bc8f9b8bfb5a66f29c61586012d7adf8f778ee7fa958a877837cc241eeed1058

Analysis

max time kernel
135s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 19:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

646ae78b1ba446d3c269811f65e9959e_JaffaCakes118.html
Size

115KB
MD5

646ae78b1ba446d3c269811f65e9959e
SHA1

32e6741b181e7375f155b1dff5b04d2b6fda597f
SHA256

bc8f9b8bfb5a66f29c61586012d7adf8f778ee7fa958a877837cc241eeed1058
SHA512

56e5202f2dd75cdf105a9c5e7522c222e99ec90ec70cd2707694f7370563d121061687ce8f1650fcab82108d693e01bb59c8d893dcea28619a93cf9240138230
SSDEEP

3072:ViHWQia79GGO7f5gvt8aN205Id02WjjPMVTfStEH:ViHWa9GGO75gvt8aN20ad9d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422480120"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ceb47cbf3c6fe4b05440c08a32776881c3d63a226a78ad0a632a1a8652ac6886000000000e8000000002000020000000cf6a6422d33d1d1245135a5da8272b10b0f67574b8d0ccea527077a25122c5e99000000013e3135ec2e71030aa2f1454e8a09124ea667b415681c259bf637b8f0d2cdb6beb8be64cf0d2aebf7379943d8bbee49d80793982679080ea1cb3b7d91a3a33dcee73dc0daa675ca75d64dcfb5a16d0b039eb3516d71fe65b84bcdcc6bb6d2201580d98d0be0c91ca61aafe6f73743e66aa6c588d99d5eb37732cae31cf00839a5e47be51220edfe69484d1989dea384b40000000f59e48dfa09fa7fe44216e9a8ee7b4aeb686e82b4c1927d366c548a62d29135012b1151e10050bced304ee6c2cf682de3a4373146d557318fa9093c56fecca0d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000fbf4b7999c6067ac5ca959c9b6c041bb7f3cb256885023843c511c3cc09799f3000000000e8000000002000020000000506ca7e001ef4858af43a6cc4aab3d7c251d3bf81c730527a8b48f9e7918de4f20000000cd7fe63161305cdffa1489cc38ee33357ffb7bfcf5ff9f9a7ee978bee5cdfa4e400000004953756f6daa7854207b6219d3c7de3b140d6444dea8eac8992c44437ea0ed9f4a518d2cf0d403c2864ab58f5e1364e0a57bb2e528656817875174f56e35893e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50320cd8b1abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9A5E6F1-17A4-11EF-8C93-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2648	2912	iexplore.exe	28
PID 2912 wrote to memory of 2648	2912	iexplore.exe	28
PID 2912 wrote to memory of 2648	2912	iexplore.exe	28
PID 2912 wrote to memory of 2648	2912	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\646ae78b1ba446d3c269811f65e9959e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2648

Network

DNS

2.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
DNS

resources.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

ads.egrana.com.br

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ads.egrana.com.br

IN A

Response
DNS

img.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.youtube.com

IN A

Response

img.youtube.com

IN CNAME

ytimg.l.google.com

ytimg.l.google.com

IN A

172.217.169.46

ytimg.l.google.com

IN A

142.250.179.238

ytimg.l.google.com

IN A

142.250.180.14

ytimg.l.google.com

IN A

142.250.187.206

ytimg.l.google.com

IN A

142.250.187.238

ytimg.l.google.com

IN A

142.250.178.14

ytimg.l.google.com

IN A

172.217.16.238

ytimg.l.google.com

IN A

142.250.200.14

ytimg.l.google.com

IN A

142.250.200.46

ytimg.l.google.com

IN A

216.58.201.110

ytimg.l.google.com

IN A

216.58.204.78

ytimg.l.google.com

IN A

172.217.169.14

ytimg.l.google.com

IN A

216.58.212.206

ytimg.l.google.com

IN A

172.217.169.78
DNS

www.linkwithin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.linkwithin.com

IN A

Response

www.linkwithin.com

IN CNAME

linkwithin.com

linkwithin.com

IN A

118.139.179.30
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:32:12 GMT
Expires: Sat, 25 May 2024 12:32:12 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 09:53:24 GMT
Content-Type: image/png
Age: 282724
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /blogblog/data/1kt/simple/body_gradient_tile_light.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 95
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 10:35:48 GMT
Expires: Sat, 25 May 2024 10:35:48 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 17 May 2024 19:54:57 GMT
Content-Type: image/png
Age: 289708
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://2.bp.blogspot.com/-jo9g5kJLloA/VVXf91SPBOI/AAAAAAAAKjQ/tTJsliH2SSo/s640/00000000000.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-jo9g5kJLloA/VVXf91SPBOI/AAAAAAAAKjQ/tTJsliH2SSo/s640/00000000000.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v2a35"
Expires: Wed, 22 May 2024 19:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="00000000000.jpg"
X-Content-Type-Options: nosniff
Date: Tue, 21 May 2024 19:04:16 GMT
Server: fife
Content-Length: 22791
X-XSS-Protection: 0
GET

https://www.blogger.com/static/v1/jsbin/1003877814-comment_from_post_iframe.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/jsbin/1003877814-comment_from_post_iframe.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 5314
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 21 May 2024 07:40:43 GMT
Expires: Wed, 21 May 2025 07:40:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 24 Feb 2017 19:49:14 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 41013
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7209583620270249605&zx=49117ecf-2048-4174-938e-ae62a1235281

