4d35043c47454983acc12bb0264191582e442f448cb319c0baa7e229b8615413

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 09:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3953e152debbd6fd2cd3a4fba4cf6665_JaffaCakes118.html
Size

89KB
MD5

3953e152debbd6fd2cd3a4fba4cf6665
SHA1

0139a524cbf03e8e1ec8b2ac5b183b6da5b612d6
SHA256

4d35043c47454983acc12bb0264191582e442f448cb319c0baa7e229b8615413
SHA512

5a41078857e57ec519415fb46a6754c448309ed4d7b72fac1bd72d336a0349fa01eb62a9f714346f99db117184e2aa8807fffc42bf04470123a5ee6bf4e10753
SSDEEP

1536:xKnutXeOtUK+PwXwMOBNQ6VeeezeeeyeeeMeeeveZeSeleDeKe7eoeVXNn2gDSIp:zXeOtUK+PwXwLNTyXl2gDSIMihg/4wk7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
2880	msedge.exe
2880	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 4780	2880	msedge.exe	82
PID 2880 wrote to memory of 4780	2880	msedge.exe	82
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 4524	2880	msedge.exe	84
PID 2880 wrote to memory of 224	2880	msedge.exe	85
PID 2880 wrote to memory of 224	2880	msedge.exe	85
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86
PID 2880 wrote to memory of 3704	2880	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3953e152debbd6fd2cd3a4fba4cf6665_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffae69246f8,0x7ffae6924708,0x7ffae6924718
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1394655672759631141,15947624209837188716,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

Network

DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
DNS

btemplatescripts.googlecode.com

msedge.exe

Remote address:

8.8.8.8:53

Request

btemplatescripts.googlecode.com

IN A

Response

btemplatescripts.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

172.217.218.82
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

172.217.16.234
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.9
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://btemplatescripts.googlecode.com/files/jquery.jcarousel.js

msedge.exe

Remote address:

172.217.218.82:80

Request

GET /files/jquery.jcarousel.js HTTP/1.1
Host: btemplatescripts.googlecode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1586
Date: Sun, 12 May 2024 09:06:19 GMT
GET

https://www.blogger.com/static/v1/widgets/14020288-widget_css_bundle.css

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /static/v1/widgets/14020288-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/2009384843-widgets.js

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /static/v1/widgets/2009384843-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7016845604907473316&zx=6ddfa5e9-018f-4f4d-8ffb-cbc9bdbf8866

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /dyn-css/authorization.css?targetBlogID=7016845604907473316&zx=6ddfa5e9-018f-4f4d-8ffb-cbc9bdbf8866 HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

msedge.exe

Remote address:

172.217.16.234:80

Request

GET /ajax/libs/jquery/1.5.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30082
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 May 2024 02:08:51 GMT
Expires: Tue, 06 May 2025 02:08:51 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 543448
GET

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js

msedge.exe

Remote address:

172.217.16.234:80

Request

GET /ajax/libs/jquery/1.4.2/jquery.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 46120
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 May 2024 23:54:42 GMT
Expires: Sun, 11 May 2025 23:54:42 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 33097
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
DNS

www.widgeo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.widgeo.net

IN A

Response

www.widgeo.net

IN A

172.67.69.193

www.widgeo.net

IN A

104.26.10.22

www.widgeo.net

IN A

104.26.11.22
GET

http://www.widgeo.net/geocompteur/trackwidget.php

msedge.exe

Remote address:

172.67.69.193:80

Request

GET /geocompteur/trackwidget.php HTTP/1.1
Host: www.widgeo.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sun, 12 May 2024 09:06:20 GMT
Content-Type: application/javascript
Content-Length: 1986
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 19 May 2024 09:06:19 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FRdHNhA3XY2VJGGBqZ49MC%2FXwfaxhr3MMAKCzb%2FptTMlriLB8gZKJVq%2B5TVVfscqbZ1lxmUm7gbekMfuNBCxRhLiiwhiPOwKuIlMpsgK8nsqxQofq%2F3HBNbK%2FChvDHlu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8829408a99054078-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.widgeo.net/img/logopm.png

msedge.exe

Remote address:

172.67.69.193:80

Request

GET /img/logopm.png HTTP/1.1
Host: www.widgeo.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sun, 12 May 2024 09:06:19 GMT
Content-Type: image/webp
Content-Length: 714
Connection: keep-alive
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origFmt=png, origSize=847
Content-Disposition: inline; filename="logopm.webp"
Vary: Accept
cache-control: public, max-age=2592000
expires: Sat, 01 Jun 2024 19:54:18 GMT
last-modified: Thu, 20 Jun 2019 15:14:49 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 825121
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oC3JZCRtvOpqdOnDZMJYM8xtME1CbKywAckTmyLUJABg%2BZAMGnD3m4PZJpOvPn%2BLd23GeUsJdZ4Is4Ybh7J6baTQO0S0ImsaFilAr4I%2BQXeU3PiuZailSpMuUDW0QtBN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8829408ade2d9586-LHR
alt-svc: h3=":443"; ma=86400
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

172.217.169.46
GET

http://www.youtube.com/embed/LAwrZGAWu1E?fs=1

msedge.exe

Remote address:

142.250.179.238:80

Request

GET /embed/LAwrZGAWu1E?fs=1 HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 12 May 2024 09:06:20 GMT
Location: https://www.youtube.com/embed/LAwrZGAWu1E?fs=1
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

https://www.youtube.com/embed/LAwrZGAWu1E?fs=1

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /embed/LAwrZGAWu1E?fs=1 HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.225
DNS

shout.busuk.org

msedge.exe

Remote address:

8.8.8.8:53

Request

shout.busuk.org

IN A

Response
GET

http://1.bp.blogspot.com/-tnFysi-6jSY/T_k9P4xKmPI/AAAAAAAAAZk/3ibjI-0bPds/s1600/547157_395311200506403_2111104778_n.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-tnFysi-6jSY/T_k9P4xKmPI/AAAAAAAAAZk/3ibjI-0bPds/s1600/547157_395311200506403_2111104778_n.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="547157_395311200506403_2111104778_n.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 76441
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v199"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://1.bp.blogspot.com/-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/s1600/pencen.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/s1600/pencen.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="pencen.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13894
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1ab"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://1.bp.blogspot.com/-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/w72-h72-p-k-no-nu/pencen.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/w72-h72-p-k-no-nu/pencen.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="pencen.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4914
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1ab"
Content-Type: image/jpeg
Vary: Origin
Age: 1
DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.200.9
GET

http://1.bp.blogspot.com/_v5IxGTiMTD8/S96y4Z-feKI/AAAAAAAABQk/5Vm7yThAlG4/s1600/bg-header.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S96y4Z-feKI/AAAAAAAABQk/5Vm7yThAlG4/s1600/bg-header.gif HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "ve8a"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-header.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 526
X-XSS-Protection: 0
GET

http://1.bp.blogspot.com/_v5IxGTiMTD8/S965MVQnPkI/AAAAAAAABTU/Xhe2A73G1r0/s1600/bg-navi-item-c.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S965MVQnPkI/AAAAAAAABTU/Xhe2A73G1r0/s1600/bg-navi-item-c.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v535"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-navi-item-c.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 207
X-XSS-Protection: 0
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.225
GET

http://1.bp.blogspot.com/_v5IxGTiMTD8/S964DWkra5I/AAAAAAAABS0/f5BfFwqTxmk/s1600/bg-cat-item-l.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S964DWkra5I/AAAAAAAABS0/f5BfFwqTxmk/s1600/bg-cat-item-l.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v52d"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-cat-item-l.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 659
X-XSS-Protection: 0
GET

http://1.bp.blogspot.com/-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/w72-h72-p-k-no-nu/Capture10.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/w72-h72-p-k-no-nu/Capture10.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Capture10.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4634
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v4f2"
Content-Type: image/jpeg
Vary: Origin
Age: 1
DNS

