Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    129s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 10:44 UTC

General

  • Target

    66fcc9977d5bf820fb657eb75e439e4c_JaffaCakes118.html

  • Size

    196KB

  • MD5

    66fcc9977d5bf820fb657eb75e439e4c

  • SHA1

    10ed816912376c07c4d99803f17cbd584e3c155d

  • SHA256

    199d33e5b75ee780ea33d71ad1fd7dc3ff8a983099dde6831796996a18b5ecf5

  • SHA512

    d10abcbf82e766bd2300128db2c9e19810ae938005a9b3b6d3a34c4ee4b8cb0d746173ccecc423d11370deedf11e8e95063188ae62d6290d125152630ba333fc

  • SSDEEP

    3072:408fvPSXGp17Y/ZwHNyI5Qiwvvb62K2zhoZZx3cXmNRS9BaLjH9UK1ZNdBJbPz6L:CfvP6Gp17WI5XwvGh8oZ7MXmNRnLZhoz

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\66fcc9977d5bf820fb657eb75e439e4c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2920

Network

  • flag-us
    DNS
    ajax.googleapis.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ajax.googleapis.com
    IN A
    Response
    ajax.googleapis.com
    IN A
    216.58.204.74
  • flag-us
    DNS
    www.blogger.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.blogger.com
    IN A
    Response
    www.blogger.com
    IN CNAME
    blogger.l.google.com
    blogger.l.google.com
    IN A
    142.250.178.9
  • flag-us
    DNS
    apis.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apis.google.com
    IN A
    Response
    apis.google.com
    IN CNAME
    plus.l.google.com
    plus.l.google.com
    IN A
    142.250.200.14
  • flag-us
    DNS
    code.jquery.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    code.jquery.com
    IN A
    Response
    code.jquery.com
    IN A
    151.101.130.137
    code.jquery.com
    IN A
    151.101.2.137
    code.jquery.com
    IN A
    151.101.194.137
    code.jquery.com
    IN A
    151.101.66.137
  • flag-us
    DNS
    blogger-related-posts.googlecode.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    blogger-related-posts.googlecode.com
    IN A
    Response
    blogger-related-posts.googlecode.com
    IN CNAME
    googlecode.l.googleusercontent.com
    googlecode.l.googleusercontent.com
    IN A
    173.194.76.82
  • flag-us
    DNS
    4.bp.blogspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    4.bp.blogspot.com
    IN A
    Response
    4.bp.blogspot.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-us
    DNS
    resources.blogblog.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    resources.blogblog.com
    IN A
    Response
    resources.blogblog.com
    IN CNAME
    blogger.l.google.com
    blogger.l.google.com
    IN A
    142.250.178.9
  • flag-us
    DNS
    adplace.adsame.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    adplace.adsame.com
    IN A
    Response
  • flag-us
    DNS
    dl.dropboxusercontent.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    dl.dropboxusercontent.com
    IN A
    Response
    dl.dropboxusercontent.com
    IN CNAME
    edge-block-www-env.dropbox-dns.com
    edge-block-www-env.dropbox-dns.com
    IN A
    162.125.64.15
  • flag-us
    DNS
    www.blogad.com.tw
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.blogad.com.tw
    IN A
    Response
    www.blogad.com.tw
    IN A
    172.67.214.204
    www.blogad.com.tw
    IN A
    104.21.83.50
  • flag-us
    DNS
    3.bp.blogspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    3.bp.blogspot.com
    IN A
    Response
    3.bp.blogspot.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-us
    DNS
    2.bp.blogspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    2.bp.blogspot.com
    IN A
    Response
    2.bp.blogspot.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-us
    DNS
    img2.blogblog.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img2.blogblog.com
    IN A
    Response
    img2.blogblog.com
    IN CNAME
    blogger.l.google.com
    blogger.l.google.com
    IN A
    142.250.178.9
  • flag-us
    DNS
    img1.blogblog.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img1.blogblog.com
    IN A
    Response
    img1.blogblog.com
    IN CNAME
    blogger.l.google.com
    blogger.l.google.com
    IN A
    142.250.178.9
  • flag-us
    DNS
    www.linkwithin.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.linkwithin.com
    IN A
    Response
    www.linkwithin.com
    IN CNAME
    linkwithin.com
    linkwithin.com
    IN A
    118.139.179.30
  • flag-gb
    GET
    https://img1.blogblog.com/img/widgets/subscribe-netvibes.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/widgets/subscribe-netvibes.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img1.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 1445
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:11:18 GMT
    Expires: Sat, 25 May 2024 12:11:18 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 10:52:13 GMT
    Content-Type: image/png
    Age: 340430
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    http://code.jquery.com/jquery-1.4.2.min.js
    IEXPLORE.EXE
    Remote address:
    151.101.130.137:80
    Request
    GET /jquery-1.4.2.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: code.jquery.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 24555
    Server: nginx
    Content-Type: application/javascript; charset=utf-8
    Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
    ETag: W/"28feccc0-119ee"
    Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
    Access-Control-Allow-Origin: *
    Content-Encoding: gzip
    Via: 1.1 varnish, 1.1 varnish
    Accept-Ranges: bytes
    Date: Wed, 22 May 2024 10:45:07 GMT
    Age: 6061595
    X-Served-By: cache-lga21951-LGA, cache-lcy-eglc8600039-LCY
    X-Cache: HIT, HIT
    X-Cache-Hits: 3, 8851
    X-Timer: S1716374707.285048,VS0,VE0
    Vary: Accept-Encoding
  • flag-be
    GET
    http://blogger-related-posts.googlecode.com/files/jquery.related-posts-widget-2.0.min.js
    IEXPLORE.EXE
    Remote address:
    173.194.76.82:80
    Request
    GET /files/jquery.related-posts-widget-2.0.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: blogger-related-posts.googlecode.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Referrer-Policy: no-referrer
    Content-Length: 1605
    Date: Wed, 22 May 2024 10:45:07 GMT
  • flag-gb
    GET
    http://fonts.googleapis.com/css?family=Open+Sans:400,700,800,300
    IEXPLORE.EXE
    Remote address:
    142.250.187.202:80
    Request
    GET /css?family=Open+Sans:400,700,800,300 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fonts.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/css; charset=utf-8
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Expires: Wed, 22 May 2024 10:45:07 GMT
    Date: Wed, 22 May 2024 10:45:07 GMT
    Cache-Control: private, max-age=86400
    Cross-Origin-Opener-Policy: same-origin-allow-popups
    Cross-Origin-Resource-Policy: cross-origin
    Content-Encoding: gzip
    Transfer-Encoding: chunked
    Server: ESF
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
  • flag-gb
    GET
    https://img1.blogblog.com/img/widgets/subscribe-yahoo.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/widgets/subscribe-yahoo.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img1.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 580
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:11:18 GMT
    Expires: Sat, 25 May 2024 12:11:18 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 05:54:47 GMT
    Content-Type: image/png
    Age: 340430
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://img1.blogblog.com/img/icon_feed12.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/icon_feed12.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img1.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 500
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:32:12 GMT
    Expires: Sat, 25 May 2024 12:32:12 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 05:54:47 GMT
    Content-Type: image/png
    Age: 339176
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    http://2.bp.blogspot.com/-4SAYePxxESA/Uq11kk5-L4I/AAAAAAAAApA/HUC-VaNIK9M/w72-h72-p-k-no-nu/%25E4%25BF%25A1%25E9%2595%25B7%25E4%25B9%258B%25E9%2587%258E%25E6%259C%259B14%25EF%25BC%259A%25E5%2589%25B5%25E9%2580%25A0+%25E5%2585%25A7%25E6%2594%25BF%25E5%2592%258C%25E6%2588%25B0%25E9%25AC%25A5%25E6%2588%25B0%25E8%25A1%2593%25E6%2594%25BB%25E7%2595%25A5%25E5%2588%2586%25E4%25BA%25AB.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-4SAYePxxESA/Uq11kk5-L4I/AAAAAAAAApA/HUC-VaNIK9M/w72-h72-p-k-no-nu/%25E4%25BF%25A1%25E9%2595%25B7%25E4%25B9%258B%25E9%2587%258E%25E6%259C%259B14%25EF%25BC%259A%25E5%2589%25B5%25E9%2580%25A0+%25E5%2585%25A7%25E6%2594%25BF%25E5%2592%258C%25E6%2588%25B0%25E9%25AC%25A5%25E6%2588%25B0%25E8%25A1%2593%25E6%2594%25BB%25E7%2595%25A5%25E5%2588%2586%25E4%25BA%25AB.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 2.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="_____14___ ___________.jpg";filename*=UTF-8''%E4%BF%A1%E9%95%B7%E4%B9%8B%E9%87%8E%E6%9C%9B14%EF%BC%9A%E5%89%B5%E9%80%A0%20%E5%85%A7%E6%94%BF%E5%92%8C%E6%88%B0%E9%AC%A5%E6%88%B0%E8%A1%93%E6%94%BB%E7%95%A5%E5%88%86%E4%BA%AB.jpg
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 3838
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v290"
    Content-Type: image/jpeg
    Vary: Origin
    Age: 3
  • flag-gb
    GET
    http://3.bp.blogspot.com/-cIAQ0P49UKs/Umn32GzDNMI/AAAAAAAAANk/_HLQ_t-pzJw/w72-h72-p-k-no-nu/Rome-Total-War-2-Fireballs.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-cIAQ0P49UKs/Umn32GzDNMI/AAAAAAAAANk/_HLQ_t-pzJw/w72-h72-p-k-no-nu/Rome-Total-War-2-Fireballs.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 3.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="Rome-Total-War-2-Fireballs.jpg"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 4829
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "vda"
    Content-Type: image/jpeg
    Vary: Origin
    Age: 3
  • flag-gb
    GET
    http://3.bp.blogspot.com/-5UChsQh382s/UQhGdXy8_EI/AAAAAAAABAw/Pdm66BVYg2w/s000/menu.png
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-5UChsQh382s/UQhGdXy8_EI/AAAAAAAABAw/Pdm66BVYg2w/s000/menu.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 3.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="menu.png"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 204
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v40c"
    Content-Type: image/png
    Vary: Origin
    Age: 5
  • flag-us
    GET
    http://www.blogad.com.tw/Transfer/ShowAdJs.aspx?P=mike6209&BM_ID=245264&C=G&BS=dotted&BT=180&BA=center&ac=2
    IEXPLORE.EXE
    Remote address:
    172.67.214.204:80
    Request
    GET /Transfer/ShowAdJs.aspx?P=mike6209&BM_ID=245264&C=G&BS=dotted&BT=180&BA=center&ac=2 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogad.com.tw
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 22 May 2024 10:45:07 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    content-disposition: inline
    content-transfer-encoding: binary
    cache-control: max-age=86400, public
    content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'
    x-request-id: 06d76e2c-80c5-4add-80dc-3910e2a31866
    x-runtime: 0.085085
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GHCIiUxHMe4i5Sv%2BNspMoFmtdxPhUYf8K3MfuFAcN7ERSGvvYf9qoK66YHOVSUY0y%2BoPrgwfiymgbxW%2F2iTG7o6o4k7LrTo6IDYgGPm%2BhZ0HFbipt%2F3Bm1GNum6B7T05MZaxDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 887c37008f5cdcff-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    HEAD
    http://www.blogad.com.tw/images/354_118.swf?P=mike6209&BM_ID=245264&C=B&BS=dotted&BT=124&BA=center
    IEXPLORE.EXE
    Remote address:
    172.67.214.204:80
    Request
    HEAD /images/354_118.swf?P=mike6209&BM_ID=245264&C=B&BS=dotted&BT=124&BA=center HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.blogad.com.tw
    Content-Length: 0
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Date: Wed, 22 May 2024 10:45:09 GMT
    Content-Type: text/html
    Connection: keep-alive
    cache-control: max-age=14400
    content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'
    x-request-id: 1b3443de-a7b0-455c-9a1c-fb0a175bf29c
    x-runtime: 0.007965
    CF-Cache-Status: EXPIRED
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HfOsRQpWT%2B0Ut2hDseTGnZaBLk5brDtl64prxGKlW5LPDwGJptEADKaHfBSxlX3osuqP2Q5S8voukZGXYaRHAg%2BsHqRn%2FHfIRcKst%2BcjwpVCqnKiYpLmxOFnfUsfH649QxgQ4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 887c370e0e43dcff-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://www.blogad.com.tw/Transfer/V2/Main.js?v=201422171333
    IEXPLORE.EXE
    Remote address:
    172.67.214.204:80
    Request
    GET /Transfer/V2/Main.js?v=201422171333 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogad.com.tw
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Wed, 22 May 2024 10:45:10 GMT
    Content-Type: text/javascript
    Content-Length: 0
    Connection: keep-alive
    cache-control: max-age=14400
    content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'
    x-request-id: f788b100-9458-4d3d-a425-b8954eb2ecdf
    x-runtime: 0.011620
    CF-Cache-Status: MISS
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rwl%2Bh24rrRWaQf4p8np1GCksIjZOLilVKETa92qkw4aEtDBhDCbzKWNSqzeVnVZTgADeOlYjMdWRWU9kA7RBSrD9K%2BHi9DTWqtcHN9R8Au7nwu8WjVE%2BN3ujVlz9AhpoWkUAJA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 887c37119a13dcff-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-gb
    GET
    https://img2.blogblog.com/img/widgets/arrow_dropdown.gif
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/widgets/arrow_dropdown.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img2.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 141
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:11:18 GMT
    Expires: Sat, 25 May 2024 12:11:18 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 05:54:47 GMT
    Content-Type: image/gif
    Age: 340430
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://dl.dropboxusercontent.com/u/79110835/1381861250_circle-arrow-right.png
    IEXPLORE.EXE
    Remote address:
    162.125.64.15:443
    Request
    GET /u/79110835/1381861250_circle-arrow-right.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dl.dropboxusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Date: Wed, 22 May 2024 10:45:07 GMT
    Server: envoy
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Robots-Tag: noindex, nofollow, noimageindex
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Dropbox-Response-Origin: remote
    X-Dropbox-Request-Id: 34689c6e14f84baf8b299633d40ea2de
    Transfer-Encoding: chunked
  • flag-gb
    GET
    http://3.bp.blogspot.com/-a9Hn9jTXOiM/UpNas5VcncI/AAAAAAAAADE/TpIrrp7kfpw/w72-h72-p-k-no-nu/%E6%9C%AA%E5%91%BD%E5%90%8D.png
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-a9Hn9jTXOiM/UpNas5VcncI/AAAAAAAAADE/TpIrrp7kfpw/w72-h72-p-k-no-nu/%E6%9C%AA%E5%91%BD%E5%90%8D.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 3.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="___.png";filename*=UTF-8''%E6%9C%AA%E5%91%BD%E5%90%8D.png
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 9019
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v32"
    Content-Type: image/png
    Vary: Origin
    Age: 3
  • flag-gb
    GET
    http://3.bp.blogspot.com/-fegYSrxgIZI/UkLghNAGh9I/AAAAAAAACBg/_-ATP8_N3B8/w72-h72-p-k-no-nu/1049535517-0.png
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-fegYSrxgIZI/UkLghNAGh9I/AAAAAAAACBg/_-ATP8_N3B8/w72-h72-p-k-no-nu/1049535517-0.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 3.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="1049535517-0.png"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 10679
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:05 GMT
    Expires: Thu, 23 May 2024 10:45:05 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v21b5"
    Content-Type: image/png
    Vary: Origin
    Age: 2
  • flag-gb
    GET
    https://resources.blogblog.com/img/icon18_wrench_allbkg.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/icon18_wrench_allbkg.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: resources.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 475
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:32:12 GMT
    Expires: Sat, 25 May 2024 12:32:12 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 09:53:24 GMT