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /dyn-css/authorization.css?targetBlogID=7209583620270249605&zx=49117ecf-2048-4174-938e-ae62a1235281 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/css; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:16 GMT
Last-Modified: Tue, 21 May 2024 19:04:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/blog-post-reactions.g?options=%5Bengra%C3%A7ado,+interessante,+legal%5D&textColor=%23666666

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /blog-post-reactions.g?options=%5Bengra%C3%A7ado,+interessante,+legal%5D&textColor=%23666666 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/v-css/2621646369-cmtfp.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive
Cookie: S=blogger=MZf3pEhFEjaEs4FveKhi3pPkUYzE7JKX5daaM-eAEPQ

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 3701
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:05:41 GMT
Expires: Sun, 18 May 2025 12:05:41 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sat, 18 May 2024 10:52:13 GMT
Content-Type: text/css
Vary: Accept-Encoding
Age: 284316
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/jsbin/2733556723-lbx__pt_br.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/jsbin/2733556723-lbx__pt_br.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive
Cookie: S=blogger=MZf3pEhFEjaEs4FveKhi3pPkUYzE7JKX5daaM-eAEPQ

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 143725
Date: Tue, 21 May 2024 19:04:59 GMT
Expires: Wed, 21 May 2025 19:04:59 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 05 Feb 2017 06:53:51 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/0-cTijEguQc/default.jpg

IEXPLORE.EXE

Remote address:

172.217.169.46:443

Request

GET /vi/0-cTijEguQc/default.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Tue, 21 May 2024 19:04:16 GMT
Expires: Tue, 21 May 2024 19:04:46 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/4243091423-css_bundle_v2.css

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/4243091423-css_bundle_v2.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 8422
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 21 May 2024 11:28:27 GMT
Expires: Wed, 21 May 2025 11:28:27 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 02 Feb 2017 10:40:14 GMT
Content-Type: text/css
Vary: Accept-Encoding
Age: 27349
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/img/share_buttons_20_3.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/share_buttons_20_3.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 5080
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:36:22 GMT
Expires: Sat, 25 May 2024 12:36:22 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 07:54:07 GMT
Content-Type: image/png
Age: 282474
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/static/v1/jsbin/2358319316-cmt__pt_br.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/jsbin/2358319316-cmt__pt_br.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive
Cookie: S=blogger=MZf3pEhFEjaEs4FveKhi3pPkUYzE7JKX5daaM-eAEPQ

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 34740
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 13:55:52 GMT
Expires: Sun, 18 May 2025 13:55:52 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sat, 18 May 2024 12:53:03 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 277705
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /comment-iframe-bg.g?bgresponse=js_disabled&bgint=AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M HTTP/1.1
Accept: */*
Referer: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1#%7B%22color%22%3A%22rgb(34%2C%2034%2C%2034)%22%2C%22backgroundColor%22%3A%22rgb(255%2C%20255%2C%20255)%22%2C%22unvisitedLinkColor%22%3A%22rgb(34%2C%20136%2C%20187)%22%2C%22fontFamily%22%3A%22Arial%2C%20Tahoma%2C%20Helvetica%2C%20FreeSans%2C%20sans-serif%22%7D
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.blogger.com
Connection: Keep-Alive
Cookie: S=blogger=MZf3pEhFEjaEs4FveKhi3pPkUYzE7JKX5daaM-eAEPQ

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/v-css/368954415-lightbox_bundle.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive
Cookie: S=blogger=MZf3pEhFEjaEs4FveKhi3pPkUYzE7JKX5daaM-eAEPQ

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 6541
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:16:37 GMT
Expires: Sun, 18 May 2025 12:16:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 27 Jan 2021 23:35:52 GMT
Content-Type: text/css
Vary: Accept-Encoding
Age: 283702
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/icon18_email.gif

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/icon18_email.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 164
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:09:03 GMT
Expires: Sat, 25 May 2024 12:09:03 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 00:52:44 GMT
Content-Type: image/gif
Age: 284113
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/navbar/icons_peach.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/navbar/icons_peach.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.blogger.com/navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 907
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:27:03 GMT
Expires: Sat, 25 May 2024 12:27:03 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 05:54:47 GMT
Content-Type: image/png
Age: 283034
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/blank.gif