3.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.225
GET

http://1.bp.blogspot.com/_v5IxGTiMTD8/S964DqKKdcI/AAAAAAAABS8/8pOrMnQcldI/s1600/bg-cat-item-r.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S964DqKKdcI/AAAAAAAABS8/8pOrMnQcldI/s1600/bg-cat-item-r.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v52f"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-cat-item-r.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 662
X-XSS-Protection: 0
DNS

2.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.225
GET

http://1.bp.blogspot.com/-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/s640/Capture10.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/s640/Capture10.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Capture10.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 78130
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v4f2"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://1.bp.blogspot.com/-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/s320/4.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/s320/4.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 38877
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v19c"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://1.bp.blogspot.com/-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/w72-h72-p-k-no-nu/4.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/w72-h72-p-k-no-nu/4.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4880
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v19c"
Content-Type: image/jpeg
Vary: Origin
Age: 1
DNS

i39.tinypic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i39.tinypic.com

IN A

Response
GET

http://3.bp.blogspot.com/_v5IxGTiMTD8/S96z2JISe_I/AAAAAAAABRE/3eu0A_vEVwk/s1600/bg-body-top.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S96z2JISe_I/AAAAAAAABRE/3eu0A_vEVwk/s1600/bg-body-top.gif HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "ved5"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-body-top.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 746
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/_v5IxGTiMTD8/S96z13f_HaI/AAAAAAAABQ0/_I6JD-Eyb4I/s1600/bg-body-mid.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S96z13f_HaI/AAAAAAAABQ0/_I6JD-Eyb4I/s1600/bg-body-mid.gif HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "ve90"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-body-mid.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 72
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/s1600/pencen.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/s1600/pencen.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="pencen.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13894
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v189"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://3.bp.blogspot.com/-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/w72-h72-p-k-no-nu/stiforp.asia.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/w72-h72-p-k-no-nu/stiforp.asia.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="stiforp.asia.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 5533
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v506"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://3.bp.blogspot.com/_v5IxGTiMTD8/S96y495PeGI/AAAAAAAABQs/ihQ7GPYhtB8/s1600/bg-categories.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S96y495PeGI/AAAAAAAABQs/ihQ7GPYhtB8/s1600/bg-categories.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v50b"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-categories.jpg"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 22588
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/_v5IxGTiMTD8/S965NIDeE-I/AAAAAAAABTk/0Ot6r6aR8RA/s400/bg-navi-item-r.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S965NIDeE-I/AAAAAAAABTk/0Ot6r6aR8RA/s400/bg-navi-item-r.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v539"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-navi-item-r.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 358
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/_v5IxGTiMTD8/S965MqhYz8I/AAAAAAAABTc/ymwZK0PtWYo/s400/bg-navi-item-l.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S965MqhYz8I/AAAAAAAABTc/ymwZK0PtWYo/s400/bg-navi-item-l.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v537"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-navi-item-l.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 379
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/s320/stiforp.asia.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/s320/stiforp.asia.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="stiforp.asia.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 41185
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v506"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://3.bp.blogspot.com/-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/w72-h72-p-k-no-nu/pencen.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/w72-h72-p-k-no-nu/pencen.jpg HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="pencen.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4914
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v189"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://3.bp.blogspot.com/_v5IxGTiMTD8/S965Ncy5MOI/AAAAAAAABTs/eqpiWkABez4/s1600/bg-box-interior.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S965Ncy5MOI/AAAAAAAABTs/eqpiWkABez4/s1600/bg-box-interior.gif HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "vde2"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-box-interior.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 151
X-XSS-Protection: 0
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

142.250.200.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://4.bp.blogspot.com/_v5IxGTiMTD8/S964D7JctYI/AAAAAAAABTE/o6zb184FgYI/s1600/bg-box-title.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S964D7JctYI/AAAAAAAABTE/o6zb184FgYI/s1600/bg-box-title.gif HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "vf03"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-box-title.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 384
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/_v5IxGTiMTD8/S9602-qYeTI/AAAAAAAABR8/hztglTqzPHc/s400/bg-footer.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S9602-qYeTI/AAAAAAAABR8/hztglTqzPHc/s400/bg-footer.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v51f"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-footer.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 191
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-E3dtOkxZql8/T8jtukyzBQI/AAAAAAAAAXU/CMi23xLKeUc/s320/531241_261226077309768_1737726916_n.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-E3dtOkxZql8/T8jtukyzBQI/AAAAAAAAAXU/CMi23xLKeUc/s320/531241_261226077309768_1737726916_n.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="531241_261226077309768_1737726916_n.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 44374
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v175"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/-gW83GjSQZEE/T_hr9w3gqII/AAAAAAAAAYs/ubI4N9z_5LY/w72-h72-p-k-no-nu/010_12.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-gW83GjSQZEE/T_hr9w3gqII/AAAAAAAAAYs/ubI4N9z_5LY/w72-h72-p-k-no-nu/010_12.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="010_12.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 7249
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v18b"
Content-Type: image/png
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/_v5IxGTiMTD8/S96z2Fn3I5I/AAAAAAAABQ8/GCuCLDU0XiE/s1600/bg-body-bot.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S96z2Fn3I5I/AAAAAAAABQ8/GCuCLDU0XiE/s1600/bg-body-bot.gif HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "vdc6"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-body-bot.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 744
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-gW83GjSQZEE/T_hr9w3gqII/AAAAAAAAAYs/ubI4N9z_5LY/s1600/010_12.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-gW83GjSQZEE/T_hr9w3gqII/AAAAAAAAAYs/ubI4N9z_5LY/s1600/010_12.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="010_12.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19808
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v18b"
Content-Type: image/png
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/-E3dtOkxZql8/T8jtukyzBQI/AAAAAAAAAXU/CMi23xLKeUc/w72-h72-p-k-no-nu/531241_261226077309768_1737726916_n.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-E3dtOkxZql8/T8jtukyzBQI/AAAAAAAAAXU/CMi23xLKeUc/w72-h72-p-k-no-nu/531241_261226077309768_1737726916_n.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="531241_261226077309768_1737726916_n.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3866
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v175"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/_v5IxGTiMTD8/S9625o_xuMI/AAAAAAAABSE/fHHPrA1WpdY/s1600/bg-footer-boundary-side.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S9625o_xuMI/AAAAAAAABSE/fHHPrA1WpdY/s1600/bg-footer-boundary-side.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v521"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-footer-boundary-side.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 250
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-gc7MRAnCbl0/T_rvqsbHaNI/AAAAAAAAAaA/OIOs5jblvDE/s320/4.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-gc7MRAnCbl0/T_rvqsbHaNI/AAAAAAAAAaA/OIOs5jblvDE/s320/4.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 25590
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a0"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/-gc7MRAnCbl0/T_rvqsbHaNI/AAAAAAAAAaA/OIOs5jblvDE/w72-h72-p-k-no-nu/4.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-gc7MRAnCbl0/T_rvqsbHaNI/AAAAAAAAAaA/OIOs5jblvDE/w72-h72-p-k-no-nu/4.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4114
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1a0"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/_v5IxGTiMTD8/S96z2qllekI/AAAAAAAABRM/dXVMTNoj1Cc/s1600/bg-post-index-wide.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S96z2qllekI/AAAAAAAABRM/dXVMTNoj1Cc/s1600/bg-post-index-wide.gif HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="bg-post-index-wide.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 352
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:20 GMT
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf23"
Content-Type: image/gif
Vary: Origin
Age: 0
GET

http://2.bp.blogspot.com/-RD36LD_oELQ/T1QPm5BTvmI/AAAAAAAAAXE/gCde_xOL9dY/s400/12.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-RD36LD_oELQ/T1QPm5BTvmI/AAAAAAAAAXE/gCde_xOL9dY/s400/12.jpg HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="12.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19094
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v171"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://2.bp.blogspot.com/_v5IxGTiMTD8/S965Nv0jkQI/AAAAAAAABT0/_RYk8CqbAXg/s1600/border-box-list-item.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S965Nv0jkQI/AAAAAAAABT0/_RYk8CqbAXg/s1600/border-box-list-item.gif HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "vead"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="border-box-list-item.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 43
X-XSS-Protection: 0
GET

http://2.bp.blogspot.com/_v5IxGTiMTD8/S964DNY9T8I/AAAAAAAABSs/1fh2VVlLPCU/s1600/bg-cat-item-c.png