    Content-Type: image/png
    Age: 339176
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://resources.blogblog.com/img/blank.gif
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/blank.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: resources.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 43
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:32:58 GMT
    Expires: Sat, 25 May 2024 12:32:58 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Fri, 17 May 2024 19:54:57 GMT
    Content-Type: image/gif
    Age: 339132
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://resources.blogblog.com/img/widgets/s_top.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/widgets/s_top.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: resources.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 335
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:09:13 GMT
    Expires: Sat, 25 May 2024 12:09:13 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 03:53:46 GMT
    Content-Type: image/png
    Age: 340558
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://resources.blogblog.com/img/anon36.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/anon36.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: resources.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 1654
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:34:40 GMT
    Expires: Sat, 25 May 2024 12:34:40 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 06:53:30 GMT
    Content-Type: image/png
    Age: 339031
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://resources.blogblog.com/img/widgets/s_bottom.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/widgets/s_bottom.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: resources.blogblog.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 172
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:43:08 GMT
    Expires: Sat, 25 May 2024 12:43:08 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 00:52:44 GMT
    Content-Type: image/png
    Age: 338523
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://dl.dropboxusercontent.com/u/79110835/1381861207_circle-arrow-left.png
    IEXPLORE.EXE
    Remote address:
    162.125.64.15:443
    Request
    GET /u/79110835/1381861207_circle-arrow-left.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dl.dropboxusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Date: Wed, 22 May 2024 10:45:07 GMT
    Server: envoy
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Robots-Tag: noindex, nofollow, noimageindex
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Dropbox-Response-Origin: remote
    X-Dropbox-Request-Id: 2e9fba5ae931492da5d49bd16383e3b8
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://dl.dropboxusercontent.com/u/79110835/1381861229_home.png
    IEXPLORE.EXE
    Remote address:
    162.125.64.15:443
    Request
    GET /u/79110835/1381861229_home.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dl.dropboxusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Date: Wed, 22 May 2024 10:45:08 GMT
    Server: envoy
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Robots-Tag: noindex, nofollow, noimageindex
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Dropbox-Response-Origin: remote
    X-Dropbox-Request-Id: 2e4d3e47de644e3985ffa781596c98cd
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://dl.dropboxusercontent.com/u/79110835/facebook%20(3).png
    IEXPLORE.EXE
    Remote address:
    162.125.64.15:443
    Request
    GET /u/79110835/facebook%20(3).png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dl.dropboxusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Date: Wed, 22 May 2024 10:45:08 GMT
    Server: envoy
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Robots-Tag: noindex, nofollow, noimageindex
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Dropbox-Response-Origin: remote
    X-Dropbox-Request-Id: cc29e257ecc24a278845ceb2ec4a1f62
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://dl.dropboxusercontent.com/u/79110835/google_plus%20(2).png
    IEXPLORE.EXE
    Remote address:
    162.125.64.15:443
    Request
    GET /u/79110835/google_plus%20(2).png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dl.dropboxusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Date: Wed, 22 May 2024 10:45:07 GMT
    Server: envoy
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Robots-Tag: noindex, nofollow, noimageindex
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Dropbox-Response-Origin: remote
    X-Dropbox-Request-Id: 27ca7fd212234ad7bc5539cfd2e55b2f
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://dl.dropboxusercontent.com/u/79110835/rss.png
    IEXPLORE.EXE
    Remote address:
    162.125.64.15:443
    Request
    GET /u/79110835/rss.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dl.dropboxusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Date: Wed, 22 May 2024 10:45:08 GMT
    Server: envoy
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Robots-Tag: noindex, nofollow, noimageindex
    Content-Encoding: gzip
    Vary: Accept-Encoding
    X-Dropbox-Response-Origin: remote
    X-Dropbox-Request-Id: 8591594da8fc4f5bba73658cc6e13fd8
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.blogger.com/static/v1/jsbin/1565398628-comment_from_post_iframe.js
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/jsbin/1565398628-comment_from_post_iframe.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 4393
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 20 May 2024 17:18:07 GMT
    Expires: Tue, 20 May 2025 17:18:07 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Sat, 28 Apr 2018 05:37:53 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
    Age: 149221
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/static/v1/widgets/3957297643-widget_css_bundle.css
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/widgets/3957297643-widget_css_bundle.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 7982
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:48:03 GMT
    Expires: Sun, 18 May 2025 12:48:03 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 13 Aug 2018 11:32:31 GMT
    Content-Type: text/css
    Vary: Accept-Encoding
    Age: 338225
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4365004628592785164&zx=7aa2ff11-6486-488b-a77c-d05519d153a5
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /dyn-css/authorization.css?targetBlogID=4365004628592785164&zx=7aa2ff11-6486-488b-a77c-d05519d153a5 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
    Content-Type: text/css; charset=UTF-8
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:45:08 GMT
    Last-Modified: Wed, 22 May 2024 10:45:08 GMT
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Moved Temporarily
    P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    Location: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&go=true
    Content-Type: text/html; charset=UTF-8
    Content-Encoding: gzip
    Date: Wed, 22 May 2024 10:45:09 GMT
    Expires: Wed, 22 May 2024 10:45:09 GMT
    Cache-Control: private, max-age=0
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Security-Policy: frame-ancestors 'self'
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.blogger.com/img/share_buttons_20_3.png
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /img/share_buttons_20_3.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 5080
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:36:22 GMT
    Expires: Sat, 25 May 2024 12:36:22 GMT
    Cache-Control: public, max-age=604800
    Last-Modified: Sat, 18 May 2024 07:54:07 GMT
    Content-Type: image/png
    Age: 338927
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
    Content-Type: text/html; charset=UTF-8
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:45:10 GMT
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Set-Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc; Domain=.blogger.com; Path=/; Secure; HttpOnly; Priority=LOW; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/v-css/2621646369-cmtfp.css HTTP/1.1
    Accept: text/css, */*
    Referer: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 3701
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:05:41 GMT
    Expires: Sun, 18 May 2025 12:05:41 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Sat, 18 May 2024 10:52:13 GMT
    Content-Type: text/css
    Vary: Accept-Encoding
    Age: 340769
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/navbar.g?targetBlogID=4365004628592785164&blogName=%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://gamemoren.blogspot.com/search&blogLocale=zh_TW&v=2&homepageUrl=http://gamemoren.blogspot.com/&targetPostID=2725958206295417007&blogPostOrPageUrl=http://gamemoren.blogspot.com/2013/08/killer-is-dead.html&vt=-4947278440025888178&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /navbar.g?targetBlogID=4365004628592785164&blogName=%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://gamemoren.blogspot.com/search&blogLocale=zh_TW&v=2&homepageUrl=http://gamemoren.blogspot.com/&targetPostID=2725958206295417007&blogPostOrPageUrl=http://gamemoren.blogspot.com/2013/08/killer-is-dead.html&vt=-4947278440025888178&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc
    Response
    HTTP/1.1 200 OK
    P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
    Content-Type: text/html; charset=UTF-8
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:45:11 GMT
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.blogger.com/static/v1/jsbin/3133218243-lbx__zh_tw.js
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/jsbin/3133218243-lbx__zh_tw.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 131147
    Date: Wed, 22 May 2024 10:45:49 GMT
    Expires: Thu, 22 May 2025 10:45:49 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Sat, 28 Apr 2018 05:37:53 GMT
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    http://4.bp.blogspot.com/-EV8eq6YIULg/UgxQ-CC6woI/AAAAAAAAB0U/F6a78Q8rFzY/s1600/221_130813112558_1.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-EV8eq6YIULg/UgxQ-CC6woI/AAAAAAAAB0U/F6a78Q8rFzY/s1600/221_130813112558_1.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 4.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="221_130813112558_1.jpg"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 9393
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v21b5"
    Content-Type: image/jpeg
    Vary: Origin
    Age: 3
  • flag-gb
    GET
    http://4.bp.blogspot.com/-Jt-yCTIOj1M/UpcRbhGEjTI/AAAAAAAAAgA/PQ9Mq6qTL4I/s1600/9.png
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-Jt-yCTIOj1M/UpcRbhGEjTI/AAAAAAAAAgA/PQ9Mq6qTL4I/s1600/9.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 4.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="9.png"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 43317
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v201"
    Content-Type: image/png
    Vary: Origin
    Age: 3
  • flag-gb
    GET
    https://apis.google.com/js/plusone.js
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /js/plusone.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript
    Access-Control-Allow-Origin: *
    Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
    Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
    Timing-Allow-Origin: *
    Date: Wed, 22 May 2024 10:45:08 GMT
    Expires: Wed, 22 May 2024 10:45:08 GMT
    Cache-Control: private, max-age=1800, stale-while-revalidate=1800
    ETag: "80d5c9d57d5f206f"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
    Content-Length: 55813
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 20 May 2024 15:06:31 GMT
    Expires: Tue, 20 May 2025 15:06:31 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 157117
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
    Content-Length: 35323
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 20 May 2024 15:06:32 GMT
    Expires: Tue, 20 May 2025 15:06:32 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 157118
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: http://developers.google.com/
    Cross-Origin-Resource-Policy: cross-origin
    X-Content-Type-Options: nosniff
    Server: sffe
    Content-Length: 226
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:05 GMT
    Expires: Wed, 22 May 2024 11:15:05 GMT
    Cache-Control: public, max-age=1800
    Content-Type: text/html; charset=UTF-8
    Age: 5
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: http://developers.google.com/
    Cross-Origin-Resource-Policy: cross-origin
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Wed, 22 May 2024 10:45:10 GMT
    Expires: Wed, 22 May 2024 11:15:10 GMT
    Cache-Control: public, max-age=1800
    Server: sffe
    Content-Length: 226
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
    Content-Length: 23473
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 20 May 2024 15:06:32 GMT
    Expires: Tue, 20 May 2025 15:06:32 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 157119
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&expr%3Aannotation=data%3Aannotation&width=250&expr%3Asize=data%3Asize&expr%3Ahref=data%3Ablog.canonicalHomepageUrl&source=blogger%3Ablog%3Aplusone&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /u/0/se/0/_/+1/fastbutton?usegapi=1&expr%3Aannotation=data%3Aannotation&width=250&expr%3Asize=data%3Asize&expr%3Ahref=data%3Ablog.canonicalHomepageUrl&source=blogger%3Ablog%3Aplusone&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: http://developers.google.com/
    Cross-Origin-Resource-Policy: cross-origin
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Wed, 22 May 2024 10:45:10 GMT
    Expires: Wed, 22 May 2024 11:15:10 GMT
    Cache-Control: public, max-age=1800
    Server: sffe
    Content-Length: 226
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=auth,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=auth,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
    Content-Length: 9724
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 13:16:51 GMT
    Expires: Sun, 18 May 2025 13:16:51 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 336499
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://apis.google.com/js/rpc:shindig_random.js?onload=init
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript
    Access-Control-Allow-Origin: *
    Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
    Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
    Timing-Allow-Origin: *
    Date: Wed, 22 May 2024 10:45:11 GMT
    Expires: Wed, 22 May 2024 10:45:11 GMT
    Cache-Control: private, max-age=1800, stale-while-revalidate=1800
    ETag: "9b77125b6924cb07"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://apis.google.com/js/platform:gapi.iframes.style.common.js
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /js/platform:gapi.iframes.style.common.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.blogger.com/navbar.g?targetBlogID=4365004628592785164&blogName=%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://gamemoren.blogspot.com/search&blogLocale=zh_TW&v=2&homepageUrl=http://gamemoren.blogspot.com/&targetPostID=2725958206295417007&blogPostOrPageUrl=http://gamemoren.blogspot.com/2013/08/killer-is-dead.html&vt=-4947278440025888178&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript
    Access-Control-Allow-Origin: *
    Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
    Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
    Timing-Allow-Origin: *
    Date: Wed, 22 May 2024 10:45:11 GMT
    Expires: Wed, 22 May 2024 10:45:11 GMT
    Cache-Control: private, max-age=1800, stale-while-revalidate=1800
    ETag: "1df5d68c1707a051"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
    IEXPLORE.EXE
    Remote address:
    142.250.200.14:443
    Request
    GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.blogger.com/navbar.g?targetBlogID=4365004628592785164&blogName=%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://gamemoren.blogspot.com/search&blogLocale=zh_TW&v=2&homepageUrl=http://gamemoren.blogspot.com/&targetPostID=2725958206295417007&blogPostOrPageUrl=http://gamemoren.blogspot.com/2013/08/killer-is-dead.html&vt=-4947278440025888178&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: apis.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