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/blank.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 43
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:32:58 GMT
Expires: Sat, 25 May 2024 12:32:58 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 17 May 2024 19:54:57 GMT
Content-Type: image/gif
Age: 282679
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/anon36.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/anon36.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 1654
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:34:40 GMT
Expires: Sat, 25 May 2024 12:34:40 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 06:53:30 GMT
Content-Type: image/png
Age: 282578
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/icon18_edit_allbkg.gif

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/icon18_edit_allbkg.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 11:54:21 GMT
Expires: Sat, 25 May 2024 11:54:21 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 17 May 2024 19:54:57 GMT
Content-Type: image/gif
Age: 284995
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /blogblog/data/1kt/simple/gradients_light.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 403
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 11:56:46 GMT
Expires: Sat, 25 May 2024 11:56:46 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 09:53:24 GMT
Content-Type: image/png
Age: 284850
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/navbar/arrows-light.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/navbar/arrows-light.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.blogger.com/navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 117
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:36:21 GMT
Expires: Sat, 25 May 2024 12:36:21 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 00:52:44 GMT
Content-Type: image/png
Age: 282476
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 15190
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:16:35 GMT
Expires: Sun, 18 May 2025 12:16:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 283661
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F2015%2F05%2Fcomo-remover-varizes-com-produtos-que.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F2015%2F05%2Fcomo-remover-varizes-com-produtos-que.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 21 May 2024 19:04:58 GMT
Expires: Tue, 21 May 2024 19:34:58 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/127631110-widgets.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/127631110-widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 36558
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 14:06:54 GMT
Expires: Sun, 18 May 2025 14:06:54 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 13 Feb 2017 19:05:13 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 277042
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Location: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&go=true
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Tue, 21 May 2024 19:04:17 GMT
Expires: Tue, 21 May 2024 19:04:17 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Set-Cookie: S=blogger=MZf3pEhFEjaEs4FveKhi3pPkUYzE7JKX5daaM-eAEPQ; Domain=.blogger.com; Path=/; Secure; HttpOnly; Priority=LOW; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://4.bp.blogspot.com/-W5V77enFjCU/VRbme7y2n_I/AAAAAAAAHPM/Ge3LVj7zZs8/w72-h72-p-k-nu/0.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-W5V77enFjCU/VRbme7y2n_I/AAAAAAAAHPM/Ge3LVj7zZs8/w72-h72-p-k-nu/0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1cf4"
Expires: Wed, 22 May 2024 19:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="0.jpg"
X-Content-Type-Options: nosniff
Date: Tue, 21 May 2024 19:04:16 GMT
Server: fife
Content-Length: 2782
X-XSS-Protection: 0
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Tue, 21 May 2024 19:04:16 GMT
Expires: Tue, 21 May 2024 19:04:16 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "80d5c9d57d5f206f"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 55813
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:31 GMT
Expires: Tue, 20 May 2025 15:06:31 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 100665
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/platform:gapi.iframes.style.common.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/platform:gapi.iframes.style.common.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Tue, 21 May 2024 19:04:17 GMT
Expires: Tue, 21 May 2024 19:04:17 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "1df5d68c1707a051"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 45677
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 10:23:05 GMT
Expires: Sun, 18 May 2025 10:23:05 GMT
Cache-Control: public, max-age=31536000
Age: 290472
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 29729
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:01:29 GMT
Expires: Sun, 18 May 2025 12:01:29 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 284609
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=bubble&width=250&size=standard&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=bubble&width=250&size=standard&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 21 May 2024 19:04:58 GMT
Expires: Tue, 21 May 2024 19:34:58 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Tue, 21 May 2024 19:04:58 GMT
Expires: Tue, 21 May 2024 19:04:58 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "9b77125b6924cb07"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 23473
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:32 GMT
Expires: Tue, 20 May 2025 15:06:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 100706
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

64.233.166.84
GET

https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&go=true

IEXPLORE.EXE

Remote address:

64.233.166.84:443

Request

GET /ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&go=true HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Content-Type: application/binary
Set-Cookie: __Host-GAPS=1:1yDjA-lNZXowLt_uw1ZsiE0Waz2WdA:qoOgMQF64A_P2gVo; Expires=Thu, 21-May-2026 19:04:17 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:17 GMT
Location: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cross-Origin-Opener-Policy: unsafe-none
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'nonce-37T2EKtRQ8w65ucwDR2WoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

64.233.166.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive
Cookie: __Host-GAPS=1:1yDjA-lNZXowLt_uw1ZsiE0Waz2WdA:qoOgMQF64A_P2gVo

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:04:58 GMT
Content-Security-Policy: script-src 'nonce-XlefzB0iXfH05GSjdqGjrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/js/bg/AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M.js

IEXPLORE.EXE

Remote address:

142.250.187.196:443

Request

GET /js/bg/AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 23929
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:27:25 GMT
Expires: Sun, 18 May 2025 12:27:25 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 29 Apr 2024 11:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 283012
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

developers.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

216.58.201.110
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: 130c90e2bb37f3c2ff32896c2eb28ae4
Date: Tue, 21 May 2024 19:04:58 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: f1daab43f8099f6ff004c6bedbe3e8cc
Date: Tue, 21 May 2024 19:04:58 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.169.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

IEXPLORE.EXE

Remote address:

172.217.169.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 4846
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:40 GMT
Expires: Tue, 20 May 2025 15:06:40 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 12 May 2024 02:08:16 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 100698
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 May 2024 15:08:21 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.1761156414.1716318299; Expires=Thu, 21 May 2026 19:04:59 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-hFeYZ4V1He59bcA39QE2Z271luP+WJ' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: b908efb595d5897fda33f319bfaee352
Date: Tue, 21 May 2024 19:04:59 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 May 2024 15:08:21 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.1669622000.1716318298; Expires=Thu, 21 May 2026 19:04:58 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-K2uXDcFLnynNk6o7Sdu3XXwDCIMuTv' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: d8e70d63fc4797869aac976d563cda43
Date: Tue, 21 May 2024 19:04:58 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://developers.google.com/extras.css

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /extras.css HTTP/1.1
Accept: text/css, */*
Referer: https://developers.google.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive
Cookie: _ga_devsite=GA1.3.1761156414.1716318299
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

64.233.166.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive
Cookie: __Host-GAPS=1:1yDjA-lNZXowLt_uw1ZsiE0Waz2WdA:qoOgMQF64A_P2gVo

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 21 May 2024 19:06:00 GMT
Cross-Origin-Resource-Policy: same-site
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Security-Policy: script-src 'nonce-Hm_wJMzi0IAmxCjhjN8h8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

118.139.179.30:80

www.linkwithin.com

IEXPLORE.EXE

152 B
3
142.250.178.9:443

https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

tls, http

IEXPLORE.EXE

1.5kB
7.6kB
12
12

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

HTTP Response

200
172.217.169.46:443

img.youtube.com

tls

IEXPLORE.EXE

752 B
7.4kB
10
11
142.250.180.1:80

http://2.bp.blogspot.com/-jo9g5kJLloA/VVXf91SPBOI/AAAAAAAAKjQ/tTJsliH2SSo/s640/00000000000.jpg

http

IEXPLORE.EXE

1.3kB
24.1kB
19
21

HTTP Request

GET http://2.bp.blogspot.com/-jo9g5kJLloA/VVXf91SPBOI/AAAAAAAAKjQ/tTJsliH2SSo/s640/00000000000.jpg

HTTP Response

200
118.139.179.30:80

www.linkwithin.com

IEXPLORE.EXE

152 B
3
142.250.178.9:443

https://www.blogger.com/static/v1/jsbin/1003877814-comment_from_post_iframe.js

tls, http

IEXPLORE.EXE

1.2kB
11.1kB
13
14

HTTP Request

GET https://www.blogger.com/static/v1/jsbin/1003877814-comment_from_post_iframe.js

HTTP Response

200
142.250.178.9:443

https://www.blogger.com/static/v1/jsbin/2733556723-lbx__pt_br.js

tls, http

IEXPLORE.EXE

5.4kB
164.3kB
76
132

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7209583620270249605&zx=49117ecf-2048-4174-938e-ae62a1235281

HTTP Response

200

HTTP Request

GET https://www.blogger.com/blog-post-reactions.g?options=%5Bengra%C3%A7ado,+interessante,+legal%5D&textColor=%23666666

HTTP Response

404

HTTP Request

GET https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

HTTP Response

200

HTTP Request

GET https://www.blogger.com/static/v1/jsbin/2733556723-lbx__pt_br.js

HTTP Response

200
172.217.169.46:443

https://img.youtube.com/vi/0-cTijEguQc/default.jpg

tls, http

IEXPLORE.EXE

1.2kB
9.0kB
12
14

HTTP Request

GET https://img.youtube.com/vi/0-cTijEguQc/default.jpg

HTTP Response

404
142.250.178.9:443

https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css

tls, http

IEXPLORE.EXE

5.8kB
87.7kB
51
77

HTTP Request

GET https://www.blogger.com/static/v1/widgets/4243091423-css_bundle_v2.css

HTTP Response

200

HTTP Request

GET https://www.blogger.com/img/share_buttons_20_3.png

HTTP Response

200

HTTP Request

GET https://www.blogger.com/navbar.g?targetBlogID=7209583620270249605&blogName=Portal+Dicas+e+Truques&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://dica-truques.blogspot.com/search&blogLocale=pt_BR&v=2&homepageUrl=http://dica-truques.blogspot.com/&targetPostID=6604683706084628964&blogPostOrPageUrl=http://dica-truques.blogspot.com/2015/05/como-remover-varizes-com-produtos-que.html&vt=2256093280004404541&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200