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S964DNY9T8I/AAAAAAAABSs/1fh2VVlLPCU/s1600/bg-cat-item-c.png HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v52b"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-cat-item-c.png"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 256
X-XSS-Protection: 0
GET

http://2.bp.blogspot.com/-RD36LD_oELQ/T1QPm5BTvmI/AAAAAAAAAXE/gCde_xOL9dY/w72-h72-p-k-no-nu/12.jpg

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /-RD36LD_oELQ/T1QPm5BTvmI/AAAAAAAAAXE/gCde_xOL9dY/w72-h72-p-k-no-nu/12.jpg HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="12.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4121
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:19 GMT
Expires: Mon, 13 May 2024 09:06:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v171"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://2.bp.blogspot.com/_v5IxGTiMTD8/S9601in7hVI/AAAAAAAABRc/Q5A1AW4PYaM/s1600/bg-post-bot.gif

msedge.exe

Remote address:

142.250.187.225:80

Request

GET /_v5IxGTiMTD8/S9601in7hVI/AAAAAAAABRc/Q5A1AW4PYaM/s1600/bg-post-bot.gif HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "vebb"
Expires: Mon, 13 May 2024 09:06:20 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="bg-post-bot.gif"
X-Content-Type-Options: nosniff
Date: Sun, 12 May 2024 09:06:20 GMT
Server: fife
Content-Length: 290
X-XSS-Protection: 0
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
GET

https://www.widgeo.net/hitparade.php?pagexiti=trackwidget

msedge.exe

Remote address:

172.67.69.193:443

Request

GET /hitparade.php?pagexiti=trackwidget HTTP/2.0
host: www.widgeo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:20 GMT
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
expires: Mon, 13 May 2024 18:00:48 GMT
last-modified: Mon, 29 Apr 2024 17:57:16 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 486331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cPmEjDhZ7KPACCHO%2FtDBQRaF8nyHh0lwTpFUxeqEBA7%2BVLt59gS966vpPQnE595H8IHYkM5%2FUAEFLQxMoZp1PTeQM3ecVVdoG6X2N0oIbPfpU0j2vlKRKbgyN6Nv5ZEX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8829408e7a2c386a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://www.widgeo.net/tcm.js

msedge.exe

Remote address:

172.67.69.193:443

Request

GET /tcm.js HTTP/2.0
host: www.widgeo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:20 GMT
content-type: application/javascript
content-length: 0
cf-bgj: minify
cache-control: public, max-age=604800
expires: Mon, 13 May 2024 18:00:48 GMT
last-modified: Mon, 29 Apr 2024 17:57:14 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 486331
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8PlB2unMyvUX9iyhDZO48XH1cnlie91FmSxF93qsYJYSeV5%2F2GDt%2FQ25a3uhebZOu1SFgVo%2BBYD9T%2FmGqF4koOXxqVWiRiarg400dJmgxRASrmdzdSGAvTfC9z04ePxV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8829408e7a2e386a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.widgeo.net/tcm_t_u.js

msedge.exe

Remote address:

172.67.69.193:443

Request

GET /tcm_t_u.js HTTP/2.0
host: www.widgeo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:20 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=180
expires: Sun, 12 May 2024 09:09:19 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qytvNhR4byOUS2Pz93WFMG55RrQEvd154Ki0iG5O7H9ORmqJxCASSI0Q7nBcZXZVXxlrVasQbInghghaOdaQfbusKBLfHy6guRsevutOXZ10wxClBsKiHvUy5%2FnKmB%2BQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8829408e7a28386a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://www.widgeo.net/cdn-cgi/rum?

msedge.exe

Remote address:

172.67.69.193:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.widgeo.net
content-length: 1149
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.widgeo.net
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.widgeo.net/hitparade.php?pagexiti=trackwidget
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sun, 12 May 2024 09:06:21 GMT
access-control-allow-origin: https://www.widgeo.net
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 882940915e7d386a-LHR
x-frame-options: DENY
x-content-type-options: nosniff
GET

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/futurebarrelmalaysia&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

msedge.exe

Remote address:

163.70.151.35:80

Request

GET /plugins/like.php?href=https://www.facebook.com/futurebarrelmalaysia&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=https://www.facebook.com/futurebarrelmalaysia&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21
Content-Type: text/plain
Server: proxygen-bolt
Date: Sun, 12 May 2024 09:06:20 GMT
Connection: keep-alive
Content-Length: 0
GET

https://lh3.googleusercontent.com/proxy/IVNHHUfvk6Hp3YWw-dMdx_VOJmA2686hsZpPuT-6fE8IPkeMARzsWFdFKeXXNCncGbSBEFanL5_eOHX5omwlLlloako=w72-h72-n-k-no-nu

msedge.exe

Remote address:

142.250.200.33:443

Request

GET /proxy/IVNHHUfvk6Hp3YWw-dMdx_VOJmA2686hsZpPuT-6fE8IPkeMARzsWFdFKeXXNCncGbSBEFanL5_eOHX5omwlLlloako=w72-h72-n-k-no-nu HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www.widgeo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.widgeo.net

IN A

Response

www.widgeo.net

IN A

172.67.69.193

www.widgeo.net

IN A

104.26.10.22

www.widgeo.net

IN A

104.26.11.22
DNS

bp0.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bp0.blogger.com

IN A

Response

bp0.blogger.com

IN CNAME

bloggerphotos.l.google.com

bloggerphotos.l.google.com

IN A

216.58.212.206
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22
DNS

mc.yandex.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

87.250.251.119
GET

http://bp0.blogger.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif

msedge.exe

Remote address:

216.58.212.206:80

Request

GET /_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif HTTP/1.1
Host: bp0.blogger.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://1.bp.blogspot.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 292
X-XSS-Protection: 0
Date: Sun, 12 May 2024 09:06:20 GMT
Expires: Tue, 11 Jun 2024 09:06:20 GMT
Cache-Control: public, max-age=2592000
Content-Type: text/html; charset=UTF-8
Vary: Origin
Age: 0
DNS

widgets.amung.us

msedge.exe

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

104.22.75.171

widgets.amung.us

IN A

172.67.8.141

widgets.amung.us

IN A

104.22.74.171
DNS

static.cloudflareinsights.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.79.73

static.cloudflareinsights.com

IN A

104.16.80.73
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�I
GET

http://widgets.amung.us/map.js

msedge.exe

Remote address:

104.22.75.171:80

Request

GET /map.js HTTP/1.1
Host: widgets.amung.us
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sun, 12 May 2024 09:06:20 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:40 GMT
etag: W/"63c0412c-1b86"
expires: Mon, 13 May 2024 08:15:14 GMT
cache-control: max-age=86400
access-control-allow-origin: *
CF-Cache-Status: HIT
Age: 3066
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88294090b82d6728-AMS
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

msedge.exe

Remote address:

104.16.79.73:443

Request

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.widgeo.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.widgeo.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:20 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 88294090eb5c6517-LHR
content-encoding: gzip
GET

https://i.ytimg.com/vi/LAwrZGAWu1E/sddefault.jpg

msedge.exe

Remote address:

172.217.16.246:443

Request

GET /vi/LAwrZGAWu1E/sddefault.jpg HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

82.218.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.218.217.172.in-addr.arpa

IN PTR

Response

82.218.217.172.in-addr.arpa

IN PTR

en-in-f821e100net
DNS

9.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.200.250.142.in-addr.arpa

IN PTR

Response

9.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f91e100net
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f10�I
DNS