    Content-Length: 45677
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 10:23:05 GMT
    Expires: Sun, 18 May 2025 10:23:05 GMT
    Cache-Control: public, max-age=31536000
    Age: 346926
    Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/static/v1/widgets/1845596459-widgets.js
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/widgets/1845596459-widgets.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 52882
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 13:11:52 GMT
    Expires: Sun, 18 May 2025 13:11:52 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Sat, 28 Apr 2018 05:37:53 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
    Age: 336796
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/static/v1/jsbin/3325769351-cmt__zh_tw.js
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/jsbin/3325769351-cmt__zh_tw.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 34866
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 07:56:09 GMT
    Expires: Thu, 22 May 2025 07:56:09 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 22 May 2024 06:51:29 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
    Age: 10141
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /comment-iframe-bg.g?bgresponse=js_disabled&bgint=YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA HTTP/1.1
    Accept: */*
    Referer: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1#%7B%22color%22%3A%22rgb(0%2C%200%2C%200)%22%2C%22backgroundColor%22%3A%22rgb(255%2C%20255%2C%20255)%22%2C%22unvisitedLinkColor%22%3A%22rgb(51%2C%2051%2C%20255)%22%2C%22fontFamily%22%3A%22Open%20Sans%2CArial%2CCentury%20gothic%2C%20sans-serif%2CHelvetica%22%7D
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.blogger.com
    Connection: Keep-Alive
    Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc
    Response
    HTTP/1.1 200 OK
    P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
    Content-Type: text/javascript; charset=UTF-8
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:45:11 GMT
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css
    IEXPLORE.EXE
    Remote address:
    142.250.178.9:443
    Request
    GET /static/v1/v-css/368954415-lightbox_bundle.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.blogger.com
    Connection: Keep-Alive
    Cookie: S=blogger=ZFRsFtuApcjgoTnwJLYgyH61cFOfjc7PiQzlTz32wpc
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
    Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
    Content-Length: 6541
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:16:37 GMT
    Expires: Sun, 18 May 2025 12:16:37 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 27 Jan 2021 23:35:52 GMT
    Content-Type: text/css
    Vary: Accept-Encoding
    Age: 340152
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
    IEXPLORE.EXE
    Remote address:
    216.58.204.74:80
    Request
    GET /ajax/libs/jquery/1.9.0/jquery.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ajax.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
    Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    Timing-Allow-Origin: *
    Content-Length: 33140
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:26:31 GMT
    Expires: Sun, 18 May 2025 12:26:31 GMT
    Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
    Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 339516
  • flag-gb
    GET
    http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
    IEXPLORE.EXE
    Remote address:
    216.58.204.74:80
    Request
    GET /ajax/libs/jquery/1.4.2/jquery.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ajax.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
    Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    Timing-Allow-Origin: *
    Content-Length: 24715
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sun, 19 May 2024 02:48:26 GMT
    Expires: Mon, 19 May 2025 02:48:26 GMT
    Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
    Age: 287801
    Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://4.bp.blogspot.com/-cIe4R07_BpI/UkQTm3tz1DI/AAAAAAAACCo/nq2ujTWsTWo/w72-h72-p-k-no-nu/GTA5-grand-theft-auto-32732256-600-732.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-cIe4R07_BpI/UkQTm3tz1DI/AAAAAAAACCo/nq2ujTWsTWo/w72-h72-p-k-no-nu/GTA5-grand-theft-auto-32732256-600-732.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 4.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="GTA5-grand-theft-auto-32732256-600-732.jpg"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 5360
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:04 GMT
    Expires: Thu, 23 May 2024 10:45:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v21b5"
    Content-Type: image/jpeg
    Vary: Origin
    Age: 3
  • flag-gb
    GET
    https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
    IEXPLORE.EXE
    Remote address:
    216.58.204.74:443
    Request
    GET /ajax/libs/jquery/1.8.0/jquery.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ajax.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
    Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    Timing-Allow-Origin: *
    Content-Length: 33285
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:56:03 GMT
    Expires: Sun, 18 May 2025 12:56:03 GMT
    Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
    Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 337745
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 22908
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:02:15 GMT
    Expires: Sun, 18 May 2025 12:02:15 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 14 Dec 2023 02:00:39 GMT
    Content-Type: font/woff
    Age: 340973
  • flag-gb
    GET
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 22940
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 11:58:14 GMT
    Expires: Sun, 18 May 2025 11:58:14 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 14 Dec 2023 02:00:40 GMT
    Content-Type: font/woff
    Age: 341214
  • flag-gb
    GET
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVQ.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVQ.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 22332
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 11:58:14 GMT
    Expires: Sun, 18 May 2025 11:58:14 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 14 Dec 2023 01:59:25 GMT
    Content-Type: font/woff
    Age: 341214
  • flag-gb
    GET
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVQ.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVQ.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 22824
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 18:26:15 GMT
    Expires: Sun, 18 May 2025 18:26:15 GMT
    Cache-Control: public, max-age=31536000
    Age: 317933
    Last-Modified: Thu, 14 Dec 2023 01:59:23 GMT
    Content-Type: font/woff
  • flag-us
    DNS
    www.facebook.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.facebook.com
    IN A
    Response
    www.facebook.com
    IN CNAME
    star-mini.c10r.facebook.com
    star-mini.c10r.facebook.com
    IN A
    163.70.151.35
  • flag-gb
    GET
    http://www.facebook.com/plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80
    IEXPLORE.EXE
    Remote address:
    163.70.151.35:80
    Request
    GET /plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.facebook.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80
    Content-Type: text/plain
    Server: proxygen-bolt
    Date: Wed, 22 May 2024 10:45:09 GMT
    Connection: keep-alive
    Content-Length: 0
  • flag-gb
    GET
    http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270
    IEXPLORE.EXE
    Remote address:
    163.70.151.35:80
    Request
    GET /plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.facebook.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270
    Content-Type: text/plain
    Server: proxygen-bolt
    Date: Wed, 22 May 2024 10:45:09 GMT
    Connection: keep-alive
    Content-Length: 0
  • flag-us
    DNS
    i.imgur.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i.imgur.com
    IN A
    Response
    i.imgur.com
    IN CNAME
    ipv4.imgur.map.fastly.net
    ipv4.imgur.map.fastly.net
    IN A
    199.232.192.193
    ipv4.imgur.map.fastly.net
    IN A
    199.232.196.193
  • flag-gb
    GET
    https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80
    IEXPLORE.EXE
    Remote address:
    163.70.151.35:443
    Request
    GET /plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.facebook.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html;charset=utf-8
    Pragma: no-cache
    Cache-Control: private, no-cache, no-store, must-revalidate
    Expires: Sat, 01 Jan 2000 00:00:00 GMT
    content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
    reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
    report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
    cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
    cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    X-FB-Debug: BF5lPVnW0+RuCiWcy8F1aap6o1cDKt411TVvFCP9b6VRH03i9j19purxWH0w+m7iPxvGSxuUECHvPYPOWHE5gw==
    Date: Wed, 22 May 2024 10:45:11 GMT
    X-FB-Connection-Quality: GOOD; q=0.7, rtt=55, rtx=0, c=10, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=15, ullat=0
    Alt-Svc: h3=":443"; ma=86400
    Connection: keep-alive
    Content-Length: 0
  • flag-us
    GET
    http://i.imgur.com/8rd5JHn.png
    IEXPLORE.EXE
    Remote address:
    199.232.192.193:80
    Request
    GET /8rd5JHn.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.imgur.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Connection: close
    Content-Length: 0
    Retry-After: 0
    Location: https://i.imgur.com/8rd5JHn.png
    Accept-Ranges: bytes
    Date: Wed, 22 May 2024 10:45:09 GMT
    X-Served-By: cache-lcy-eglc8600056-LCY
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1716374709.369587,VS0,VE0
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
  • flag-us
    GET
    http://i.imgur.com/h9Kh8PT.png
    IEXPLORE.EXE
    Remote address:
    199.232.192.193:80
    Request
    GET /h9Kh8PT.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.imgur.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Connection: close
    Content-Length: 0
    Retry-After: 0
    Location: https://i.imgur.com/h9Kh8PT.png
    Accept-Ranges: bytes
    Date: Wed, 22 May 2024 10:45:10 GMT
    X-Served-By: cache-lcy-eglc8600083-LCY
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1716374710.014567,VS0,VE0
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
  • flag-us
    GET
    https://i.imgur.com/8rd5JHn.png
    IEXPLORE.EXE
    Remote address:
    199.232.192.193:443
    Request
    GET /8rd5JHn.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.imgur.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 1399495
    Content-Type: image/png
    Last-Modified: Tue, 26 Nov 2013 12:56:52 GMT
    ETag: "36319f20a22cdf1fbad13ed89b955693"
    x-amz-storage-class: STANDARD_IA
    X-Amz-Cf-Pop: IAD12-P2
    X-Amz-Cf-Id: lr_A9bFsPjj3KfIdz4ibKD4Jz1oXjeJCW_JdNcFsv-WXlDO_QYDwBw==
    cache-control: public, max-age=31536000
    Accept-Ranges: bytes
    Date: Wed, 22 May 2024 10:45:10 GMT
    Age: 143226
    X-Served-By: cache-iad-kiad7000147-IAD, cache-lcy-eglc8600038-LCY
    X-Cache: Miss from cloudfront, MISS, HIT
    X-Cache-Hits: 0, 1
    X-Timer: S1716374710.391946,VS0,VE4
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
    X-Content-Type-Options: nosniff
  • flag-us
    DNS
    accounts.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    64.233.167.84
  • flag-be
    GET
    https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&go=true
    IEXPLORE.EXE
    Remote address:
    64.233.167.84:443
    Request
    GET /ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&go=true HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: accounts.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Content-Type: application/binary
    Set-Cookie: __Host-GAPS=1:CuZR7DX-HbqOHmOkeMZuDFQq9okLXg:cM3MXGot2iZAjVCM; Expires=Fri, 22-May-2026 10:45:09 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:45:09 GMT
    Location: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    Strict-Transport-Security: max-age=31536000; includeSubDomains
    Cross-Origin-Opener-Policy: unsafe-none
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
    Content-Security-Policy: script-src 'nonce-HSPfI1BLfNde2fZoqtCWow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Resource-Policy: cross-origin
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    Server: ESF
    Content-Length: 0
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-be
    GET
    https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    64.233.167.84:443
    Request
    GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: accounts.google.com
    Connection: Keep-Alive
    Cookie: __Host-GAPS=1:CuZR7DX-HbqOHmOkeMZuDFQq9okLXg:cM3MXGot2iZAjVCM
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:45:10 GMT
    Cross-Origin-Resource-Policy: same-site
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
    Content-Security-Policy: script-src 'nonce-a7iQngnvfLDGEOgQZsS_8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    www.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-gb
    GET
    https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270
    IEXPLORE.EXE
    Remote address:
    163.70.151.35:443
    Request
    GET /plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.facebook.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Vary: Accept-Encoding
    Content-Encoding: gzip
    reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
    report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
    content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
    document-policy: force-load-at-top
    permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
    cross-origin-resource-policy: cross-origin
    cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
    cross-origin-opener-policy: unsafe-none;report-to="coop_report"
    Pragma: no-cache
    Cache-Control: private, no-cache, no-store, must-revalidate
    Expires: Sat, 01 Jan 2000 00:00:00 GMT
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Strict-Transport-Security: max-age=15552000; preload
    Content-Type: text/html; charset="utf-8"
    X-FB-Debug: AGTnrB5PWoz4/7u8fuoTUORj5w9VDg9qC9E19msdsDmXBZi5FET3bwlIdHHwH4uZo3RHty4/yRji7tHYTCGLnQ==
    Date: Wed, 22 May 2024 10:45:11 GMT
    X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=10, mss=1357, tbw=137, tp=-1, tpl=-1, uplat=41, ullat=0
    Alt-Svc: h3=":443"; ma=86400
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-gb
    GET
    http://www.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs
    IEXPLORE.EXE
    Remote address:
    142.250.187.196:80
    Request
    GET /cse/cse.js?cx=004900261465633806941:fgxhoki1tbs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: https://cse.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs
    X-Content-Type-Options: nosniff
    Server: sffe
    Content-Length: 267
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 10:45:05 GMT
    Expires: Wed, 22 May 2024 11:15:05 GMT
    Cache-Control: public, max-age=1800
    Content-Type: text/html; charset=UTF-8
    Age: 5
  • flag-us
    DNS
    lh4.ggpht.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    lh4.ggpht.com
    IN A
    Response
    lh4.ggpht.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-us
    GET
    https://i.imgur.com/h9Kh8PT.png
    IEXPLORE.EXE
    Remote address:
    199.232.192.193:443
    Request
    GET /h9Kh8PT.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.imgur.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 4969
    Content-Type: image/png
    Last-Modified: Mon, 30 Dec 2013 11:59:35 GMT
    ETag: "c1a2bf6df588401d9d6b9c50c8339dcb"
    X-Amz-Cf-Pop: IAD89-P1
    X-Amz-Cf-Id: c_kuv3HwmlBECivaAadIMMkZuDb5XFLvUSeZOniBZWfRDNRA5I6MOQ==
    cache-control: public, max-age=31536000
    Accept-Ranges: bytes
    Date: Wed, 22 May 2024 10:45:10 GMT
    Age: 1894776
    X-Served-By: cache-iad-kjyo7100042-IAD, cache-lcy-eglc8600052-LCY
    X-Cache: Miss from cloudfront, MISS, HIT
