

216.58.212.225
8.8.8.8:53

i39.tinypic.com

dns

IEXPLORE.EXE

122 B
145 B
2
1

DNS Request

i39.tinypic.com

DNS Request

i39.tinypic.com
8.8.8.8:53

i1109.photobucket.com

dns

IEXPLORE.EXE

67 B
131 B
1
1

DNS Request

i1109.photobucket.com

DNS Response

13.224.81.9

13.224.81.93

13.224.81.90

13.224.81.73
8.8.8.8:53

img267.imageshack.us

dns

IEXPLORE.EXE

132 B
124 B
2
1

DNS Request

img267.imageshack.us

DNS Request

img267.imageshack.us

DNS Response

38.99.77.17

38.99.77.16
8.8.8.8:53

i40.tinypic.com

dns

IEXPLORE.EXE

244 B
145 B
4
1

DNS Request

i40.tinypic.com

DNS Request

i40.tinypic.com

DNS Request

i40.tinypic.com

DNS Request

i40.tinypic.com
8.8.8.8:53

i44.tinypic.com

dns

IEXPLORE.EXE

61 B
145 B
1
1

DNS Request

i44.tinypic.com
8.8.8.8:53

erexim.com

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

erexim.com

DNS Response

66.45.246.141
8.8.8.8:53

pr.s12.com.br

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

pr.s12.com.br

DNS Response

172.67.130.36

104.21.3.29
8.8.8.8:53

dl.dropbox.com

dns

IEXPLORE.EXE

60 B
121 B
1
1

DNS Request

dl.dropbox.com

DNS Response

162.125.64.15
8.8.8.8:53

s4i.histats.com

dns

IEXPLORE.EXE

61 B
157 B
1
1

DNS Request

s4i.histats.com

DNS Response

142.4.219.198

149.56.240.132

149.56.240.130

149.56.240.129

149.56.240.127

149.56.240.31
8.8.8.8:53

233.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

233.212.58.216.in-addr.arpa
8.8.8.8:53

225.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

225.16.217.172.in-addr.arpa
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