193.69.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.69.67.172.in-addr.arpa

IN PTR

Response
DNS

206.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.212.58.216.in-addr.arpa

IN PTR

Response

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f2061e100net

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f14�J

206.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f14�J
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
GET

https://mc.yandex.ru/watch/97093088

msedge.exe

Remote address:

93.158.134.119:443

Request

GET /watch/97093088 HTTP/2.0
host: mc.yandex.ru
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

225.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.187.250.142.in-addr.arpa

IN PTR

Response

225.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f11e100net
GET

https://1.bp.blogspot.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif

msedge.exe

Remote address:

142.250.187.225:443

Request

GET /_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif HTTP/2.0
host: 1.bp.blogspot.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

arvigorothan.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arvigorothan.com

IN A

Response

arvigorothan.com

IN A

104.21.30.34

arvigorothan.com

IN A

172.67.150.119
DNS

t.dtscout.com

msedge.exe

Remote address:

8.8.8.8:53

Request

t.dtscout.com

IN A

Response

t.dtscout.com

IN A

141.101.120.10

t.dtscout.com

IN A

141.101.120.11
GET

https://arvigorothan.com/tag.min.js

msedge.exe

Remote address:

104.21.30.34:443

Request

GET /tag.min.js HTTP/2.0
host: arvigorothan.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:21 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 1e63a19f38518a56ffcbe5a386106246
cache-control: max-age=86400
last-modified: Thu, 09 May 2024 21:48:46 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 12 May 2024 17:35:40 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 55841
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUN2lEaAWDr4T2P8es%2BbB90wFRTEbzyA7pE7pnoferm77%2BxAzknpHdtHLMa1tijGkvpxqw3J85G7PbdEDo0yftFBqhql8a9dqd1PZbJXaev%2Bx9i5YLqidrDFIdTLZiPSzP9v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88294091cd5252ca-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

173.194.69.84
GET

https://t.dtscout.com/i/?l=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3953e152debbd6fd2cd3a4fba4cf6665_JaffaCakes118.html&j=

msedge.exe

Remote address:

141.101.120.10:443

Request

GET /i/?l=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3953e152debbd6fd2cd3a4fba4cf6665_JaffaCakes118.html&j= HTTP/2.0
host: t.dtscout.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:21 GMT
content-type: application/javascript
x-s: ger1
set-cookie: m=1; Domain=dtscout.com; Expires=Sun, 12-May-2024 10:29:41 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
set-cookie: df=1715504781; Domain=dtscout.com; Expires=Tue, 20-Aug-2024 09:06:21 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.228
expires: Sun, 12 May 2024 09:06:20 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZvU1nZKRn9Fs5NMwpExhFG7sMnwl30um4ZNTD7pQdpjvPxriHuonPQ00jmzIGLROJZ0fWlAdjWiYbBHDqmgZf2fWMWBaGjhrc57h5e6sCr8Sb03U9kIRHt6oKjjZxAI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88294091ddd2940d-LHR
content-encoding: br
GET

https://t.dtscout.com/pv/?_a=v&_h=&_ss=2rvb31tnne&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=tv30&_cb=_dtspv.c

msedge.exe

Remote address:

141.101.120.10:443

Request

GET /pv/?_a=v&_h=&_ss=2rvb31tnne&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=tv30&_cb=_dtspv.c HTTP/2.0
host: t.dtscout.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: m=1
cookie: df=1715504781

Response

HTTP/2.0 200

date: Sun, 12 May 2024 09:06:21 GMT
content-type: application/javascript
x-t: 0.142
x-c: 0
expires: Sun, 12 May 2024 09:06:20 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGThcAvmtsKepMQboJHhQOsopa35agtq%2FruZnWN%2FhebyAITa%2Fm9vjNfZkVaZac%2BHzlEaSGWcozalTiUWGzInbQlwRDqQf7DRZAqc0mtYY4zgodQ2GsIs7lSidZn8YS0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 882940923e2d940d-LHR
content-encoding: br
GET

https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&go=true

msedge.exe

Remote address:

173.194.69.84:443

Request

GET /ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&go=true HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

deenoacepok.com

msedge.exe

Remote address:

8.8.8.8:53

Request

deenoacepok.com

IN A

Response

deenoacepok.com

IN A

139.45.197.242
GET

https://deenoacepok.com/5/3294720/?oo=1&js_build=iclick-v1.792.1-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67

msedge.exe

Remote address:

139.45.197.242:443

Request

GET /5/3294720/?oo=1&js_build=iclick-v1.792.1-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67 HTTP/2.0
host: deenoacepok.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 12 May 2024 09:06:21 GMT
content-type: application/json
x-trace-id: ce50727f6d86d2d2bffa97192ea5680a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=00805a02e91b4689e5d2705938dfbae7; expires=Mon, 12 May 2025 09:06:21 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1715504781; expires=Mon, 12 May 2025 09:06:21 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.204.66
GET

https://googleads.g.doubleclick.net/pagead/id

msedge.exe

Remote address:

216.58.204.66:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

my.rtmark.net

msedge.exe

Remote address:

8.8.8.8:53

Request

my.rtmark.net

IN A

Response

my.rtmark.net

IN A

139.45.195.8
DNS

yonmewon.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yonmewon.com

IN A

Response

yonmewon.com

IN A

139.45.197.236
DNS

sr7pv7n5x.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sr7pv7n5x.com

IN A

Response

sr7pv7n5x.com

IN A

212.117.190.201
GET

https://my.rtmark.net/gid.js?userId=00805a02e91b4689e5d2705938dfbae7

msedge.exe

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=00805a02e91b4689e5d2705938dfbae7 HTTP/2.0
host: my.rtmark.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 12 May 2024 09:06:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=00805a02e91b4689e5d2705938dfbae7; expires=Mon, 12 May 2025 09:06:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.179.230
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

yt3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.225
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://static.doubleclick.net/instream/ad_status.js

msedge.exe

Remote address:

142.250.179.230:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/th/LvMrC3vzHFP8SzxjvqNWRksbkOPiJTf11ILX4Pq8Ybc.js

msedge.exe

Remote address:

142.250.178.4:443

Request

GET /js/th/LvMrC3vzHFP8SzxjvqNWRksbkOPiJTf11ILX4Pq8Ybc.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AIdro_kDe4WgBLtXrZ9Fq0dk_8o8OmdLfMziyh-TcaBPYvg=s68-c-k-c0x00ffffff-no-rj

msedge.exe

Remote address:

142.250.187.225:443

Request

GET /ytc/AIdro_kDe4WgBLtXrZ9Fq0dk_8o8OmdLfMziyh-TcaBPYvg=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR

Response
DNS

246.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.16.217.172.in-addr.arpa

IN PTR

Response

246.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f221e100net

246.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f22�I
DNS

171.75.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.75.22.104.in-addr.arpa

IN PTR

Response
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f31e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f195�H

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�H
DNS

119.134.158.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.134.158.93.in-addr.arpa

IN PTR

Response

119.134.158.93.in-addr.arpa

IN PTR

mcyandexru
DNS

34.30.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.30.21.104.in-addr.arpa

IN PTR

Response
DNS

10.120.101.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.120.101.141.in-addr.arpa

IN PTR

Response
DNS

84.69.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.69.194.173.in-addr.arpa

IN PTR

Response

84.69.194.173.in-addr.arpa

IN PTR

ef-in-f841e100net
DNS

242.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

242.197.45.139.in-addr.arpa

IN PTR

Response
DNS

66.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.204.58.216.in-addr.arpa

IN PTR

Response

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f21e100net

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f66�G

66.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f2�G
DNS

8.195.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.195.45.139.in-addr.arpa

IN PTR

Response
DNS

201.190.117.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.190.117.212.in-addr.arpa

IN PTR

Response
DNS

236.197.45.139.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.197.45.139.in-addr.arpa

IN PTR

Response
DNS

106.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.201.58.216.in-addr.arpa