    X-Cache-Hits: 1, 1
    X-Timer: S1716374710.459876,VS0,VE1
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
    X-Content-Type-Options: nosniff
  • flag-gb
    GET
    http://lh4.ggpht.com/_aunFc5EDRyI/S1u5tkkq3uI/AAAAAAAAAH8/L3MD-dRtmkY/plus.gif
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /_aunFc5EDRyI/S1u5tkkq3uI/AAAAAAAAAH8/L3MD-dRtmkY/plus.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: lh4.ggpht.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    Content-Disposition: inline;filename="plus.gif"
    X-Content-Type-Options: nosniff
    Server: fife
    Content-Length: 89
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 07:41:04 GMT
    Expires: Thu, 23 May 2024 07:41:04 GMT
    Cache-Control: public, max-age=86400, no-transform
    ETag: "v16a"
    Content-Type: image/gif
    Vary: Origin
    Age: 11046
  • flag-us
    DNS
    cse.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cse.google.com
    IN A
    Response
    cse.google.com
    IN A
    172.217.169.46
  • flag-gb
    GET
    https://cse.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs
    IEXPLORE.EXE
    Remote address:
    172.217.169.46:443
    Request
    GET /cse/cse.js?cx=004900261465633806941:fgxhoki1tbs HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cse.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-oN4ElrgnQ7xoIaF-kE1fRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
    Date: Wed, 22 May 2024 10:45:10 GMT
    Server: gws
    Content-Length: 1608
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.google.com/js/bg/YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA.js
    IEXPLORE.EXE
    Remote address:
    142.250.187.196:443
    Request
    GET /js/bg/YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
    Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
    Content-Length: 23986
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Wed, 22 May 2024 02:55:19 GMT
    Expires: Thu, 22 May 2025 02:55:19 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Tue, 14 May 2024 11:30:00 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
    Age: 28191
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    developers.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    developers.google.com
    IN A
    Response
    developers.google.com
    IN A
    216.58.201.110
  • flag-gb
    GET
    http://developers.google.com/
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: https://developers.google.com/
    X-Cloud-Trace-Context: 5ee6983c3d0a6a99531e14b202e5097d
    Date: Wed, 22 May 2024 10:45:10 GMT
    Content-Type: text/html
    Server: Google Frontend
    Content-Length: 0
  • flag-gb
    GET
    http://developers.google.com/
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: https://developers.google.com/
    X-Cloud-Trace-Context: 4b31eeb33da820c7abb42a1da08cc9bc
    Date: Wed, 22 May 2024 10:45:11 GMT
    Content-Type: text/html
    Server: Google Frontend
    Content-Length: 0
  • flag-gb
    GET
    http://developers.google.com/
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Location: https://developers.google.com/
    X-Cloud-Trace-Context: 605cdf540a51b517faed00f358a9717d
    Date: Wed, 22 May 2024 10:45:10 GMT
    Content-Type: text/html
    Server: Google Frontend
    Content-Length: 0
  • flag-gb
    GET
    https://developers.google.com/
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:443
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Last-Modified: Thu, 16 May 2024 15:08:21 GMT
    Content-Type: text/html; charset=utf-8
    Vary: Cookie
    Vary: Accept-Encoding
    Set-Cookie: _ga_devsite=GA1.3.2014461401.1716374711; Expires=Fri, 22 May 2026 10:45:11 GMT; Max-Age=63072000; Path=/
    Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-L/XCXMmffLbhzRtwjKtSjUwjYNd5lf' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
    Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, must-revalidate
    Expires: 0
    Pragma: no-cache
    Content-Encoding: gzip
    X-Cloud-Trace-Context: 7dc6c29fe24b74420be33d587745c8d3
    Date: Wed, 22 May 2024 10:45:11 GMT
    Server: Google Frontend
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    widgets.amung.us
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    widgets.amung.us
    IN A
    Response
    widgets.amung.us
    IN A
    172.67.8.141
    widgets.amung.us
    IN A
    104.22.75.171
    widgets.amung.us
    IN A
    104.22.74.171
  • flag-us
    DNS
    s10.histats.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    s10.histats.com
    IN A
    Response
    s10.histats.com
    IN CNAME
    s10.histats.com.cdn.cloudflare.net
    s10.histats.com.cdn.cloudflare.net
    IN A
    104.20.19.71
    s10.histats.com.cdn.cloudflare.net
    IN A
    104.20.18.71
  • flag-us
    GET
    http://widgets.amung.us/small.js
    IEXPLORE.EXE
    Remote address:
    172.67.8.141:80
    Request
    GET /small.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: widgets.amung.us
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 22 May 2024 10:45:11 GMT
    Content-Type: application/x-javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    last-modified: Thu, 12 Jan 2023 17:19:30 GMT
    etag: W/"63c04122-2170"
    expires: Thu, 23 May 2024 10:37:43 GMT
    cache-control: max-age=86400
    access-control-allow-origin: *
    content-encoding: gzip
    CF-Cache-Status: HIT
    Age: 448
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 887c37180c9a7756-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://s10.histats.com/js15.js
    IEXPLORE.EXE
    Remote address:
    104.20.19.71:80
    Request
    GET /js15.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: s10.histats.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 22 May 2024 10:45:11 GMT
    Content-Type: text/javascript
    Content-Length: 4405
    Connection: keep-alive
    Content-Encoding: gzip
    ETag: "980881274"
    Last-Modified: Thu, 16 Apr 2020 10:44:16 GMT
    Vary: Accept-Encoding
    Cache-Control: max-age=28800
    CF-Cache-Status: HIT
    Age: 55994
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 887c37181adfd188-LHR
  • flag-gb
    GET
    https://developers.google.com/
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:443
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Last-Modified: Thu, 16 May 2024 15:08:21 GMT
    Content-Type: text/html; charset=utf-8
    Vary: Cookie
    Vary: Accept-Encoding
    Set-Cookie: _ga_devsite=GA1.3.685963446.1716374711; Expires=Fri, 22 May 2026 10:45:11 GMT; Max-Age=63072000; Path=/
    Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Iz7a6mT7W4I94coGooL01oJ9lW67jH' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
    Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, must-revalidate
    Expires: 0
    Pragma: no-cache
    Content-Encoding: gzip
    X-Cloud-Trace-Context: 9300dc0fa305bd523ad20e975b055035
    Date: Wed, 22 May 2024 10:45:11 GMT
    Server: Google Frontend
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    ssl.gstatic.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ssl.gstatic.com
    IN A
    Response
    ssl.gstatic.com
    IN A
    172.217.169.3
  • flag-us
    DNS
    static.xx.fbcdn.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.xx.fbcdn.net
    IN A
    Response
    static.xx.fbcdn.net
    IN CNAME
    scontent.xx.fbcdn.net
    scontent.xx.fbcdn.net
    IN A
    163.70.151.21
  • flag-gb
    GET
    https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/3bY3tQaqmwk.css?_nc_x=Ij3Wp8lg5Kz
    IEXPLORE.EXE
    Remote address:
    163.70.151.21:443
    Request
    GET /rsrc.php/v3/yi/l/0,cross/3bY3tQaqmwk.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
    Accept: text/css, */*
    Referer: https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.xx.fbcdn.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/css; charset=utf-8
    Access-Control-Allow-Origin: *
    Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
    Expires: Thu, 15 May 2025 17:30:03 GMT
    Cache-Control: public,max-age=31536000,immutable
    reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
    timing-allow-origin: *
    document-policy: force-load-at-top
    permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
    cross-origin-resource-policy: cross-origin
    X-Content-Type-Options: nosniff
    report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
    content-md5: piDST+6CYu5LxOHlP3oHCw==
    X-FB-Debug: G7jyXVB1rOwE2PcIAS3mnguBun4dDJvJxHKh8W4H6g8Zkdqoo9m4LyrCGza86k7r6y18m2AU80JlE1bN+G/jFg==
    Date: Wed, 22 May 2024 10:45:11 GMT
    X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=2, ullat=-1
    Alt-Svc: h3=":443"; ma=86400
    Connection: keep-alive
    Content-Length: 6461
  • flag-gb
    GET
    https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js
    IEXPLORE.EXE
    Remote address:
    172.217.169.3:443
    Request
    GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ssl.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
    Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
    Content-Length: 4846
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 20 May 2024 15:06:40 GMT
    Expires: Tue, 20 May 2025 15:06:40 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Sun, 12 May 2024 02:08:16 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
    Age: 157111
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://developers.google.com/
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:443
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Last-Modified: Thu, 16 May 2024 15:08:21 GMT
    Content-Type: text/html; charset=utf-8
    Vary: Cookie
    Vary: Accept-Encoding
    Set-Cookie: _ga_devsite=GA1.3.1207485400.1716374711; Expires=Fri, 22 May 2026 10:45:11 GMT; Max-Age=63072000; Path=/
    Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-dL+YTGZPTiVSa4x+21N8dtf/XbQ9JV' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
    Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, must-revalidate
    Expires: 0
    Pragma: no-cache
    Content-Encoding: gzip
    X-Cloud-Trace-Context: 96becd619c73f44b2d2be7aaf4f48185
    Date: Wed, 22 May 2024 10:45:11 GMT
    Server: Google Frontend
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    GET
    https://s10.histats.com/counters/cc_521.js
    IEXPLORE.EXE
    Remote address:
    104.20.19.71:443
    Request
    GET /counters/cc_521.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: s10.histats.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 22 May 2024 10:45:12 GMT
    Content-Type: text/javascript
    Content-Length: 5463
    Connection: keep-alive
    Content-Encoding: gzip
    ETag: "-568468215"
    Last-Modified: Thu, 16 Apr 2020 10:45:32 GMT
    Vary: Accept-Encoding
    Cache-Control: max-age=28800
    CF-Cache-Status: HIT
    Age: 14338
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 887c3721ba512502-LHR
  • flag-us
    DNS
    s4.histats.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    s4.histats.com
    IN A
    Response
    s4.histats.com
    IN A
    149.56.240.131
    s4.histats.com
    IN A
    149.56.240.31
    s4.histats.com
    IN A
    54.39.128.162
    s4.histats.com
    IN A
    149.56.240.130
    s4.histats.com
    IN A
    149.56.240.129
    s4.histats.com
    IN A
    54.39.156.32
    s4.histats.com
    IN A
    149.56.240.27
    s4.histats.com
    IN A
    149.56.240.132
    s4.histats.com
    IN A
    142.4.219.198
    s4.histats.com
    IN A
    149.56.240.127
    s4.histats.com
    IN A
    149.56.240.128
    s4.histats.com
    IN A
    54.39.128.117
    s4.histats.com
    IN A
    158.69.254.144
  • flag-ca
    GET
    https://s4.histats.com/stats/0.php?2482117&@f16&@g1&@h1&@i1&@j1716374709032&@k0&@l1&@m%E6%AE%BA%E6%89%8B%E5%B7%B2%E6%AD%BB(KILLER%20is%20DEAD)%E5%85%A8%E5%A6%B9%E5%AD%90%E6%94%B6%E9%9B%86%E6%94%BB%E7%95%A5%20%7C%20%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&@n0&@o1000&@q0&@r0&@s521&@ten-US&@u1280&@b1:-148908581&@b3:1716374709&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C66fcc9977d5bf820fb657eb75e439e4c_JaffaCakes118.html&@w
    IEXPLORE.EXE
    Remote address:
    149.56.240.131:443
    Request
    GET /stats/0.php?2482117&@f16&@g1&@h1&@i1&@j1716374709032&@k0&@l1&@m%E6%AE%BA%E6%89%8B%E5%B7%B2%E6%AD%BB(KILLER%20is%20DEAD)%E5%85%A8%E5%A6%B9%E5%AD%90%E6%94%B6%E9%9B%86%E6%94%BB%E7%95%A5%20%7C%20%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&@n0&@o1000&@q0&@r0&@s521&@ten-US&@u1280&@b1:-148908581&@b3:1716374709&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C66fcc9977d5bf820fb657eb75e439e4c_JaffaCakes118.html&@w HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: s4.histats.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 22 May 2024 10:45:12 GMT
    Content-Type: text/html;charset=UTF-8
    Content-Length: 377
    Connection: close
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    23.63.101.171
    a1952.dscq.akamai.net
    IN A
    23.63.101.153
  • flag-nl
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    23.63.101.171:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Wed, 22 May 2024 11:45:11 GMT
    Date: Wed, 22 May 2024 10:45:11 GMT
    Connection: keep-alive
  • flag-gb
    GET
    https://developers.google.com/extras.css
    IEXPLORE.EXE
    Remote address:
    216.58.201.110:443
    Request
    GET /extras.css HTTP/1.1
    Accept: text/css, */*
    Referer: https://developers.google.com/
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: developers.google.com
    Connection: Keep-Alive
    Cookie: _ga_devsite=GA1.3.685963446.1716374711
  • flag-us
    DNS
    x2.c.lencr.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    x2.c.lencr.org
    IN A
    Response
    x2.c.lencr.org
    IN CNAME
    crl.root-x1.letsencrypt.org.edgekey.net
    crl.root-x1.letsencrypt.org.edgekey.net
    IN CNAME
    e8652.dscx.akamaiedge.net
    e8652.dscx.akamaiedge.net
    IN A
    23.55.97.11
  • flag-be
    GET
    http://x2.c.lencr.org/
    IEXPLORE.EXE
    Remote address:
    23.55.97.11:80
    Request
    GET / HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: x2.c.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/pkix-crl
    Last-Modified: Mon, 12 Feb 2024 22:07:27 GMT
    ETag: "65ca969f-12b"
    Cache-Control: max-age=3600
    Expires: Wed, 22 May 2024 11:45:12 GMT
    Date: Wed, 22 May 2024 10:45:12 GMT
    Content-Length: 299
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.21.17.194
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.21.17.194
  • flag-ca
    GET
    https://s4.histats.com/stats/e.php?2482117&@Ab&@R66114&@w
    IEXPLORE.EXE
    Remote address:
    149.56.240.131:443
    Request
    GET /stats/e.php?2482117&@Ab&@R66114&@w HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: s4.histats.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 22 May 2024 10:45:56 GMT
    Content-Type: text/html;charset=UTF-8
    Content-Length: 377
    Connection: close
  • flag-be
    GET
    https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    64.233.167.84:443
    Request
    GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: accounts.google.com
    Connection: Keep-Alive
    Cookie: __Host-GAPS=1:CuZR7DX-HbqOHmOkeMZuDFQq9okLXg:cM3MXGot2iZAjVCM
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:46:12 GMT
    Content-Security-Policy: script-src 'nonce-d-8MLbq2YGO94MLn23jkYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
    Cross-Origin-Resource-Policy: same-site
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-be
    GET
    https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    IEXPLORE.EXE
    Remote address:
    64.233.167.84:443
    Request
    GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: accounts.google.com
    Connection: Keep-Alive
    Cookie: __Host-GAPS=1:CuZR7DX-HbqOHmOkeMZuDFQq9okLXg:cM3MXGot2iZAjVCM
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Wed, 22 May 2024 10:47:14 GMT
    Content-Security-Policy: script-src 'nonce-YzvQKbNtZN9zJo0eea3hmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
    Cross-Origin-Resource-Policy: same-site
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • 142.250.178.9:443
    https://img1.blogblog.com/img/widgets/subscribe-netvibes.png
    tls, http
    IEXPLORE.EXE
    1.1kB
    7.0kB
    11
    11