HTTP Request

GET https://www.blogger.com/static/v1/jsbin/2358319316-cmt__pt_br.js

HTTP Response

200

HTTP Request

GET https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M

HTTP Response

200

HTTP Request

GET https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css

HTTP Response

200
142.250.178.9:443

https://resources.blogblog.com/img/anon36.png

tls, http

IEXPLORE.EXE

3.5kB
10.5kB
16
15

HTTP Request

GET https://resources.blogblog.com/img/icon18_email.gif

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/img/navbar/icons_peach.png

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/img/blank.gif

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/img/anon36.png

HTTP Response

200
142.250.178.9:443

https://resources.blogblog.com/img/navbar/arrows-light.png

tls, http

IEXPLORE.EXE

2.5kB
8.4kB
14
13

HTTP Request

GET https://resources.blogblog.com/img/icon18_edit_allbkg.gif

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/img/navbar/arrows-light.png

HTTP Response

200
142.250.200.14:443

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F2015%2F05%2Fcomo-remover-varizes-com-produtos-que.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

2.6kB
23.2kB
25
25

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F2015%2F05%2Fcomo-remover-varizes-com-produtos-que.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301
142.250.180.1:80

4.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.178.9:443

https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1

tls, http

IEXPLORE.EXE

3.2kB
49.0kB
38
47

HTTP Request

GET https://www.blogger.com/static/v1/widgets/127631110-widgets.js

HTTP Response

200

HTTP Request

GET https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900

HTTP Response

302

HTTP Request

GET https://www.blogger.com/comment-iframe.g?blogID=7209583620270249605&postID=6604683706084628964&blogspotRpcToken=7747900&bpli=1

HTTP Response

200
142.250.180.1:80

http://4.bp.blogspot.com/-W5V77enFjCU/VRbme7y2n_I/AAAAAAAAHPM/Ge3LVj7zZs8/w72-h72-p-k-nu/0.jpg

http

IEXPLORE.EXE

656 B
3.5kB
7
6

HTTP Request

GET http://4.bp.blogspot.com/-W5V77enFjCU/VRbme7y2n_I/AAAAAAAAHPM/Ge3LVj7zZs8/w72-h72-p-k-nu/0.jpg

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

10.9kB
227.6kB
119
178

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/platform:gapi.iframes.style.common.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=bubble&width=250&size=standard&source=blogger%3Ablog%3Aplusone&hl=pt_BR&origin=file%3A%2F%2F&url=http%3A%2F%2Fdica-truques.blogspot.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200
142.250.180.1:80

4.bp.blogspot.com

IEXPLORE.EXE

190 B
132 B
4
3
64.233.166.84:443

accounts.google.com

tls

IEXPLORE.EXE

704 B
4.7kB
9
8
64.233.166.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

2.0kB
8.0kB
13
15

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D7209583620270249605%26postID%3D6604683706084628964%26blogspotRpcToken%3D7747900%26bpli%3D1&go=true

HTTP Response

302

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
142.250.187.196:443

https://www.google.com/js/bg/AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M.js

tls, http

IEXPLORE.EXE

1.6kB
30.7kB
19
27

HTTP Request

GET https://www.google.com/js/bg/AlO6zegP6e676VI46HQpNBpqHltIbxFnP_SRBPGz17M.js

HTTP Response

200
142.250.187.196:443

www.google.com

tls

IEXPLORE.EXE

1.0kB
4.7kB
16
9
118.139.179.30:80

www.linkwithin.com

IEXPLORE.EXE

152 B
3
118.139.179.30:80

www.linkwithin.com

IEXPLORE.EXE

152 B
3
142.250.200.14:443

apis.google.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

538 B
690 B
6
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

538 B
690 B
6
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
172.217.169.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.4kB
11.2kB
12
14

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Response

200
172.217.169.3:443

ssl.gstatic.com

tls

IEXPLORE.EXE

706 B
4.8kB
9
9
216.58.201.110:443

https://developers.google.com/

tls, http

IEXPLORE.EXE

1.8kB
39.0kB
27
34

HTTP Request

GET https://developers.google.com/

HTTP Response

200
216.58.201.110:443

https://developers.google.com/

tls, http

IEXPLORE.EXE

1.8kB
35.4kB
27
30

HTTP Request

GET https://developers.google.com/

HTTP Response

200
216.58.201.110:443

https://developers.google.com/extras.css

tls, http

IEXPLORE.EXE

926 B
355 B
7
5

HTTP Request

GET https://developers.google.com/extras.css
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
11
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
64.233.166.84:443

accounts.google.com

tls

IEXPLORE.EXE

431 B
315 B
4
4
64.233.166.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.2kB
1.9kB
8
8

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200

8.8.8.8:53

2.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.178.9
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