IN PTR

Response

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f101e100net

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f106�I

106.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f10�I
DNS

230.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.179.250.142.in-addr.arpa

IN PTR

Response

230.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f61e100net
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

31.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.121.18.2.in-addr.arpa

IN PTR

Response

31.121.18.2.in-addr.arpa

IN PTR

a2-18-121-31deploystaticakamaitechnologiescom
DNS

whos.amung.us

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

172.67.8.141

whos.amung.us

IN A

104.22.75.171

whos.amung.us

IN A

104.22.74.171
DNS

whos.amung.us

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

104.22.75.171

whos.amung.us

IN A

172.67.8.141

whos.amung.us

IN A

104.22.74.171
DNS

dietproteinsd2.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

dietproteinsd2.blogspot.com

IN A

Response

dietproteinsd2.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

216.58.201.97
GET

http://dietproteinsd2.blogspot.com/favicon.ico

msedge.exe

Remote address:

216.58.201.97:80

Request

GET /favicon.ico HTTP/1.1
Host: dietproteinsd2.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon; charset=UTF-8
Expires: Sun, 12 May 2024 09:07:26 GMT
Date: Sun, 12 May 2024 09:07:26 GMT
Cache-Control: private, max-age=86400
Last-Modified: Wed, 20 Mar 2024 06:40:14 GMT
ETag: W/"0fee4f4955e9d5cce45531c00184e2ed1f9481608a1eb01e057de98e996f8b4d"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f11e100net

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f97�G

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f1�G
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

tls, http2

msedge.exe

4.5kB
104.5kB
66
90

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs
172.217.218.82:80

http://btemplatescripts.googlecode.com/files/jquery.jcarousel.js

http

msedge.exe

613 B
2.0kB
6
5

HTTP Request

GET http://btemplatescripts.googlecode.com/files/jquery.jcarousel.js

HTTP Response

404
142.250.200.9:443

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7016845604907473316&zx=6ddfa5e9-018f-4f4d-8ffb-cbc9bdbf8866

tls, http2

msedge.exe

4.0kB
67.3kB
57
68

HTTP Request

GET https://www.blogger.com/static/v1/widgets/14020288-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/static/v1/widgets/2009384843-widgets.js

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7016845604907473316&zx=6ddfa5e9-018f-4f4d-8ffb-cbc9bdbf8866
172.217.16.234:80

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

http

msedge.exe

1.2kB
32.2kB
18
28

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

HTTP Response

200
172.217.16.234:80

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js

http

msedge.exe

1.4kB
48.7kB
24
40

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js

HTTP Response

200
216.58.212.226:445

pagead2.googlesyndication.com

260 B
5
172.67.69.193:80

http://www.widgeo.net/geocompteur/trackwidget.php

http

msedge.exe

690 B
3.1kB
8
8

HTTP Request

GET http://www.widgeo.net/geocompteur/trackwidget.php

HTTP Response

200
172.67.69.193:80

http://www.widgeo.net/img/logopm.png

http

msedge.exe

681 B
1.9kB
7
7

HTTP Request

GET http://www.widgeo.net/img/logopm.png

HTTP Response

200
142.250.179.238:80

http://www.youtube.com/embed/LAwrZGAWu1E?fs=1

http

msedge.exe

791 B
687 B
7
6

HTTP Request

GET http://www.youtube.com/embed/LAwrZGAWu1E?fs=1

HTTP Response

301
142.250.179.238:443

https://www.youtube.com/embed/LAwrZGAWu1E?fs=1

tls, http2

msedge.exe

2.6kB
48.9kB
30
47

HTTP Request

GET https://www.youtube.com/embed/LAwrZGAWu1E?fs=1
142.250.187.225:80

http://1.bp.blogspot.com/-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/w72-h72-p-k-no-nu/pencen.jpg

http

msedge.exe

3.3kB
99.8kB
44
77

HTTP Request

GET http://1.bp.blogspot.com/-tnFysi-6jSY/T_k9P4xKmPI/AAAAAAAAAZk/3ibjI-0bPds/s1600/547157_395311200506403_2111104778_n.jpg

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/s1600/pencen.jpg

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-t5S8OmrlDso/UAGvUTq2PwI/AAAAAAAAAas/UKd63L5KfmY/w72-h72-p-k-no-nu/pencen.jpg

HTTP Response

200
142.250.187.225:80

http://1.bp.blogspot.com/_v5IxGTiMTD8/S96y4Z-feKI/AAAAAAAABQk/5Vm7yThAlG4/s1600/bg-header.gif

http

msedge.exe

738 B
1.3kB
7
6

HTTP Request

GET http://1.bp.blogspot.com/_v5IxGTiMTD8/S96y4Z-feKI/AAAAAAAABQk/5Vm7yThAlG4/s1600/bg-header.gif

HTTP Response

200
142.250.187.225:80

http://1.bp.blogspot.com/_v5IxGTiMTD8/S965MVQnPkI/AAAAAAAABTU/Xhe2A73G1r0/s1600/bg-navi-item-c.png

http

msedge.exe

743 B
947 B
7
6

HTTP Request

GET http://1.bp.blogspot.com/_v5IxGTiMTD8/S965MVQnPkI/AAAAAAAABTU/Xhe2A73G1r0/s1600/bg-navi-item-c.png

HTTP Response

200
142.250.187.225:80

http://1.bp.blogspot.com/-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/w72-h72-p-k-no-nu/Capture10.jpg

http

msedge.exe

1.3kB
6.7kB
9
11

HTTP Request

GET http://1.bp.blogspot.com/_v5IxGTiMTD8/S964DWkra5I/AAAAAAAABS0/f5BfFwqTxmk/s1600/bg-cat-item-l.png

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/w72-h72-p-k-no-nu/Capture10.jpg

HTTP Response

200
142.250.187.225:80

http://1.bp.blogspot.com/_v5IxGTiMTD8/S964DqKKdcI/AAAAAAAABS8/8pOrMnQcldI/s1600/bg-cat-item-r.png

http

msedge.exe

742 B
1.4kB
7
6

HTTP Request

GET http://1.bp.blogspot.com/_v5IxGTiMTD8/S964DqKKdcI/AAAAAAAABS8/8pOrMnQcldI/s1600/bg-cat-item-r.png

HTTP Response

200
142.250.187.225:80

http://1.bp.blogspot.com/-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/w72-h72-p-k-no-nu/4.jpg

http

msedge.exe

3.7kB
127.1kB
54
96

HTTP Request

GET http://1.bp.blogspot.com/-mQ5e5o_4s9Y/UAONve2yQRI/AAAAAAAAAa4/9iqrTKmWXsY/s640/Capture10.jpg

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/s320/4.jpg

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-GTI5Hfqlli4/T_msQLltK5I/AAAAAAAAAZw/UXVzTyNWQKU/w72-h72-p-k-no-nu/4.jpg

HTTP Response

200
142.250.187.225:80

http://3.bp.blogspot.com/_v5IxGTiMTD8/S96z2JISe_I/AAAAAAAABRE/3eu0A_vEVwk/s1600/bg-body-top.gif

http

msedge.exe

740 B
1.5kB
7
6

HTTP Request

GET http://3.bp.blogspot.com/_v5IxGTiMTD8/S96z2JISe_I/AAAAAAAABRE/3eu0A_vEVwk/s1600/bg-body-top.gif

HTTP Response

200
142.250.187.225:80

http://3.bp.blogspot.com/-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/w72-h72-p-k-no-nu/stiforp.asia.jpg

http

msedge.exe

2.0kB
21.8kB
16
23

HTTP Request

GET http://3.bp.blogspot.com/_v5IxGTiMTD8/S96z13f_HaI/AAAAAAAABQ0/_I6JD-Eyb4I/s1600/bg-body-mid.gif

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/s1600/pencen.jpg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/w72-h72-p-k-no-nu/stiforp.asia.jpg