    HTTP Request

    GET https://img1.blogblog.com/img/widgets/subscribe-netvibes.png

    HTTP Response

    200
  • 151.101.130.137:80
    http://code.jquery.com/jquery-1.4.2.min.js
    http
    IEXPLORE.EXE
    1.0kB
    26.1kB
    16
    24

    HTTP Request

    GET http://code.jquery.com/jquery-1.4.2.min.js

    HTTP Response

    200
  • 173.194.76.82:80
    http://blogger-related-posts.googlecode.com/files/jquery.related-posts-widget-2.0.min.js
    http
    IEXPLORE.EXE
    587 B
    1.9kB
    6
    4

    HTTP Request

    GET http://blogger-related-posts.googlecode.com/files/jquery.related-posts-widget-2.0.min.js

    HTTP Response

    404
  • 142.250.187.202:80
    http://fonts.googleapis.com/css?family=Open+Sans:400,700,800,300
    http
    IEXPLORE.EXE
    543 B
    953 B
    6
    5

    HTTP Request

    GET http://fonts.googleapis.com/css?family=Open+Sans:400,700,800,300

    HTTP Response

    200
  • 142.250.178.9:443
    https://img1.blogblog.com/img/icon_feed12.png
    tls, http
    IEXPLORE.EXE
    1.6kB
    8.5kB
    14
    12

    HTTP Request

    GET https://img1.blogblog.com/img/widgets/subscribe-yahoo.png

    HTTP Response

    200

    HTTP Request

    GET https://img1.blogblog.com/img/icon_feed12.png

    HTTP Response

    200
  • 142.250.180.1:80
    http://2.bp.blogspot.com/-4SAYePxxESA/Uq11kk5-L4I/AAAAAAAAApA/HUC-VaNIK9M/w72-h72-p-k-no-nu/%25E4%25BF%25A1%25E9%2595%25B7%25E4%25B9%258B%25E9%2587%258E%25E6%259C%259B14%25EF%25BC%259A%25E5%2589%25B5%25E9%2580%25A0+%25E5%2585%25A7%25E6%2594%25BF%25E5%2592%258C%25E6%2588%25B0%25E9%25AC%25A5%25E6%2588%25B0%25E8%25A1%2593%25E6%2594%25BB%25E7%2595%25A5%25E5%2588%2586%25E4%25BA%25AB.jpg
    http
    IEXPLORE.EXE
    946 B
    4.8kB
    7
    7

    HTTP Request

    GET http://2.bp.blogspot.com/-4SAYePxxESA/Uq11kk5-L4I/AAAAAAAAApA/HUC-VaNIK9M/w72-h72-p-k-no-nu/%25E4%25BF%25A1%25E9%2595%25B7%25E4%25B9%258B%25E9%2587%258E%25E6%259C%259B14%25EF%25BC%259A%25E5%2589%25B5%25E9%2580%25A0+%25E5%2585%25A7%25E6%2594%25BF%25E5%2592%258C%25E6%2588%25B0%25E9%25AC%25A5%25E6%2588%25B0%25E8%25A1%2593%25E6%2594%25BB%25E7%2595%25A5%25E5%2588%2586%25E4%25BA%25AB.jpg

    HTTP Response

    200
  • 142.250.180.1:80
    http://3.bp.blogspot.com/-5UChsQh382s/UQhGdXy8_EI/AAAAAAAABAw/Pdm66BVYg2w/s000/menu.png
    http
    IEXPLORE.EXE
    1.1kB
    7.0kB
    9
    9

    HTTP Request

    GET http://3.bp.blogspot.com/-cIAQ0P49UKs/Umn32GzDNMI/AAAAAAAAANk/_HLQ_t-pzJw/w72-h72-p-k-no-nu/Rome-Total-War-2-Fireballs.jpg

    HTTP Response

    200

    HTTP Request

    GET http://3.bp.blogspot.com/-5UChsQh382s/UQhGdXy8_EI/AAAAAAAABAw/Pdm66BVYg2w/s000/menu.png

    HTTP Response

    200
  • 142.250.180.1:80
    2.bp.blogspot.com
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 172.67.214.204:80
    http://www.blogad.com.tw/Transfer/V2/Main.js?v=201422171333
    http
    IEXPLORE.EXE
    1.4kB
    5.5kB
    11
    12

    HTTP Request

    GET http://www.blogad.com.tw/Transfer/ShowAdJs.aspx?P=mike6209&BM_ID=245264&C=G&BS=dotted&BT=180&BA=center&ac=2

    HTTP Response

    200

    HTTP Request

    HEAD http://www.blogad.com.tw/images/354_118.swf?P=mike6209&BM_ID=245264&C=B&BS=dotted&BT=124&BA=center

    HTTP Response

    404

    HTTP Request

    GET http://www.blogad.com.tw/Transfer/V2/Main.js?v=201422171333

    HTTP Response

    404
  • 142.250.178.9:443
    https://img2.blogblog.com/img/widgets/arrow_dropdown.gif
    tls, http
    IEXPLORE.EXE
    1.1kB
    5.6kB
    11
    10

    HTTP Request

    GET https://img2.blogblog.com/img/widgets/arrow_dropdown.gif

    HTTP Response

    200
  • 162.125.64.15:443
    https://dl.dropboxusercontent.com/u/79110835/1381861250_circle-arrow-right.png
    tls, http
    IEXPLORE.EXE
    1.3kB
    5.9kB
    14
    13

    HTTP Request

    GET https://dl.dropboxusercontent.com/u/79110835/1381861250_circle-arrow-right.png

    HTTP Response

    404
  • 173.194.76.82:80
    blogger-related-posts.googlecode.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 151.101.130.137:80
    code.jquery.com
    IEXPLORE.EXE
    242 B
    184 B
    5
    4
  • 142.250.187.202:80
    fonts.googleapis.com
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 142.250.178.9:443
    img1.blogblog.com
    tls
    IEXPLORE.EXE
    708 B
    4.8kB
    9
    9
  • 142.250.180.1:80
    http://3.bp.blogspot.com/-a9Hn9jTXOiM/UpNas5VcncI/AAAAAAAAADE/TpIrrp7kfpw/w72-h72-p-k-no-nu/%E6%9C%AA%E5%91%BD%E5%90%8D.png
    http
    IEXPLORE.EXE
    777 B
    10.0kB
    9
    11

    HTTP Request

    GET http://3.bp.blogspot.com/-a9Hn9jTXOiM/UpNas5VcncI/AAAAAAAAADE/TpIrrp7kfpw/w72-h72-p-k-no-nu/%E6%9C%AA%E5%91%BD%E5%90%8D.png

    HTTP Response

    200
  • 142.250.180.1:80
    http://3.bp.blogspot.com/-fegYSrxgIZI/UkLghNAGh9I/AAAAAAAACBg/_-ATP8_N3B8/w72-h72-p-k-no-nu/1049535517-0.png
    http
    IEXPLORE.EXE
    808 B
    11.6kB
    10
    12

    HTTP Request

    GET http://3.bp.blogspot.com/-fegYSrxgIZI/UkLghNAGh9I/AAAAAAAACBg/_-ATP8_N3B8/w72-h72-p-k-no-nu/1049535517-0.png

    HTTP Response

    200
  • 172.67.214.204:80
    www.blogad.com.tw
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 142.250.178.9:443
    img2.blogblog.com
    tls
    IEXPLORE.EXE
    702 B
    4.7kB
    9
    8
  • 142.250.178.9:443
    https://resources.blogblog.com/img/anon36.png
    tls, http
    IEXPLORE.EXE
    2.7kB
    12.2kB
    18
    17

    HTTP Request

    GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

    HTTP Response

    200

    HTTP Request

    GET https://resources.blogblog.com/img/blank.gif

    HTTP Response

    200

    HTTP Request

    GET https://resources.blogblog.com/img/widgets/s_top.png

    HTTP Response

    200

    HTTP Request

    GET https://resources.blogblog.com/img/anon36.png

    HTTP Response

    200
  • 142.250.178.9:443
    https://resources.blogblog.com/img/widgets/s_bottom.png
    tls, http
    IEXPLORE.EXE
    1.2kB
    6.5kB
    12
    11

    HTTP Request

    GET https://resources.blogblog.com/img/widgets/s_bottom.png

    HTTP Response

    200
  • 162.125.64.15:443
    https://dl.dropboxusercontent.com/u/79110835/1381861207_circle-arrow-left.png
    tls, http
    IEXPLORE.EXE
    1.3kB
    5.8kB
    13
    12

    HTTP Request

    GET https://dl.dropboxusercontent.com/u/79110835/1381861207_circle-arrow-left.png

    HTTP Response

    404
  • 162.125.64.15:443
    https://dl.dropboxusercontent.com/u/79110835/1381861229_home.png
    tls, http
    IEXPLORE.EXE
    1.3kB
    5.9kB
    14
    13

    HTTP Request

    GET https://dl.dropboxusercontent.com/u/79110835/1381861229_home.png

    HTTP Response

    404
  • 162.125.64.15:443
    https://dl.dropboxusercontent.com/u/79110835/facebook%20(3).png
    tls, http
    IEXPLORE.EXE
    1.3kB
    7.0kB
    14
    14

    HTTP Request

    GET https://dl.dropboxusercontent.com/u/79110835/facebook%20(3).png

    HTTP Response

    404
  • 118.139.179.30:80
    www.linkwithin.com
    IEXPLORE.EXE
    152 B
    3
  • 162.125.64.15:443
    https://dl.dropboxusercontent.com/u/79110835/google_plus%20(2).png
    tls, http
    IEXPLORE.EXE
    1.3kB
    7.0kB
    14
    14

    HTTP Request

    GET https://dl.dropboxusercontent.com/u/79110835/google_plus%20(2).png

    HTTP Response

    404
  • 162.125.64.15:443
    https://dl.dropboxusercontent.com/u/79110835/rss.png
    tls, http
    IEXPLORE.EXE
    1.3kB
    5.8kB
    13
    12

    HTTP Request

    GET https://dl.dropboxusercontent.com/u/79110835/rss.png

    HTTP Response

    404
  • 118.139.179.30:80
    www.linkwithin.com
    IEXPLORE.EXE
    152 B
    3
  • 142.250.178.9:443
    https://www.blogger.com/static/v1/jsbin/1565398628-comment_from_post_iframe.js
    tls, http
    IEXPLORE.EXE
    1.2kB
    10.2kB
    13
    14

    HTTP Request

    GET https://www.blogger.com/static/v1/jsbin/1565398628-comment_from_post_iframe.js

    HTTP Response

    200
  • 142.250.178.9:443
    https://www.blogger.com/static/v1/jsbin/3133218243-lbx__zh_tw.js
    tls, http
    IEXPLORE.EXE
    7.6kB
    174.6kB
    84
    148