resources.blogblog.com

dns

IEXPLORE.EXE

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.178.9
8.8.8.8:53

ads.egrana.com.br

dns

IEXPLORE.EXE

63 B
127 B
1
1

DNS Request

ads.egrana.com.br
8.8.8.8:53

img.youtube.com

dns

IEXPLORE.EXE

61 B
314 B
1
1

DNS Request

img.youtube.com

DNS Response

172.217.169.46

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

172.217.169.14

216.58.212.206

172.217.169.78
8.8.8.8:53

www.linkwithin.com

dns

IEXPLORE.EXE

64 B
94 B
1
1

DNS Request

www.linkwithin.com

DNS Response

118.139.179.30
8.8.8.8:53

4.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

64.233.166.84
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

developers.google.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

216.58.201.110
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.169.3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
a1d955617a4d146e70544d0d9a0390ca

SHA1
5ffdc4453b23e24a7cb0e634b26864c169f5257b

SHA256
8dbff2c0018158256912d87dd495a68c351303a319f50f204a930317e867aeb3

SHA512
0bffbc27638b12cc04f335de8c4f3c74df01ae55b56f389f8d046d797b4c62d31bbff057ea75ce32f67cdd3b878fd0aad3eb62e983f814296e1b94de3c6ba810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
d456a7204acd684da2f69c4f0c5d14c1

SHA1
d9069189770d3c9e47cf4d3b1750ca48d4f2bc7b

SHA256
a90ab58bc9b24fbe138bfc66a3062a01cf200fd9bbe9804fdb423fef3afcbe28

SHA512
e8d9354b20bace68e8f66b2d7b45b792696caf6c1f4675864f1e4e8f2866c3e71bc4e99cdedb72b09a53d45749275d00e1b365fbe1480f18ca669f825eda8e2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ab331631de28cc7f093febf10f447aa0

SHA1
328cd641077ca49d830f1fc0293c5ce85e73b8a3

SHA256
14c164c2b84fe9435960146d2f806fdfcc42d46d6c124e3cece84d9985a851d1

SHA512
ab14f22447d25dd9902ee747f8c2cba73c654f9c08a54cdbcea2146a2c9978bed36c8ee6bc134bf71d303bbcc8b1c056b62cbdfee9b278a92670f9fc90635b73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
8dd62c2b069bbd4ce69cc4e060fcf39c

SHA1
3e3a04a1e6b72344e26476d8e8e15dc657cf0fcd

SHA256
75aa2fc81aea7d695a5d4580cab1a1774ab4e78011c9832d7e1a7dd0d7c6e86e

SHA512
3071caf9b99d31998f1b0ad9678f99df998ef3cad1ceea5a13a996715aa1111121103aab3395b08cd6f107a34ed96a7e388c1c6993047bc7ae9c8f0c82807f2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25b18e7f2b71a591b805473339c0f592

SHA1
898e4ce6402ccde5590192ff3028eac6e3f50d23

SHA256
9ac3158d09d3f03b892765962fb011f7773f138915ffa80d06c0b6f294877d29

SHA512
a6990d7dd8e09225a1bcc92bdd7a3711ba1d1bdccdfaec6a287cb6bff24724311f1013b2b5125d1bfdb506609990aba0d13758acaaaa43dff4954b62a4903375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88df8d243c3b4cd53bfaa75341d9b1b0

SHA1
9e1721e069aa982daafc22396d942ce659930892

SHA256
69a0657b6c7d919157ae472a34be4a6c777f04eb309760c9593391536a56813c

SHA512
91237dd362c3494b89d29882e40324d26db87c795e38831502899aafbf2a9ea2eacedb355df9c6cf36a4d871b03190f1a29156a6ab3d77cd94499accfa4e1c1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2b062190167ccd60ce1f06dfc47220a

SHA1
ea9eb53dc9faf32d16c2b41b04452fbb4bf71943

SHA256
39e7e6281e12ae90b62f21f499f63691274ca1a7abe196672f0f8432451f709c

SHA512
b1c60de82f1ba7c0b30b5c6e5dd10aa9714536508f0041bc428e6811b540043a1146a4bee3a4019c713e9b5428dcb9568e15f7af2473fd1141d3b54842aef287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620386ecd76c1d94ff582eed079781a0

SHA1
7d555037fb77061dff0f5ca1634ec711bb61a89e

SHA256
5dc254ec836929cffb5e055a3fac8cb2dc0727ecbbd13fb8ce93959851cb27e0

SHA512
48b04e2e5e525d36c8ab000a672939956459a1fdb408be507e177709729308b3b9c341d2d3d7ea77ef1249bd0c450bdb28906b98bcbdab3f7f0e2649d52c65d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b287c87d5ac3c9434f3249b10a294d9c