HTTP Response

200
142.250.187.225:80

http://3.bp.blogspot.com/_v5IxGTiMTD8/S96y495PeGI/AAAAAAAABQs/ihQ7GPYhtB8/s1600/bg-categories.jpg

http

msedge.exe

1.1kB
24.0kB
15
22

HTTP Request

GET http://3.bp.blogspot.com/_v5IxGTiMTD8/S96y495PeGI/AAAAAAAABQs/ihQ7GPYhtB8/s1600/bg-categories.jpg

HTTP Response

200
142.250.187.225:80

http://3.bp.blogspot.com/_v5IxGTiMTD8/S965NIDeE-I/AAAAAAAABTk/0Ot6r6aR8RA/s400/bg-navi-item-r.png

http

msedge.exe

742 B
1.1kB
7
6

HTTP Request

GET http://3.bp.blogspot.com/_v5IxGTiMTD8/S965NIDeE-I/AAAAAAAABTk/0Ot6r6aR8RA/s400/bg-navi-item-r.png

HTTP Response

200
142.250.187.225:80

http://3.bp.blogspot.com/-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/w72-h72-p-k-no-nu/pencen.jpg

http

msedge.exe

2.4kB
49.6kB
25
42

HTTP Request

GET http://3.bp.blogspot.com/_v5IxGTiMTD8/S965MqhYz8I/AAAAAAAABTc/ymwZK0PtWYo/s400/bg-navi-item-l.png

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-GkdNUIQIEFE/T_hxVOFfcxI/AAAAAAAAAY4/0D85hEBYjhk/s320/stiforp.asia.jpg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-fZAJ-61C1B0/T_hp4N-2DFI/AAAAAAAAAYk/ytvuL76hsCc/w72-h72-p-k-no-nu/pencen.jpg

HTTP Response

200
142.250.187.225:80

http://3.bp.blogspot.com/_v5IxGTiMTD8/S965Ncy5MOI/AAAAAAAABTs/eqpiWkABez4/s1600/bg-box-interior.gif

http

msedge.exe

744 B
892 B
7
6

HTTP Request

GET http://3.bp.blogspot.com/_v5IxGTiMTD8/S965Ncy5MOI/AAAAAAAABTs/eqpiWkABez4/s1600/bg-box-interior.gif

HTTP Response

200
142.250.200.9:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

msedge.exe

1.9kB
7.1kB
16
15

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png
142.250.187.225:80

http://4.bp.blogspot.com/_v5IxGTiMTD8/S9602-qYeTI/AAAAAAAABR8/hztglTqzPHc/s400/bg-footer.png

http

msedge.exe

1.2kB
1.8kB
8
8

HTTP Request

GET http://4.bp.blogspot.com/_v5IxGTiMTD8/S964D7JctYI/AAAAAAAABTE/o6zb184FgYI/s1600/bg-box-title.gif

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/_v5IxGTiMTD8/S9602-qYeTI/AAAAAAAABR8/hztglTqzPHc/s400/bg-footer.png

HTTP Response

200
142.250.187.225:80

http://4.bp.blogspot.com/_v5IxGTiMTD8/S96z2Fn3I5I/AAAAAAAABQ8/GCuCLDU0XiE/s1600/bg-body-bot.gif

http

msedge.exe

2.6kB
55.7kB
29
47

HTTP Request

GET http://4.bp.blogspot.com/-E3dtOkxZql8/T8jtukyzBQI/AAAAAAAAAXU/CMi23xLKeUc/s320/531241_261226077309768_1737726916_n.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-gW83GjSQZEE/T_hr9w3gqII/AAAAAAAAAYs/ubI4N9z_5LY/w72-h72-p-k-no-nu/010_12.png

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/_v5IxGTiMTD8/S96z2Fn3I5I/AAAAAAAABQ8/GCuCLDU0XiE/s1600/bg-body-bot.gif

HTTP Response

200
142.250.187.225:80

http://4.bp.blogspot.com/_v5IxGTiMTD8/S9625o_xuMI/AAAAAAAABSE/fHHPrA1WpdY/s1600/bg-footer-boundary-side.png

http

msedge.exe

2.2kB
26.4kB
19
26

HTTP Request

GET http://4.bp.blogspot.com/-gW83GjSQZEE/T_hr9w3gqII/AAAAAAAAAYs/ubI4N9z_5LY/s1600/010_12.png

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-E3dtOkxZql8/T8jtukyzBQI/AAAAAAAAAXU/CMi23xLKeUc/w72-h72-p-k-no-nu/531241_261226077309768_1737726916_n.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/_v5IxGTiMTD8/S9625o_xuMI/AAAAAAAABSE/fHHPrA1WpdY/s1600/bg-footer-boundary-side.png

HTTP Response

200
142.250.187.225:80

http://4.bp.blogspot.com/_v5IxGTiMTD8/S96z2qllekI/AAAAAAAABRM/dXVMTNoj1Cc/s1600/bg-post-index-wide.gif

http

msedge.exe

2.2kB
32.7kB
21
31

HTTP Request

GET http://4.bp.blogspot.com/-gc7MRAnCbl0/T_rvqsbHaNI/AAAAAAAAAaA/OIOs5jblvDE/s320/4.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-gc7MRAnCbl0/T_rvqsbHaNI/AAAAAAAAAaA/OIOs5jblvDE/w72-h72-p-k-no-nu/4.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/_v5IxGTiMTD8/S96z2qllekI/AAAAAAAABRM/dXVMTNoj1Cc/s1600/bg-post-index-wide.gif

HTTP Response

200
142.250.187.225:80

http://2.bp.blogspot.com/_v5IxGTiMTD8/S965Nv0jkQI/AAAAAAAABT0/_RYk8CqbAXg/s1600/border-box-list-item.gif

http

msedge.exe

1.6kB
21.0kB
16
22

HTTP Request

GET http://2.bp.blogspot.com/-RD36LD_oELQ/T1QPm5BTvmI/AAAAAAAAAXE/gCde_xOL9dY/s400/12.jpg

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/_v5IxGTiMTD8/S965Nv0jkQI/AAAAAAAABT0/_RYk8CqbAXg/s1600/border-box-list-item.gif

HTTP Response

200
142.250.187.225:80

http://2.bp.blogspot.com/_v5IxGTiMTD8/S964DNY9T8I/AAAAAAAABSs/1fh2VVlLPCU/s1600/bg-cat-item-c.png

http

msedge.exe

742 B
995 B
7
6

HTTP Request

GET http://2.bp.blogspot.com/_v5IxGTiMTD8/S964DNY9T8I/AAAAAAAABSs/1fh2VVlLPCU/s1600/bg-cat-item-c.png

HTTP Response

200
142.250.187.225:80

http://2.bp.blogspot.com/_v5IxGTiMTD8/S9601in7hVI/AAAAAAAABRc/Q5A1AW4PYaM/s1600/bg-post-bot.gif

http

msedge.exe

1.3kB
5.8kB
10
11

HTTP Request

GET http://2.bp.blogspot.com/-RD36LD_oELQ/T1QPm5BTvmI/AAAAAAAAAXE/gCde_xOL9dY/w72-h72-p-k-no-nu/12.jpg

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/_v5IxGTiMTD8/S9601in7hVI/AAAAAAAABRc/Q5A1AW4PYaM/s1600/bg-post-bot.gif

HTTP Response

200
172.67.69.193:443

https://www.widgeo.net/cdn-cgi/rum?

tls, http2

msedge.exe

3.6kB
7.8kB
22
23

HTTP Request

GET https://www.widgeo.net/hitparade.php?pagexiti=trackwidget

HTTP Request

GET https://www.widgeo.net/tcm.js

HTTP Request

GET https://www.widgeo.net/tcm_t_u.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.widgeo.net/cdn-cgi/rum?