    HTTP Request

    GET https://www.blogger.com/static/v1/widgets/3957297643-widget_css_bundle.css

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4365004628592785164&zx=7aa2ff11-6486-488b-a77c-d05519d153a5

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714

    HTTP Response

    302

    HTTP Request

    GET https://www.blogger.com/img/share_buttons_20_3.png

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/comment-iframe.g?blogID=4365004628592785164&postID=2725958206295417007&blogspotRpcToken=1380714&bpli=1

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/navbar.g?targetBlogID=4365004628592785164&blogName=%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://gamemoren.blogspot.com/search&blogLocale=zh_TW&v=2&homepageUrl=http://gamemoren.blogspot.com/&targetPostID=2725958206295417007&blogPostOrPageUrl=http://gamemoren.blogspot.com/2013/08/killer-is-dead.html&vt=-4947278440025888178&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/static/v1/jsbin/3133218243-lbx__zh_tw.js

    HTTP Response

    200
  • 142.250.180.1:80
    http://4.bp.blogspot.com/-EV8eq6YIULg/UgxQ-CC6woI/AAAAAAAAB0U/F6a78Q8rFzY/s1600/221_130813112558_1.jpg
    http
    IEXPLORE.EXE
    756 B
    10.3kB
    9
    11

    HTTP Request

    GET http://4.bp.blogspot.com/-EV8eq6YIULg/UgxQ-CC6woI/AAAAAAAAB0U/F6a78Q8rFzY/s1600/221_130813112558_1.jpg

    HTTP Response

    200
  • 142.250.180.1:80
    http://4.bp.blogspot.com/-Jt-yCTIOj1M/UpcRbhGEjTI/AAAAAAAAAgA/PQ9Mq6qTL4I/s1600/9.png
    http
    IEXPLORE.EXE
    1.3kB
    45.2kB
    22
    36

    HTTP Request

    GET http://4.bp.blogspot.com/-Jt-yCTIOj1M/UpcRbhGEjTI/AAAAAAAAAgA/PQ9Mq6qTL4I/s1600/9.png

    HTTP Response

    200
  • 142.250.200.14:443
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
    tls, http
    IEXPLORE.EXE
    6.8kB
    154.8kB
    76
    122

    HTTP Request

    GET https://apis.google.com/js/plusone.js

    HTTP Response

    200

    HTTP Request

    GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

    HTTP Response

    200

    HTTP Request

    GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

    HTTP Response

    200

    HTTP Request

    GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    301

    HTTP Request

    GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    301

    HTTP Request

    GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

    HTTP Response

    200
  • 142.250.200.14:443
    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
    tls, http
    IEXPLORE.EXE
    6.2kB
    97.6kB
    48
    83

    HTTP Request

    GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&expr%3Aannotation=data%3Aannotation&width=250&expr%3Asize=data%3Asize&expr%3Ahref=data%3Ablog.canonicalHomepageUrl&source=blogger%3Ablog%3Aplusone&hl=zh_TW&origin=file%3A%2F%2F&url=http%3A%2F%2Fgamemoren.blogspot.com%2F2013%2F08%2Fkiller-is-dead.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    301

    HTTP Request

    GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=auth,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

    HTTP Response

    200

    HTTP Request

    GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

    HTTP Response

    200

    HTTP Request

    GET https://apis.google.com/js/platform:gapi.iframes.style.common.js

    HTTP Response

    200

    HTTP Request

    GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

    HTTP Response

    200
  • 142.250.178.9:443
    https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css
    tls, http
    IEXPLORE.EXE
    5.1kB
    125.6kB
    61
    102

    HTTP Request

    GET https://www.blogger.com/static/v1/widgets/1845596459-widgets.js

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/static/v1/jsbin/3325769351-cmt__zh_tw.js

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA

    HTTP Response

    200

    HTTP Request

    GET https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css

    HTTP Response

    200
  • 142.250.178.9:443
    www.blogger.com
    tls
    IEXPLORE.EXE
    752 B
    4.8kB
    10
    9
  • 216.58.204.74:80
    http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js
    http
    IEXPLORE.EXE
    1.2kB
    35.2kB
    19
    29

    HTTP Request

    GET http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js

    HTTP Response

    200
  • 216.58.204.74:80
    http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
    http
    IEXPLORE.EXE
    976 B
    26.5kB
    15
    22

    HTTP Request

    GET http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

    HTTP Response

    200
  • 142.250.180.1:80
    http://4.bp.blogspot.com/-cIe4R07_BpI/UkQTm3tz1DI/AAAAAAAACCo/nq2ujTWsTWo/w72-h72-p-k-no-nu/GTA5-grand-theft-auto-32732256-600-732.jpg
    http
    IEXPLORE.EXE
    794 B
    6.6kB
    9
    9

    HTTP Request

    GET http://4.bp.blogspot.com/-cIe4R07_BpI/UkQTm3tz1DI/AAAAAAAACCo/nq2ujTWsTWo/w72-h72-p-k-no-nu/GTA5-grand-theft-auto-32732256-600-732.jpg

    HTTP Response

    200
  • 216.58.204.74:443
    https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
    tls, http
    IEXPLORE.EXE
    1.7kB
    41.2kB
    24
    35

    HTTP Request

    GET https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ.woff
    http
    IEXPLORE.EXE
    1.0kB
    24.5kB
    15
    21

    HTTP Request

    GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ.woff

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ.woff
    http
    IEXPLORE.EXE
    1.0kB
    24.6kB
    15
    21

    HTTP Request

    GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ.woff

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVQ.woff
    http
    IEXPLORE.EXE
    1.0kB
    23.9kB
    15
    21

    HTTP Request

    GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVQ.woff

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVQ.woff
    http
    IEXPLORE.EXE
    1.0kB
    24.4kB
    15
    21

    HTTP Request

    GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVQ.woff

    HTTP Response

    200
  • 163.70.151.35:80
    http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270
    http
    IEXPLORE.EXE
    1.2kB
    1.7kB
    8
    7

    HTTP Request

    GET http://www.facebook.com/plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80

    HTTP Response

    301

    HTTP Request

    GET http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270

    HTTP Response

    301
  • 163.70.151.35:80
    www.facebook.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 163.70.151.35:443
    https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80
    tls, http
    IEXPLORE.EXE
    1.3kB
    7.0kB
    12
    11

    HTTP Request

    GET https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/YouXiMoRen&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80

    HTTP Response

    200
  • 199.232.192.193:80
    http://i.imgur.com/8rd5JHn.png
    http
    IEXPLORE.EXE
    500 B
    651 B
    5
    5

    HTTP Request

    GET http://i.imgur.com/8rd5JHn.png

    HTTP Response

    301
  • 199.232.192.193:80
    http://i.imgur.com/h9Kh8PT.png
    http
    IEXPLORE.EXE
    500 B
    651 B
    5
    5

    HTTP Request

    GET http://i.imgur.com/h9Kh8PT.png

    HTTP Response

    301
  • 199.232.192.193:443
    https://i.imgur.com/8rd5JHn.png
    tls, http
    IEXPLORE.EXE
    26.1kB
    1.5MB
    554
    1062

    HTTP Request

    GET https://i.imgur.com/8rd5JHn.png

    HTTP Response

    200
  • 64.233.167.84:443
    https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    tls, http
    IEXPLORE.EXE
    2.1kB
    7.9kB
    14
    16

    HTTP Request

    GET https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4365004628592785164%26postID%3D2725958206295417007%26blogspotRpcToken%3D1380714%26bpli%3D1&go=true

    HTTP Response

    302

    HTTP Request

    GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    200
  • 64.233.167.84:443
    accounts.google.com
    tls
    IEXPLORE.EXE
    710 B
    4.8kB
    9
    9
  • 163.70.151.35:443
    https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270
    tls, http
    IEXPLORE.EXE
    1.2kB
    11.2kB
    12
    15

    HTTP Request

    GET https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2FYouXiMoRen&width=245&colorscheme=light&show_faces=true&border_color=white&connections=9&stream=false&header=false&height=270

    HTTP Response

    200
  • 142.250.187.196:80
    http://www.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs
    http
    IEXPLORE.EXE
    620 B
    1.5kB
    7
    5

    HTTP Request

    GET http://www.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs

    HTTP Response

    301
  • 142.250.187.196:80
    www.google.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 199.232.192.193:443
    https://i.imgur.com/h9Kh8PT.png
    tls, http
    IEXPLORE.EXE
    1.1kB
    8.0kB
    11
    14

    HTTP Request

    GET https://i.imgur.com/h9Kh8PT.png

    HTTP Response

    200
  • 142.250.180.1:80
    http://lh4.ggpht.com/_aunFc5EDRyI/S1u5tkkq3uI/AAAAAAAAAH8/L3MD-dRtmkY/plus.gif
    http
    IEXPLORE.EXE
    600 B
    1.3kB
    6
    5

    HTTP Request

    GET http://lh4.ggpht.com/_aunFc5EDRyI/S1u5tkkq3uI/AAAAAAAAAH8/L3MD-dRtmkY/plus.gif

    HTTP Response

    200
  • 142.250.180.1:80
    lh4.ggpht.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 172.217.169.46:443
    https://cse.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs
    tls, http
    IEXPLORE.EXE
    1.2kB
    9.5kB
    12
    13

    HTTP Request

    GET https://cse.google.com/cse/cse.js?cx=004900261465633806941:fgxhoki1tbs

    HTTP Response

    404
  • 172.217.169.46:443
    cse.google.com
    tls
    IEXPLORE.EXE
    751 B
    7.4kB
    10
    11
  • 142.250.187.196:443
    https://www.google.com/js/bg/YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA.js
    tls, http
    IEXPLORE.EXE
    1.6kB
    30.8kB
    19
    27

    HTTP Request

    GET https://www.google.com/js/bg/YPLdhhxz6pNLPIbGlaCwlugi3aZZCpgGfChjHoWpMyA.js

    HTTP Response

    200
  • 216.58.201.110:80
    http://developers.google.com/
    http
    IEXPLORE.EXE
    834 B
    1.0kB
    7
    7

    HTTP Request

    GET http://developers.google.com/

    HTTP Response

    301

    HTTP Request

    GET http://developers.google.com/

    HTTP Response

    301
  • 216.58.201.110:80
    http://developers.google.com/
    http
    IEXPLORE.EXE
    538 B
    690 B
    6
    5

    HTTP Request

    GET http://developers.google.com/

    HTTP Response

    301
  • 216.58.201.110:80
    developers.google.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 216.58.201.110:443
    https://developers.google.com/
    tls, http
    IEXPLORE.EXE
    1.9kB
    41.0kB
    28
    35

    HTTP Request

    GET https://developers.google.com/

    HTTP Response

    200
  • 142.250.178.9:443
    resources.blogblog.com
    tls
    IEXPLORE.EXE
    526 B
    355 B
    6
    5
  • 172.67.8.141:80
    http://widgets.amung.us/small.js
    http
    IEXPLORE.EXE
    577 B
    4.3kB
    7
    7

    HTTP Request

    GET http://widgets.amung.us/small.js

    HTTP Response

    200
  • 172.67.8.141:80
    widgets.amung.us
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 104.20.19.71:80
    http://s10.histats.com/js15.js
    http
    IEXPLORE.EXE
    575 B
    5.1kB
    7
    7

    HTTP Request

    GET http://s10.histats.com/js15.js

    HTTP Response

    200
  • 104.20.19.71:80
    s10.histats.com
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 216.58.201.110:443
    https://developers.google.com/
    tls, http
    IEXPLORE.EXE
    1.5kB
    27.1kB
    21
    24

    HTTP Request

    GET https://developers.google.com/

    HTTP Response

    200
  • 163.70.151.21:443
    static.xx.fbcdn.net
    tls
    IEXPLORE.EXE
    756 B
    3.7kB
    10
    9
  • 163.70.151.21:443
    https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/3bY3tQaqmwk.css?_nc_x=Ij3Wp8lg5Kz
    tls, http
    IEXPLORE.EXE
    1.4kB
    12.3kB
    13
    16

    HTTP Request

    GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/3bY3tQaqmwk.css?_nc_x=Ij3Wp8lg5Kz

    HTTP Response

    200
  • 172.217.169.3:443
    https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js
    tls, http
    IEXPLORE.EXE
    1.4kB
    10.7kB
    12
    13

    HTTP Request

    GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

    HTTP Response

    200
  • 172.217.169.3:443
    ssl.gstatic.com
    tls
    IEXPLORE.EXE
    706 B
    4.8kB
    9
    9
  • 216.58.201.110:443
    https://developers.google.com/
    tls, http
    IEXPLORE.EXE
    1.7kB
    35.3kB
    26
    31

    HTTP Request

    GET https://developers.google.com/

    HTTP Response

    200
  • 104.20.19.71:443
    https://s10.histats.com/counters/cc_521.js
    tls, http
    IEXPLORE.EXE
    1.3kB
    11.6kB
    16
    19

    HTTP Request

    GET https://s10.histats.com/counters/cc_521.js

    HTTP Response

    200
  • 149.56.240.131:443
    https://s4.histats.com/stats/0.php?2482117&@f16&@g1&@h1&@i1&@j1716374709032&@k0&@l1&@m%E6%AE%BA%E6%89%8B%E5%B7%B2%E6%AD%BB(KILLER%20is%20DEAD)%E5%85%A8%E5%A6%B9%E5%AD%90%E6%94%B6%E9%9B%86%E6%94%BB%E7%95%A5%20%7C%20%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&@n0&@o1000&@q0&@r0&@s521&@ten-US&@u1280&@b1:-148908581&@b3:1716374709&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C66fcc9977d5bf820fb657eb75e439e4c_JaffaCakes118.html&@w
    tls, http
    IEXPLORE.EXE
    1.8kB
    3.9kB
    12
    9