SHA1
bbece8cfb7a465eaa585bc9ec072a6ab698f7b74

SHA256
26efd6d601dcaf4bd12d724bcfc8d2d0bf6ce101100dbe261d3d0f0caf16275a

SHA512
e6eb1573f99e8bb43781dee9774b591041be917a473c69fa871dd17762427d451bc1965488794059b4a433a6a37c4f3f9f80062739717aaed093704b69fee380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2e090173a279e463def544ecbcfa79d

SHA1
89eececacc140b255da77607012631e7491376e7

SHA256
c2fb50f02e4cc3196cc1385d98919ca4cf731a2324ce70e8916a90899a78f320

SHA512
500fc4d0782de70104c4551b33d918c56f2027bcb5bc0446498ee8ea3e92aa7afb1b5720ae22e78bfeb952a32c5799a53bc6cf8386eb7fb17a0296bf6caa87d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
054c955aa1e71db14056ae63a16c144d

SHA1
85bbd52fb58ae53c58ce1f29af09d8bd9a8d6883

SHA256
e2ccb948c9786cba587397f6a7e4fbf02c6a37c5f628f77cda5387c2917a9874

SHA512
c147584abbae591c6357bf074626b5b43283296ded6be465c77091eea70328685ffae57fd65cacf409b27e2c340c8e197fb311d9d837d8652b1a4cde463ff017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66bd863450117a711918239922da0044

SHA1
62ae1e8bdb3d6eb5ae353f06c61279359666b38a

SHA256
1e5db7ec46c91acb277d7812124e274f961291b0f69f620eb6fa5819d2eeaef0

SHA512
3621325aa333789faae08b07c58e15a99740b272d5ac7209c09eb67a552f82caf700f2dadf120690522a1fd596b2e7ffdb59db721cd2051151bdbe58c2d959bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cfa63d1d0754a3a9787baf97d6ac3e0

SHA1
fbc7001eb442fb77e6485568cbca21d48a3662f3

SHA256
810b771ca7ab8c2490253650015248c3c81c1bc097b288ddb6e157c02faa97a3

SHA512
0a66b129297ba71a6acf0a74c7277ba8adaeabfed3175d1876759d1e0a598c00ab424caef4640afab9e011c3bf7bb988d861d087acd45168f0167acbf95bcfe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d30031ff726bab987f13f5b9e1cd453d

SHA1
255d11a53dfe3e5fd0c58ad2e608e44b6880fac1

SHA256
f84aa5e4440154e268f46510f933f6854213d79d2e207d2bcedec1c2e5cad000

SHA512
7b54a2c171f3c736a088b229271785c5681c538c0170bdd233ae55f9f9a293fe67ec470007e8a908c7955e801c4a28eacc99115c30f4eb5f9611f1d55b726b29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f965cc89f2f33812726ff619cdf2b052

SHA1
a08112bb4639e5b0dfb4d965af92767e6e9dc92a

SHA256
03d428edcb2e4a27db674e95d586e659a21732f253612aabd08c808076804002

SHA512
015c826dc0ed6728eb5ad2f364233f157ed5f63847b85e4645600d8de57f38853214961ee3783c32f220707ac1fc645100fd0d6b6bfc0b0083327857903c4b0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4605c72c93d504b3943a8ca8c2e1d12

SHA1
cd34a3272fd740dde55a5c69001d0fa2dfc45dad

SHA256
4fc2038925032c7b078d6e6595003a9e85f502208019a8519c443771fc2eb855

SHA512
75e318b2079d2a300f3604825261226e3cd8b5ca127bd5e539dfe90f3fca11ca02451ff73693c925ac711729a67a6a10c224184b0dfb1085f0e99d274c89628c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b3c9399f16588774d548a9841e78c4e

SHA1
c370845c0584bb1862e48305f45b328c02ecba82

SHA256
bc201a7192cd0be386a48072d5eb43ae1b76aefc70ab49b1681957a56d8867cc

SHA512
c2090a9ce31db5083883f36c0efc3583d4f2d495d42ba9598d1a40122bcb1f8035ed48645d2da1938eb9a1a88df677bcc1aa88dc77ca177b91f3988c3ca784d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90715168b42a84af5ec4e2a162c6251e

SHA1
f9d1cc5cd191d24f11b3814db6b2a4f92f4b1bf2

SHA256
442f2634e0d02d7684fbe73aba612186506dfcf40c826e848b5366e36eaf8fa5

SHA512
05ec4ddb8f87d0ba33fb824f965a23a9610cd9f2be5bdcf60f76f4ce080ae951add2216b2d07af958358abdb23c4037f1446799619647236c958c579660fcccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1928b56ef1913052afcd798b80876082

SHA1
50238bea7995f05fda154c515cad790a3e55684a

SHA256
7fc94b65dc919ee22faf326db22546eb34f1a80a4cc893632cc965d57abb842f

SHA512
1a0a09ffdf448903d6845d9054da8d3054957c108505641cd313718b6a9e2f97cf97f7a86f38897553ce06edd5b33c48e7ba3e492da315da61fc2d861aca3451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e3ebfa6552a34be2e9d737a68e782b1