225.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

225.212.58.216.in-addr.arpa
8.8.8.8:53

99.80.20.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

99.80.20.104.in-addr.arpa
8.8.8.8:53

15.64.125.162.in-addr.arpa

dns

72 B
122 B
1
1

DNS Request

15.64.125.162.in-addr.arpa
8.8.8.8:53

141.246.45.66.in-addr.arpa

dns

72 B
122 B
1
1

DNS Request

141.246.45.66.in-addr.arpa
8.8.8.8:53

169.223.185.192.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

169.223.185.192.in-addr.arpa
8.8.8.8:53

198.219.4.142.in-addr.arpa

dns

72 B
112 B
1
1

DNS Request

198.219.4.142.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

112 B
158 B
2
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

16.77.99.38.in-addr.arpa

dns

70 B
109 B
1
1

DNS Request

16.77.99.38.in-addr.arpa
8.8.8.8:53

185.178.17.96.in-addr.arpa

dns

212 B
252 B
3
2

DNS Request

185.178.17.96.in-addr.arpa

DNS Request

185.178.17.96.in-addr.arpa

DNS Request

resources.blogblog.com

DNS Response

216.58.212.233
8.8.8.8:53

65.165.191.179.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

65.165.191.179.in-addr.arpa
8.8.8.8:53

17.77.99.38.in-addr.arpa

dns

70 B
109 B
1
1

DNS Request

17.77.99.38.in-addr.arpa
8.8.8.8:53

9.81.224.13.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

9.81.224.13.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

40.13.222.173.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

40.13.222.173.in-addr.arpa
8.8.8.8:53

36.130.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

36.130.67.172.in-addr.arpa
8.8.8.8:53

193.168.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

193.168.232.199.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

31.19.162.3.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

31.19.162.3.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

44.143.84.52.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

44.143.84.52.in-addr.arpa
8.8.8.8:53

193.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

193.179.17.96.in-addr.arpa
8.8.8.8:53

23.149.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

23.149.64.172.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

www.usuarionovo.com

dns

65 B
106 B
1
1

DNS Request

www.usuarionovo.com

DNS Response

216.58.204.83
8.8.8.8:53

img821.imageshack.us

dns

66 B
124 B
1
1

DNS Request

img821.imageshack.us

DNS Response

38.99.77.17

38.99.77.16
8.8.8.8:53

www4.cbox.ws

dns

58 B
74 B
1
1

DNS Request

www4.cbox.ws

DNS Response

195.201.153.71
8.8.8.8:53

www.minhaconexao.com.br

dns

69 B
117 B
1
1

DNS Request

www.minhaconexao.com.br

DNS Response

104.26.7.49

172.67.68.84

104.26.6.49
8.8.8.8:53

goo.gl

dns

52 B
68 B
1
1

DNS Request

goo.gl

DNS Response

172.217.16.238
8.8.8.8:53

widgets.amung.us

dns

62 B
110 B
1
1

DNS Request

widgets.amung.us

DNS Response

104.22.75.171

172.67.8.141

104.22.74.171
8.8.8.8:53

www.leetleech.org

dns

63 B
79 B
1
1

DNS Request

www.leetleech.org

DNS Response

185.53.177.54
8.8.8.8:53

i40.tinypic.com

dns

IEXPLORE.EXE

183 B
145 B
3
1

DNS Request

i40.tinypic.com

DNS Request

i40.tinypic.com

DNS Request

i40.tinypic.com
8.8.8.8:53

s4.histats.com

dns

60 B
268 B
1
1

DNS Request

s4.histats.com

DNS Response

54.39.128.162

149.56.240.127

142.4.219.198

149.56.240.131

158.69.254.144

54.39.128.117

149.56.240.31

149.56.240.27

54.39.156.32

149.56.240.129

149.56.240.128

149.56.240.130

149.56.240.132
8.8.8.8:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

64.233.167.84
8.8.8.8:53

brizasistema.blogspot.com

dns

142 B
130 B
2
1

DNS Request

brizasistema.blogspot.com

DNS Request

brizasistema.blogspot.com

DNS Response

142.250.178.1
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

146 B
142 B
2
1

DNS Request

238.16.217.172.in-addr.arpa

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

171.75.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

171.75.22.104.in-addr.arpa
8.8.8.8:53

49.7.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

49.7.26.104.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

146 B
112 B
2
1

DNS Request

14.200.250.142.in-addr.arpa

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

54.177.53.185.in-addr.arpa

dns

72 B
150 B
1
1

DNS Request

54.177.53.185.in-addr.arpa
8.8.8.8:53

83.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

83.204.58.216.in-addr.arpa
8.8.8.8:53

162.128.39.54.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

162.128.39.54.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

71.153.201.195.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

71.153.201.195.in-addr.arpa
8.8.8.8:53

1.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.178.250.142.in-addr.arpa
8.8.8.8:53

s10.histats.com

dns

IEXPLORE.EXE

183 B
141 B
3
1

DNS Request

s10.histats.com

DNS Request

s10.histats.com

DNS Request

s10.histats.com

DNS Response

104.20.80.99

104.20.79.99
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

84.167.233.64.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.167.233.64.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

whos.amung.us

dns

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

104.22.74.171

172.67.8.141

104.22.75.171
8.8.8.8:53

whos.amung.us

dns

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

104.22.74.171

104.22.75.171

172.67.8.141
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

cdn-comparador.minhaconexao.com.br

dns

80 B
128 B
1
1

DNS Request

cdn-comparador.minhaconexao.com.br

DNS Response

104.26.6.49

172.67.68.84

104.26.7.49
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.4
8.8.8.8:53

leetleech.org

dns

59 B
75 B
1
1

DNS Request

leetleech.org

DNS Response

185.53.177.54
8.8.8.8:53

i39.tinypic.com

dns

IEXPLORE.EXE

61 B
145 B
1
1

DNS Request

i39.tinypic.com
8.8.8.8:53

cdn.melhorplano.net

dns

130 B
113 B
2
1

DNS Request

cdn.melhorplano.net

DNS Request

cdn.melhorplano.net

DNS Response

172.67.68.22

104.26.12.249

104.26.13.249
8.8.8.8:53

themes.googleusercontent.com

dns

74 B
119 B
1
1

DNS Request

themes.googleusercontent.com

DNS Response

216.58.212.225
8.8.8.8:53

lh3.googleusercontent.com

dns

142 B
116 B
2
1

DNS Request

lh3.googleusercontent.com

DNS Request

lh3.googleusercontent.com

DNS Response

216.58.212.225
8.8.8.8:53

4.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.200.250.142.in-addr.arpa
8.8.8.8:53

226.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

226.16.217.172.in-addr.arpa
8.8.8.8:53

232.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

232.187.250.142.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

22.68.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

22.68.67.172.in-addr.arpa
8.8.8.8:53

49.6.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

49.6.26.104.in-addr.arpa
8.8.8.8:53

t.melhorplano.net

dns

126 B
111 B
2
1

DNS Request

t.melhorplano.net

DNS Request

t.melhorplano.net

DNS Response

172.67.68.22

104.26.13.249

104.26.12.249
8.8.8.8:53

region1.analytics.google.com

dns

74 B
106 B
1
1

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

stats.g.doubleclick.net

dns

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

74.125.206.156

74.125.206.154

74.125.206.157

74.125.206.155
8.8.8.8:53

www.google.co.uk

dns

62 B
78 B
1
1

DNS Request

www.google.co.uk

DNS Response

142.250.179.227
8.8.8.8:53

227.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.179.250.142.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

156.206.125.74.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

156.206.125.74.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

104.241.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

104.241.123.92.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\e[2].htm

Filesize
99B

MD5
aca457390e414cb12c22328109bd2d82

SHA1
9bd1265fab7dcc80f0eed843212b930b788d759e

SHA256
d188d336f8b4d05c1c1964fa5fc7dc6214af906395d35c684fc2843ac1d0761c

SHA512
f58b93b69458082b9a1ec9367ca1138e724529211393c096fa4ac0b2da9e75406d864695d50ee609b8540d875d02690bac94d0ad3f6efcc1ae6ada928a9142b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\js[1].js

Filesize
38KB

MD5
eb0ccd9e437f638150f0f5c0061eb4cf

SHA1
d148a3be0eec4a9f104dd718b08f032b2da0ea46

SHA256
9d352657d1c456811674069bbc01a32a158839dd87d9d3f0b11a2e663981759a

SHA512
1c043b6701a2d01e33df506ab3f69a6d3453c79baadf9a27c979a75e347a92f0457b1499209a978ea852ee3f101365d37e386498f7db97c8e06794d5dd4f3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response