    HTTP Request

    GET https://s4.histats.com/stats/0.php?2482117&@f16&@g1&@h1&@i1&@j1716374709032&@k0&@l1&@m%E6%AE%BA%E6%89%8B%E5%B7%B2%E6%AD%BB(KILLER%20is%20DEAD)%E5%85%A8%E5%A6%B9%E5%AD%90%E6%94%B6%E9%9B%86%E6%94%BB%E7%95%A5%20%7C%20%E9%81%8A%E6%88%B2%E9%AD%94%E4%BA%BA%E5%88%86%E7%AB%99&@n0&@o1000&@q0&@r0&@s521&@ten-US&@u1280&@b1:-148908581&@b3:1716374709&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C66fcc9977d5bf820fb657eb75e439e4c_JaffaCakes118.html&@w

    HTTP Response

    200
  • 149.56.240.131:443
    s4.histats.com
    tls
    IEXPLORE.EXE
    931 B
    3.2kB
    9
    8
  • 23.63.101.171:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    369 B
    1.6kB
    5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 216.58.201.110:443
    https://developers.google.com/extras.css
    tls, http
    IEXPLORE.EXE
    925 B
    355 B
    7
    5

    HTTP Request

    GET https://developers.google.com/extras.css
  • 23.55.97.11:80
    http://x2.c.lencr.org/
    http
    IEXPLORE.EXE
    344 B
    720 B
    5
    3

    HTTP Request

    GET http://x2.c.lencr.org/

    HTTP Response

    200
  • 118.139.179.30:80
    www.linkwithin.com
    IEXPLORE.EXE
    152 B
    3
  • 118.139.179.30:80
    www.linkwithin.com
    IEXPLORE.EXE
    152 B
    3
  • 149.56.240.131:443
    s4.histats.com
    tls
    IEXPLORE.EXE
    1.0kB
    3.3kB
    10
    9
  • 149.56.240.131:443
    https://s4.histats.com/stats/e.php?2482117&@Ab&@R66114&@w
    tls, http
    IEXPLORE.EXE
    1.3kB
    3.8kB
    10
    8

    HTTP Request

    GET https://s4.histats.com/stats/e.php?2482117&@Ab&@R66114&@w

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.6kB
    9
    12
  • 64.233.167.84:443
    https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    tls, http
    IEXPLORE.EXE
    1.2kB
    2.0kB
    9
    9

    HTTP Request

    GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    200
  • 64.233.167.84:443
    accounts.google.com
    tls
    IEXPLORE.EXE
    523 B
    355 B
    6
    5
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
    7.7kB
    10
    13
  • 64.233.167.84:443
    https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
    tls, http
    IEXPLORE.EXE
    1.1kB
    1.8kB
    7
    8

    HTTP Request

    GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

    HTTP Response

    200
  • 64.233.167.84:443
    accounts.google.com
    tls
    IEXPLORE.EXE
    431 B
    315 B
    4
    4
  • 8.8.8.8:53
    ajax.googleapis.com
    dns
    IEXPLORE.EXE
    65 B
    81 B
    1
    1

    DNS Request

    ajax.googleapis.com

    DNS Response

    216.58.204.74

  • 8.8.8.8:53
    www.blogger.com
    dns
    IEXPLORE.EXE
    61 B
    108 B
    1
    1

    DNS Request

    www.blogger.com

    DNS Response

    142.250.178.9

  • 8.8.8.8:53
    apis.google.com
    dns
    IEXPLORE.EXE
    61 B
    98 B
    1
    1

    DNS Request

    apis.google.com

    DNS Response

    142.250.200.14

  • 8.8.8.8:53
    code.jquery.com
    dns
    IEXPLORE.EXE
    61 B
    125 B
    1
    1

    DNS Request

    code.jquery.com

    DNS Response

    151.101.130.137
    151.101.2.137
    151.101.194.137
    151.101.66.137

  • 8.8.8.8:53
    blogger-related-posts.googlecode.com
    dns
    IEXPLORE.EXE
    82 B
    143 B
    1
    1

    DNS Request

    blogger-related-posts.googlecode.com

    DNS Response

    173.194.76.82

  • 8.8.8.8:53
    4.bp.blogspot.com
    dns
    IEXPLORE.EXE
    63 B
    124 B
    1
    1

    DNS Request

    4.bp.blogspot.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    resources.blogblog.com
    dns
    IEXPLORE.EXE
    68 B
    115 B
    1
    1

    DNS Request

    resources.blogblog.com

    DNS Response

    142.250.178.9

  • 8.8.8.8:53
    adplace.adsame.com
    dns
    IEXPLORE.EXE
    64 B
    125 B
    1
    1

    DNS Request

    adplace.adsame.com

  • 8.8.8.8:53
    dl.dropboxusercontent.com
    dns
    IEXPLORE.EXE
    71 B
    132 B
    1
    1

    DNS Request

    dl.dropboxusercontent.com

    DNS Response

    162.125.64.15

  • 8.8.8.8:53
    www.blogad.com.tw
    dns
    IEXPLORE.EXE
    63 B
    95 B
    1
    1

    DNS Request

    www.blogad.com.tw

    DNS Response

    172.67.214.204
    104.21.83.50

  • 8.8.8.8:53
    3.bp.blogspot.com
    dns
    IEXPLORE.EXE
    63 B
    124 B
    1
    1

    DNS Request

    3.bp.blogspot.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    2.bp.blogspot.com
    dns
    IEXPLORE.EXE
    63 B
    124 B
    1
    1

    DNS Request

    2.bp.blogspot.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    img2.blogblog.com
    dns
    IEXPLORE.EXE
    63 B
    110 B
    1
    1

    DNS Request

    img2.blogblog.com

    DNS Response

    142.250.178.9

  • 8.8.8.8:53
    img1.blogblog.com
    dns
    IEXPLORE.EXE
    63 B
    110 B
    1
    1

    DNS Request

    img1.blogblog.com

    DNS Response

    142.250.178.9

  • 8.8.8.8:53
    www.linkwithin.com
    dns
    IEXPLORE.EXE
    64 B
    94 B
    1
    1

    DNS Request

    www.linkwithin.com

    DNS Response

    118.139.179.30

  • 8.8.8.8:53
    www.facebook.com
    dns
    IEXPLORE.EXE
    62 B
    107 B
    1
    1

    DNS Request

    www.facebook.com

    DNS Response

    163.70.151.35

  • 8.8.8.8:53
    i.imgur.com
    dns
    IEXPLORE.EXE
    57 B
    128 B
    1
    1

    DNS Request

    i.imgur.com

    DNS Response

    199.232.192.193
    199.232.196.193

  • 8.8.8.8:53
    accounts.google.com
    dns
    IEXPLORE.EXE
    65 B
    81 B
    1
    1

    DNS Request

    accounts.google.com

    DNS Response

    64.233.167.84

  • 8.8.8.8:53
    www.google.com
    dns
    IEXPLORE.EXE
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

  • 8.8.8.8:53
    lh4.ggpht.com
    dns
    IEXPLORE.EXE
    59 B
    120 B
    1
    1

    DNS Request

    lh4.ggpht.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    cse.google.com
    dns
    IEXPLORE.EXE
    60 B
    76 B
    1
    1

    DNS Request

    cse.google.com

    DNS Response

    172.217.169.46

  • 8.8.8.8:53
    developers.google.com
    dns
    IEXPLORE.EXE
    67 B
    83 B
    1
    1

    DNS Request

    developers.google.com

    DNS Response

    216.58.201.110

  • 8.8.8.8:53
    widgets.amung.us
    dns
    IEXPLORE.EXE
    62 B
    110 B
    1
    1

    DNS Request

    widgets.amung.us

    DNS Response

    172.67.8.141
    104.22.75.171
    104.22.74.171

  • 8.8.8.8:53
    s10.histats.com
    dns
    IEXPLORE.EXE
    61 B
    141 B
    1
    1

    DNS Request

    s10.histats.com

    DNS Response

    104.20.19.71
    104.20.18.71

  • 8.8.8.8:53
    ssl.gstatic.com
    dns
    IEXPLORE.EXE
    61 B
    77 B
    1
    1

    DNS Request

    ssl.gstatic.com

    DNS Response

    172.217.169.3

  • 8.8.8.8:53
    static.xx.fbcdn.net
    dns
    IEXPLORE.EXE
    65 B
    104 B
    1
    1

    DNS Request

    static.xx.fbcdn.net

    DNS Response

    163.70.151.21

  • 8.8.8.8:53
    s4.histats.com
    dns
    IEXPLORE.EXE
    60 B
    268 B
    1
    1

    DNS Request

    s4.histats.com

    DNS Response

    149.56.240.131
    149.56.240.31
    54.39.128.162
    149.56.240.130
    149.56.240.129
    54.39.156.32
    149.56.240.27
    149.56.240.132
    142.4.219.198
    149.56.240.127
    149.56.240.128
    54.39.128.117
    158.69.254.144

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
    165 B
    1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    23.63.101.171
    23.63.101.153

  • 8.8.8.8:53
    x2.c.lencr.org
    dns
    IEXPLORE.EXE
    60 B
    165 B
    1
    1

    DNS Request

    x2.c.lencr.org

    DNS Response

    23.55.97.11

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.21.17.194

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.21.17.194

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    6728aea2631b86a76c237508d8ba9b55

    SHA1

    7a670f95cac088313f7558869162fe01c6dc0ec9

    SHA256

    e1dd7380c6df33cd5702b032e0e359029d3ef7630f06ceb42cfdc154fd0baf7b

    SHA512

    533080cd1ec40b8530cad5c9914e0a5156d225f7392283ed2607eda4f1db4a6930002274060ed9130a6f634222c2e15818e16a50579cfe7f5274d028d31212f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

    Filesize

    471B

    MD5

    8f25fd27c91bf81a14823685b5a7b317

    SHA1

    c7f7cf2229c0807f600c935f471ab46a098218a5

    SHA256

    5c4a768009a95db49d5b6b1e4747f37be0bc8168e7bf683272594f9537e3484c

    SHA512

    c6c0c0b81e761d651eb535632fe2ebe439dc3ae36bf0d98c7bb2ac47b76292116d2b505c2d2021d79f81118c7c4caff2463101485be2a662966626e2412bc500

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_E7AFBAB1045CF53D322BC26D3E9BEB05

    Filesize

    471B

    MD5

    9d44b33bdb350697ced0f5d67bed6809

    SHA1

    4de4d76a0f95c056ca966f24e5e55f8890e35322

    SHA256

    41e2718f74cd47b28b5a2db475864d19a5da9d744d29806fc7cd475638496cb8

    SHA512

    df7420577cde344cb46862db3871e74951695d05eec4dd95d9ae5b971623a5dc1d34598b41920947dc373f105efbcac84f61cac9575270fe997c5b71d68cef9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

    Filesize

    472B

    MD5

    572ce74ba9e3f6ebb167fa9963207f6e

    SHA1

    278aa8ba3ec53d91fec84d2529ca4248007d5b30

    SHA256

    17520108d1756f8ae26f0f66aa0b175d9f29e93339c4fdb67d2687906e3e917d

    SHA512

    fb8420b98a725c41301795fcab199e6bd8fe66bccae39b3d1c296058d4be49b6eb2dc5a48aa4f0ce62424c13cb16e0672af381f3834f35b25de6a88010e7a9d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    5a3c15ab7900f0b05fd229344c487fba

    SHA1

    a6b6fa4404805266b572e7a194d7e5c90f587ef2

    SHA256

    b4f46f8ac59d4f10edd7fac83471f76303ade98922f2ba659223702b953e171d

    SHA512

    1a969f41039e02e6d236218547452d13be2d4ed7ff40b7bd445bbb4f5f942e397964c9369fb7014d8efdccdb3166e72e9731ecb77211bef7342f4c34a7f04f0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    5a686bc154066d3a02cc354c4420bea1

    SHA1

    2a7fe7da32d46cd1d2319708649c5a08cafd2e99

    SHA256

    b5e57be8f27c093950bf9f071ef80d781956451243d706a4cea90e244d144132

    SHA512

    d2896a0e0188f6b5c1296ef10c4d564b4c9948abe4024842b5a83e99b159eb0b11c37fce987af7cb90ef6dbdcab4488065a86fa4f328822bd10ab2123b49d1ab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    bc8b85d17d965689ac36c0345490131b

    SHA1

    4ec23e1a61774a1cdd6c4c33bd62d521d5ab439e

    SHA256

    6cfce2b0a0dd022ef95cf48e9d1344c532f4fe6b503b859b315afd542db6615e

    SHA512

    345d6f9a3404b26a0d7e1e0f3515cbacb5560caf7db7c3c49ec9e39515c6d912d27f1c25b25e0d508beca21f3380654a7b106f5f72182d677b2e8e67ef14dfe3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc8a71f4ef49b475f86f1b9c80b2709e

    SHA1

    734437074cb532ab131982fae77105bb99220888

    SHA256

    99c8955099ddc268fe876d059ea9dd0a883ca14f2ab6915b588d636e4774a55b

    SHA512

    9fd28127c7be22d1552216f4c0dba53fb980243c0f92d0768060a2d432fc3349ab7c4e721cc257bfcdfc72e4fcc630bbab0696ed8cc466e91abd27e60b2871c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e12c3b8443db85d27052946d8bff5d3