HTTP Response

204
163.70.151.35:80

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/futurebarrelmalaysia&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

http

msedge.exe

923 B
641 B
7
6

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/futurebarrelmalaysia&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

HTTP Response

301
172.67.69.193:443

www.widgeo.net

msedge.exe

98 B
52 B
2
1
142.250.200.33:443

https://lh3.googleusercontent.com/proxy/IVNHHUfvk6Hp3YWw-dMdx_VOJmA2686hsZpPuT-6fE8IPkeMARzsWFdFKeXXNCncGbSBEFanL5_eOHX5omwlLlloako=w72-h72-n-k-no-nu

tls, http2

msedge.exe

2.1kB
14.9kB
19
21

HTTP Request

GET https://lh3.googleusercontent.com/proxy/IVNHHUfvk6Hp3YWw-dMdx_VOJmA2686hsZpPuT-6fE8IPkeMARzsWFdFKeXXNCncGbSBEFanL5_eOHX5omwlLlloako=w72-h72-n-k-no-nu
172.67.69.193:443

www.widgeo.net

msedge.exe

98 B
52 B
2
1
163.70.151.35:443

www.facebook.com

tls

msedge.exe

1.8kB
5.7kB
13
13
216.58.212.206:80

http://bp0.blogger.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif

http

msedge.exe

737 B
1.0kB
7
6

HTTP Request

GET http://bp0.blogger.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif

HTTP Response

301
172.67.69.193:445

www.widgeo.net

260 B
5
104.22.75.171:80

http://widgets.amung.us/map.js

http

msedge.exe

671 B
3.4kB
8
9

HTTP Request

GET http://widgets.amung.us/map.js

HTTP Response

200
104.16.79.73:443

https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

tls, http2

msedge.exe

1.9kB
12.6kB
17
20

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

HTTP Response

200
172.217.16.246:443

https://i.ytimg.com/vi/LAwrZGAWu1E/sddefault.jpg

tls, http2

msedge.exe

2.4kB
42.9kB
28
40

HTTP Request

GET https://i.ytimg.com/vi/LAwrZGAWu1E/sddefault.jpg
93.158.134.119:443

https://mc.yandex.ru/watch/97093088

tls, http2

msedge.exe

1.8kB
6.3kB
15
18

HTTP Request

GET https://mc.yandex.ru/watch/97093088
142.250.187.225:443

https://1.bp.blogspot.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif

tls, http2

msedge.exe

1.8kB
10.5kB
16
18

HTTP Request

GET https://1.bp.blogspot.com/_Zuzii37VUO4/Rj7ME-MBRJI/AAAAAAAAAwM/IOo-YUYR5aM/s1600/icono-feed.gif
104.21.30.34:443

https://arvigorothan.com/tag.min.js

tls, http2

msedge.exe

3.9kB
38.4kB
41
43

HTTP Request

GET https://arvigorothan.com/tag.min.js

HTTP Response

200
141.101.120.10:443

https://t.dtscout.com/pv/?_a=v&_h=&_ss=2rvb31tnne&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=tv30&_cb=_dtspv.c

tls, http2

msedge.exe

2.0kB
7.7kB
16
18

HTTP Request

GET https://t.dtscout.com/i/?l=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3953e152debbd6fd2cd3a4fba4cf6665_JaffaCakes118.html&j=

HTTP Response

200

HTTP Request

GET https://t.dtscout.com/pv/?_a=v&_h=&_ss=2rvb31tnne&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=tv30&_cb=_dtspv.c

HTTP Response

200
173.194.69.84:443

https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&go=true

tls, http2

msedge.exe

2.6kB
7.8kB
15
18

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7016845604907473316%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMwMDAwMDAiByMwMDAwMDAqByNGRkZGRkYyByMwMDAwMDA6ByMwMDAwMDBCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://dietproteinsd2.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.JisoxTPHVRs.O/am%253DAAAC/d%253D1/rs%253DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/m%253D__features__%26bpli%3D1&go=true
216.58.213.2:139

pagead2.googlesyndication.com

260 B
5
139.45.197.242:443

https://deenoacepok.com/5/3294720/?oo=1&js_build=iclick-v1.792.1-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67

tls, http2

msedge.exe

1.8kB
6.5kB
14
14

HTTP Request

GET https://deenoacepok.com/5/3294720/?oo=1&js_build=iclick-v1.792.1-auto&os=windows&os_version=10.0&is_mobile=false&browser_version=92.0.902.67

HTTP Response

200
216.58.204.66:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

msedge.exe

1.8kB
7.0kB
15
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
139.45.195.8:443

https://my.rtmark.net/gid.js?userId=00805a02e91b4689e5d2705938dfbae7

tls, http2

msedge.exe

1.7kB
4.6kB
12
14

HTTP Request

GET https://my.rtmark.net/gid.js?userId=00805a02e91b4689e5d2705938dfbae7

HTTP Response

200
212.117.190.201:443

sr7pv7n5x.com

tls, http2

msedge.exe

1.1kB
4.5kB
11
11
139.45.197.236:443

yonmewon.com

tls, http2

msedge.exe

1.2kB
5.3kB
13
14
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

1.8kB
7.0kB
15
17

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.179.230:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

msedge.exe

1.7kB
6.9kB
14
15

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
142.250.178.4:443

https://www.google.com/js/th/LvMrC3vzHFP8SzxjvqNWRksbkOPiJTf11ILX4Pq8Ybc.js

tls, http2

msedge.exe

2.4kB
27.9kB
27
30

HTTP Request

GET https://www.google.com/js/th/LvMrC3vzHFP8SzxjvqNWRksbkOPiJTf11ILX4Pq8Ybc.js
142.250.187.225:443

https://yt3.ggpht.com/ytc/AIdro_kDe4WgBLtXrZ9Fq0dk_8o8OmdLfMziyh-TcaBPYvg=s68-c-k-c0x00ffffff-no-rj

tls, http2

msedge.exe

1.9kB
12.5kB
16
20

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_kDe4WgBLtXrZ9Fq0dk_8o8OmdLfMziyh-TcaBPYvg=s68-c-k-c0x00ffffff-no-rj
104.26.10.22:445

www.widgeo.net

260 B
5
104.26.11.22:445

www.widgeo.net

260 B
5
163.70.151.21:445

connect.facebook.net

260 B
5
163.70.151.21:139

connect.facebook.net

260 B
5
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

2.1kB
8.7kB
18
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.187.206:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.187.206:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
172.67.8.141:445

whos.amung.us

260 B
5
104.22.75.171:445

whos.amung.us

260 B
5
104.22.74.171:445

whos.amung.us

260 B
5
216.58.201.97:80

http://dietproteinsd2.blogspot.com/favicon.ico

http

msedge.exe

599 B
1.1kB
5
5

HTTP Request

GET http://dietproteinsd2.blogspot.com/favicon.ico

HTTP Response

200

8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

btemplatescripts.googlecode.com

dns

msedge.exe

77 B
138 B
1
1

DNS Request

btemplatescripts.googlecode.com

DNS Response

172.217.218.82
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

172.217.16.234
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.200.9
8.8.8.8:53

www.widgeo.net

dns

msedge.exe

60 B
108 B
1
1

DNS Request

www.widgeo.net

DNS Response

172.67.69.193

104.26.10.22

104.26.11.22
142.250.200.9:443

www.blogger.com

https

msedge.exe

5.9kB
14.3kB
24
29
216.58.201.110:443

apis.google.com

https

msedge.exe

25.5kB
1.2MB
168
910
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14

216.58.212.206

172.217.169.78

172.217.169.46
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.187.225
8.8.8.8:53

shout.busuk.org

dns

msedge.exe

61 B
123 B
1
1

DNS Request

shout.busuk.org
8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.200.9
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.187.225
8.8.8.8:53