SHA1
6720cb9fad17529d5351770b5337e6e0bb826c7b

SHA256
0babf7a530ed7b9e3dfd2030709ab412800a07ce43ad5555c79cd2f0f3a2ae0e

SHA512
0940dbfc5f7e41dea6c5281a94a4e4dab9a36a03f5029f06ed5455019961d20a2c382111be1227d1cb612eb459b7b69832d4a27eaee7b94d1f5a4358518396da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
857a49ae60712ef90e373163d684b148

SHA1
cf039bd75f7e59dbb3d057c43ff732fcd5c9224c

SHA256
1a34a71dea0cc4763d5c536133f5bd38ade7d66ae7acc003191f39cc3bf521e2

SHA512
7ee22d0599e3377306150ee822104c32ed8309b7ee6d4a0e43952aade02587023a70c38e010fa25f994ec43647b99b157289f6692d9c22a769bd1718d495fed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd9de7fe89c10d81739ade6b6cb68e8a

SHA1
54808188191fc3938d63cf9322190c3bde3b77e2

SHA256
04d3e11914de26d0562f5dbcfe8b600299a4c10f48ffb0023bccd8b5b06071f0

SHA512
fb503c7b71863e2de88ab5be0e20befdadd8540df132b435d60fe3761e6b5e9dedaf10659ed1f58c1f9a18fb3fe43017af291e4f97f6b918057862f24addbf0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b67be5559200be4108b37b0ecb38fae

SHA1
caf0970af1ea01b48bf85226dac6b7a3e3377a85

SHA256
81a1e0af133b4e83b80bb6c62112101a442ea43e0dfef558de26f116880de277

SHA512
c8442d45e2fd46556983336c3e794255dc2bd9d66dc410ff146a30470e9766e94ceeba3ae08dcb036113450443b77e471ffcd748d8014b1ee17f32e3514fedfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c6cc0c39e6867a15f91456f2d42a62b

SHA1
ff7958f908bb1272cc50d7ee7613a43df655a4de

SHA256
5a02d59e87d88280a8a8811a7804d0210fdca24a348b236a42d4d528fa413c39

SHA512
c67c1631aa471e75ff8e1f42e356d06320fe52b7e7db507728d80dc2a74dd10c0dd85b9b8b69563fbabb4583b14591b1802a6e46c77681289a8072109c6c1970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dafaffff8681aed2b46e4f983bf1cdae

SHA1
3ddb309454fd8b8b731b968859d54a80b678088d

SHA256
5e3f3e0500033a8d0560432c36b65e55bf2e7449f2810a75cfe73b6e2207c0e1

SHA512
c85046e7bc743ab5a127abd7fcaaf72db91d1ba6aa22a8addd5ea1c9363f1f705dbbafaaad1d322a8e9db073c7521b354f1a316dde5225dc0f238b14b3ebdef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e19613cdf272dba8bb56865170e0a80b

SHA1
5aa2fc461a73ef596b45c51cfb796d776a667390

SHA256
866371f99b9e836147a34b71d79eda53bfabecb9cfe1ab30877421881c214178

SHA512
2af03e758dc524d14ee0d88f90dd01b6592207070291621783da5e677cfb72ec7981ac98e4ccf3b66c3005a9f150161844abf7c2d8804f8d23a19864977b29b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
376d08be30b5faa546a982b23e79a3f1

SHA1
a6dc7c789d745c75cdc320fda9e2d899eab24a4a

SHA256
3a0245c7ae0eac4bca6ae5f8c8accdaa799cbb4f07109e6fe569995798f32cf9

SHA512
7584055b53becf298b8ef8894a80eaa2bbe95ddc7e4f4b9eb7c79cc26105cf07bd127d1ab5da9f36636f6b5848e76dcf0025ff4c6045753067458a9482bf71af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
406B

MD5
bb751075542f2301704570dae70e90d3

SHA1
7fb12d194bd7f6d7b2e59fabb22cd8d8d05ab40a

SHA256
33a68237bcb18ac0775ac99b8cea5d5102045eb51219e9efed35885b85c71319

SHA512
6b80b5604c55ada0bf3125ed9d32fd97eb7829206372e2dd4513fe5ba7632205915e407fd5bdcf55d75ab57c45b9d9a4a4e92ff25e5d326ef7e403812827715d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\3604799710-postmessagerelay[1].js

Filesize
11KB

MD5
40aaadf2a7451d276b940cddefb2d0ed

SHA1
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

SHA256
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

SHA512
6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\rpc_shindig_random[1].js

Filesize
14KB

MD5
23a7ab8d8ba33d255e61be9fc36b1d16

SHA1
042d8431d552c81f4e504644ac88adce7bf2b76f

SHA256
127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

SHA512
e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\cb=gapi[1].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE5FF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE5FE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request