3.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.187.225
8.8.8.8:53

2.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.187.225
8.8.8.8:53

i39.tinypic.com

dns

msedge.exe

61 B
145 B
1
1

DNS Request

i39.tinypic.com
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33
8.8.8.8:53

www.widgeo.net

dns

msedge.exe

60 B
108 B
1
1

DNS Request

www.widgeo.net

DNS Response

172.67.69.193

104.26.10.22

104.26.11.22
8.8.8.8:53

bp0.blogger.com

dns

msedge.exe

61 B
114 B
1
1

DNS Request

bp0.blogger.com

DNS Response

216.58.212.206
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
265 B
1
1

DNS Request

i.ytimg.com

DNS Response

172.217.16.246

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22

172.217.169.86

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22
8.8.8.8:53

mc.yandex.ru

dns

msedge.exe

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

93.158.134.119

77.88.21.119

87.250.250.119

87.250.251.119
8.8.8.8:53

widgets.amung.us

dns

msedge.exe

62 B
110 B
1
1

DNS Request

widgets.amung.us

DNS Response

104.22.75.171

172.67.8.141

104.22.74.171
8.8.8.8:53

static.cloudflareinsights.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.79.73

104.16.80.73
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

82.218.217.172.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

82.218.217.172.in-addr.arpa
8.8.8.8:53

9.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

9.200.250.142.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

193.69.67.172.in-addr.arpa

dns

145 B
307 B
2
2

DNS Request

193.69.67.172.in-addr.arpa

DNS Request

206.212.58.216.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

225.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

225.187.250.142.in-addr.arpa
8.8.8.8:53

arvigorothan.com

dns

msedge.exe

62 B
94 B
1
1

DNS Request

arvigorothan.com

DNS Response

104.21.30.34

172.67.150.119
8.8.8.8:53

t.dtscout.com

dns

msedge.exe

59 B
91 B
1
1

DNS Request

t.dtscout.com

DNS Response

141.101.120.10

141.101.120.11
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

173.194.69.84
8.8.8.8:53

deenoacepok.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

deenoacepok.com

DNS Response

139.45.197.242
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.204.66
8.8.8.8:53

my.rtmark.net

dns

msedge.exe

59 B
75 B
1
1

DNS Request

my.rtmark.net

DNS Response

139.45.195.8
8.8.8.8:53

yonmewon.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

yonmewon.com

DNS Response

139.45.197.236
8.8.8.8:53

sr7pv7n5x.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

sr7pv7n5x.com

DNS Response

212.117.190.201
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
307 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42
8.8.8.8:53

static.doubleclick.net

dns

msedge.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.250.179.230
216.58.204.66:443

googleads.g.doubleclick.net

https

msedge.exe

3.6kB
7.3kB
8
10
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

yt3.ggpht.com

dns

msedge.exe

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.187.225
216.58.201.106:443

jnn-pa.googleapis.com

https

msedge.exe

6.2kB
50.8kB
28
47
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

73.79.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.79.16.104.in-addr.arpa
8.8.8.8:53

246.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

246.16.217.172.in-addr.arpa
8.8.8.8:53

171.75.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

171.75.22.104.in-addr.arpa
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

119.134.158.93.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

119.134.158.93.in-addr.arpa
8.8.8.8:53

34.30.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

34.30.21.104.in-addr.arpa
8.8.8.8:53

10.120.101.141.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

10.120.101.141.in-addr.arpa
8.8.8.8:53

84.69.194.173.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.69.194.173.in-addr.arpa
8.8.8.8:53

242.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

242.197.45.139.in-addr.arpa
8.8.8.8:53

66.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

66.204.58.216.in-addr.arpa
8.8.8.8:53

8.195.45.139.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

8.195.45.139.in-addr.arpa
8.8.8.8:53

201.190.117.212.in-addr.arpa

dns

74 B
147 B
1
1

DNS Request

201.190.117.212.in-addr.arpa
8.8.8.8:53

236.197.45.139.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

236.197.45.139.in-addr.arpa
8.8.8.8:53

106.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

106.201.58.216.in-addr.arpa
8.8.8.8:53

230.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

230.179.250.142.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
224.0.0.251:5353

msedge.exe

580 B
9
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.187.206
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
142.250.187.206:443

play.google.com

https

msedge.exe

6.6kB
8.4kB
15
18
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
8.8.8.8:53

31.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

31.121.18.2.in-addr.arpa
8.8.8.8:53

whos.amung.us

dns

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

172.67.8.141

104.22.75.171

104.22.74.171
8.8.8.8:53

whos.amung.us

dns

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

104.22.75.171

172.67.8.141

104.22.74.171
8.8.8.8:53

dietproteinsd2.blogspot.com

dns

msedge.exe

73 B
132 B
1
1

DNS Request

dietproteinsd2.blogspot.com

DNS Response

216.58.201.97
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
216.58.204.66:443

googleads.g.doubleclick.net

https

msedge.exe

2.5kB
3.7kB
11
13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
f8b4278091e1156bf327e4cf86488228

SHA1
1dd08669068f5d3fc13371901de5208ff9034e0d

SHA256
dc19c3759a2c4d487548fa39c85c287b06c0834bee0cab53512aa43a6044f6a9

SHA512
8e054465a94688fadfa4d4078fa2374b3e829bb6de319ed18e147702833decd8245e000d6fa3eff71a6c02a4888b770672c8b327ba6897cb2f74e5bb3a690fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
33f749467761defb145494669d9011d3

SHA1
11edf421286bbcabd3022c2da917ddcd0b30c490

SHA256
9b19d325b2d0da6b7d22a21f0fdce0fdb72274be2daf1d937996fa8b345bcfcc

SHA512
c727d3a312fc6d290788112439ae4c2353c10be73f8ab662ee91bda1b674c4c8a9c28882747dd3755e5b01db6fcb258b60a8b01539811927ca6826294b77a4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d6140170e1c8e8e63b7754e60b767440

SHA1
07fe7ed1e52dbc5e7d4530c115e6390c4955dc7f

SHA256
1aba105f0a7dc7301f3aaf80d59240a1e5794ba98d00a81c897714bf648be2e7

SHA512
3672a47c12c9367cbf9a72d6dbdea036e34dadc4b347b6d06ade57e7cd9d9aa3d5a945689ed7120bcd1094b7dcbcb6fdc9e1f8709d96d8aaa63c6c4512dd3d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bfe8ebc21cb3f0730631924a678cdd9

SHA1
2da099e1dba81b5860571ea6a14336d75caad2c3

SHA256
d3336814e58ffa31b11180d12248eb2ba8414e84977d311cf918cd890715c6b8

SHA512
b2579498aef47adbbf85cd2dd5f57b219a5396d979311d534dbfffacf1033f5dfd562aa210c331033ca43ccd11b1721d8479bd3b780b890a64dfdf8535c0dcc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8da73433b94fb801dafd7ab61a05d2d

SHA1
e02a4a274ce266ed51d3548ef516ec08ac6977ff

SHA256
17aa0941a9749723be33b337109f6f421ed47cb17e1b9d628eb750048cd21aa9

SHA512
6f3f83f16a6bdd2db0030385f14f676a3b1dfbccb6a61568a7a6937a00e3487a421318e8b1e098e3517bf4e900e646e16b1b3809caa18a5c91ceb7f923a7e8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a4a2ef3623cd11b3d3f8442f65ea127

SHA1
a6108e6c956a7bf4c74f588c3cdf66c3971ebc4c

SHA256
e18e02960c17edf528ec9f33c2e681940024304d7a90e44a882cb9219fbfcd91

SHA512
f2057ae5161898944ad1decb34351c737ace1ce6186d87ed3020a9fc048d98f6495d2b86ff23204afd562dbdaa72c42205974b16dd37603d3c7f0b3417ef7401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89c4b2a3d98dd4ab479e146ca7de1278

SHA1
32095814a321cf41f6d5d7c5754e57ef2213173b

SHA256
b4da0cbb3b064af083156b5ca5a680919403a3164a1e053b096a0378b5f16e9b

SHA512
18da0028363d8008c1e7ed4c040c2bf5bb3badc1eb73d09d3cc85aecc085f68b517e7b5b380f730b7e55c992bb500b07df1faea0c35383b4bcbde526621be4ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request