    SHA1

    f0abf03c3fa78002bb5cea1e0b2d09a72a473eb1

    SHA256

    b0905b1129ca68b1ef6a6385359f06f11003228a379cb4879cee6d74c0bf9966

    SHA512

    c2da96b59029315d0b38d7aa4c848d7a3b403aa4a2d3aadd580ff3dc6d7b688f52acade89df7f881ef80a141c7a1cef55df4eedbf8f5add71feba358b77a958e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c3fbdf1a8d6dd566b7883f02fcb76f13

    SHA1

    7494c4df94c5d53ed9d11235d17d5c0d6edb9813

    SHA256

    3f312ba0535f5e0d78ff6bb1d561e3922c9e556dc8b70119b7bd0fcc47a4fb5e

    SHA512

    3211678727651355904aeb84535aa73f18a22b12ce26c40555101cde53ff6b0b0e03f988fce462c2ae05ad2ea7c2fddf145b3beb2d20cd5c71705dff898b40ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d196b0a6692ee38f26d54552b9b47bf6

    SHA1

    2fc42020efb5c26347b568fa9d6ce44a251917c1

    SHA256

    b557d7d9ecde7deb3fd6f7c6ef54658df883f42f656afb5c5496c0b62cabd297

    SHA512

    0d8492849ad0cf519b6e97c4a8d9aab6e624dbc196bbf4753ef2d6aa43c2d397164b4036109f6ac91d1d27ed05a87f6cd36dbb27fdf4485b74156fdbaa3fc51b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    73c427e3f67cbe11a0527b89bab5d9ce

    SHA1

    2a90694a11f809f8b2733f2d3cb34136c0bcfdf6

    SHA256

    c19d579a7ecdd8cd22d21ba11b34ab0f727e8fdde83061a30c0f11d849315327

    SHA512

    a22e9af58ca99f29a98536db1c03d8f1d2f220e1ce3e9d66d1836fbf41d440eb8f845063790dfd3d3fe8cfdac551ef6390d04b1cfeda64157e3bff198a17c543

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    761f53b99e3bdad33c524e23ce1f6781

    SHA1

    51ebec2f8b0ddd441f8b7fe0faa459f901d80f05

    SHA256

    008a04b477cb9c378f98dfda81e8564ea7aaadbdf2fa1b75870ba181336a52ea

    SHA512

    706a8973b86d285c10e910fccfb7505938f480fdb65a3aeaf915bbced020e8ab206a38d6d7c7e8f03fa5fc21a396a6a37a7812b04779a3a5025ed61af5a1a325

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    12c453de9212e1b6dbc9f71261dcdb9e

    SHA1

    c17c04204b2cfaee4559d46b95bb3aa79a5c1b40

    SHA256

    66f59d9b353d494fec6d38a4c4a2809f7f2dcd3838e9d3f7bce2ff21c508986c

    SHA512

    2ecba1eb9b5a8803a7823cfc378240f258fb69ee7760482046b2bad6770498a01d967e9b5a093584e29ced25f0e40d8bfa1ef8d6c09fae7c1afb462568bab2f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    63e596bbc4678d7c6389f4b2b58f498a

    SHA1

    2527a2e8202ce5ff7e93fae9ad7f811eb5bd7ade

    SHA256

    f835a6814e66e800eaadf23d55315aba35ef52c0256d8b8d5e9fe32b5776f634

    SHA512

    d4909770bb991342e0ed9caa4c5d588f0a54e32aa3095eaf7463c6f3c8f47dba965374fec1d6d92c661203d2653ec5cf5bdb98a5e5a58738d6fd5b25338b5f6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a751c3facde74bfc3e9c1c6ee0b1c0e

    SHA1

    d9abd3ac071fbee722231672c07a4055648eb34e

    SHA256

    9d4f0928b630204b4959a097e62a80ce745514e588ff8c4c8292942bfd7ce49a

    SHA512

    ea52a94bef96c49f7ed99e1ccd26e1692cc6d8999b8017ebb5897e171ea2471ac68f9b31996f4df68d64d9e9b5be147c4c734f9722720b45ed6cdac640805457

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2783357a94aa0b3a5bae44ef97223434

    SHA1

    8202cb849e8d5aed32e5ef17848e461946b99a61

    SHA256

    fb022fdaf546b75abf56697b8b98a3eecace78ed60f2fec3edc489748586ae4f

    SHA512

    607d9755bd3858f95492986403693a657bfabf9787f5aedf47ad6a155fa0d2194a7e737bf3f67a84c8ba43bae548a1af95db540701613a4f616c07b5e0b034c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a685c2df88fc62c59c115d52da319d8b

    SHA1

    15cba0503d68788891b311883df1636c2c9d1f66

    SHA256

    3dda7b0b88a3628b18b17c45536645c2595d7687be8f20456f5af852b4c1d0fe

    SHA512

    12507c4ac7d5055e07de8a5982b39fd3e5eeace4cfd6c9696a4c0216b365d6354ad98a561df38b08a9c83b01764be01d19ad23a25f7aa2d3328026ee50c28892

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    03510529297475033bb696c58f26a425

    SHA1

    48f556f56b63430f89897b4db8dd22a716b49b76

    SHA256

    231fad2bb9760fb005c4aa7c4112413703f05d897a97b536cc64e68280d1a093

    SHA512

    f64982d9c212719378e72e6880f37adec31fc4d299fbab627212e8bf758a733e01a844f2092fb82691021ff52b253611c3f20c8d149a476e28f1ca973418db08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    84257f75f927081cd8b519fd61b8bf7d

    SHA1

    7c9ebb8fb6960f69e23a61beb7c787eb2812b6cf

    SHA256

    cfbf1befcbd75105358f83be21a01f306aafd06f9c2be10ca7fea916d71554be

    SHA512

    53caf876ef2dd7fcd75924f691498ea2d5391da811283e4d01c43704be2d88f653f711cfb8f68845847326cd385a53971d9155ebfc969383317ecba46568f238

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    77a60f9a983eb25dabdfe3d35aa3f80c

    SHA1

    a236b26e1280ad8091082f3d2de2fe352b45970a

    SHA256

    b4e11825f0245dd4278128b917808e4680f3bce713d3b43cf668f3b13579bf62

    SHA512

    d473e9e9c6bb8be640f1c8f2e6f53a27a21755bf7d83382e2b4d64da891dc77b3650f95fe9542b5b92b0b3d8dc4d6637ae711b1df04c9c3ffa9d2359d8e201aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9b9b9d48a2123cd4660fad0768e1d87f

    SHA1

    05c39fc387043b674d973a8db48587e37ae9ca15

    SHA256

    675caa096f127318d9464f03ae371498a63e65d7c87f09cf73a80e30c84a287d

    SHA512

    e43c8254647b6412f01794646c4d7ce5be83af66c034e67e81e33b4e05b4f46337a7383d7ff5f2dc0d59da71927bd872db66ecde3f0ffe390272e142a16fbc53

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4f0e02224408f0e3f9101b203c70d3ff

    SHA1

    622217ffdb390605975c7d013e23c890e335e891

    SHA256

    8bb00f1745e1e56eabfbf519c4ef12f762463b2631993975cdf7e48d47ccf6a0

    SHA512

    7bf93d30d61a1c95df07eddc3dc1ae5dff80802ed9e8893b69d93035dc572e2fad077bc3637c133a1dd03533accd9bcb7228d690f5d38eca3e2dd621184611d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b5276e5a9ce91aa59d32f8671c2a842

    SHA1

    a94a679679727d9bfd0b658ae023467544c732d4

    SHA256

    a675c280094e2dfcefc458283857c140e04b939755d301662b361bc44a401dfd

    SHA512

    6fb1b143941d62c600dfec3dcbb92ae88d066a8b6d9183e01301eac241e1b35d63084f73d05d76b9775dc909f5197dd7f7423311d351331b60e2e3079161346f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c6c9a093eaacb01e26cb592b938184a7

    SHA1

    d10ff252d090af4c28910afbf758ad08d38ccd44

    SHA256

    b62cd3d4c316f6d6cc18124d7dbb07567d372a0477fedbcc8cb19f56d30bc44c

    SHA512

    dea8837e14cd4340c9c4e0808860068ccf5f2ff03d1aac91089ca36b1766214cd3120370a0ca556677afeb10dc1d5f27e4474a03f354a2f7b56c90a67d346919

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e0de37664c6cc5b1db4d3f8d3c7bfdf4

    SHA1

    c8433cab2f5aeba273dde06d0780c43bc44aec7f

    SHA256

    fc75af45e8125da4ac5451272267b6d2e1f26b2e91f309f38d692a64f1ccd51d

    SHA512

    9408a2526ac6d6a5d4a0cd5e7c76441982819749df5304383d73500bd43f829d75649aa14a866ca00cb5be410337a8bf454b5f4cfe08772de63371e57e322bea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    393d2303687c76912600e7a45c8e561f

    SHA1

    96d122466069d9085bcd79cc439d995155df701c

    SHA256

    88a98cbca2becf1aed4581b2d24c9e419e45cbf1341a49edff42c39bedacb580

    SHA512

    fe21713bfd24a726f782bfb192af3f3736e54ee208bada18246625afa6e564c7a627d35ee644144dc40330892879b23bb9edfc9fbe05494b4b54ca7e60c9c16e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    0b9b272a4070640dd567dee602ba52e2

    SHA1

    ba779495067a680529a374c25beb9f88fdd28526

    SHA256

    4cf3f7b2475e4908d88ab1963b89dfa3456816c3e82199a29686c67a2fc54353

    SHA512

    09e6e63221eb5e848e7a4ac113c45c90767f74ea2a13e4ad3fce63c188a7e9ff657060cc591eea08309ab7c58197b90fa54fd3148dfb33f4e44eae511b8f3545

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    8df558e366a2da35b926e4156cf69879

    SHA1

    e5a143665722151add38a90bcbe1ed1bbadb2841

    SHA256

    e6d96e0d342ad1b6abc87839c094268c9c76ec801fdbab407072659aafea763f

    SHA512

    10abb5619f8e05aeac891b0e5ecbadfe27a16abc5d0887b9c37189354d7333956f87e6ce9caf61824424c0bf5a8550076890812bc8f5c85ff3900af15a2a3e40

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    559c3dab62d1d1b9a9d60087f93f38ed

    SHA1

    3bf77668be474df82fb8153a4bbb6240436005bc

    SHA256

    91929fe0dcfa1867c856fee00cd17e21f20efd3b6f46103ac97b16e8aec78bdc

    SHA512

    e7b36b5d4fd13bcde1901fb47dcecdc9e04a0e0a165ffe3e3d829f223f6e34bb20c796c618d3c4d27751420a2090fa3586219fa49a18165608279bfa52c3a5e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_E7AFBAB1045CF53D322BC26D3E9BEB05

    Filesize

    396B

    MD5

    63d00b04477dbd9c6765f3d8ff454f0a

    SHA1

    d9d724693686498f5570439972ba85aa7cbeb3cd

    SHA256

    c7cebefed19c7d4d185cf6abaa1a9f11019aa1392b2d517f6afc16832371f59d

    SHA512

    8364587ca8a4c0e3e40002a56312fc87ea3c859b60b7496eeb99baf2d5d26902f70fd9aaca0cc0041270ff34a651dcda58b962001a93ee2e21e8ca528dad51cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

    Filesize

    406B

    MD5

    5d8af8af7136fe6b8700b946c3807d51

    SHA1

    5ecdc3b39704605124faec463bbda79144468f00

    SHA256

    84b56654c5290a5a48b7a93f1ae4b6e27ad0cd741cadbc07d35cd902ab56d7c7

    SHA512

    6e1a022526a877210e1a43e2d4e37c9114c0c5eb3568c372ca4aa62625d3e8c0252f47a6a28b5edcda646fe5132b64e186c3726903d3ef4f670be6b1ae75d293

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    1c6f9596c08f2276269df4a055ff016c

    SHA1

    bc344c7a89cff3e4f96e991f1683080ff238c7a7

    SHA256

    90c3f2c83b80e6cf508e9e30810edfbfc7c1f1478b9ff16eaaf39a7c0aeebbca

    SHA512

    4b8a094cdd963c41415d1c0790dcf9c1f086fba64c93cf7dd6873e032289f21248733a0ec290fd973ac77d11fbf413378ffe2a0975133b23f6cd35ed62cbfbd0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\TTN76I3C.htm

    Filesize

    84KB

    MD5

    b3925828be6ec2988e1d2f908d290c3e

    SHA1

    8e3c554632c38a04e89ce38f1c0ce42161bef73c

    SHA256

    b822d2e97121991d97a8f65c5b6f19fdf3b486f783c437b088e06afbf5991dcb

    SHA512

    ffc76f77c5210165a3332e9cd5d396c69cbf6ed099bd04ff9e4de39daa3e29baf93b0bb0423edd5df3b851632c1fd2e41dd844c376eef73098d91e86d8dea3b5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\cb=gapi[2].js

    Filesize

    133KB

    MD5

    4d1bd282f5a3799d4e2880cf69af9269

    SHA1

    2ede61be138a7beaa7d6214aa278479dce258adb

    SHA256

    5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

    SHA512

    615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\jquery.min[2].js

    Filesize

    70KB

    MD5

    10092eee563dec2dca82b77d2cf5a1ae

    SHA1

    65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b

    SHA256

    e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59

    SHA512

    cc92cf5a9b3a62a18af432fdffb81b76da84e2f43ce3c7800a919c10809118d0611e29a47f103ff3df18a54d5331bc5f06ef4771dc406cc763b30ff2a66a3e81

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\rpc_shindig_random[1].js

    Filesize

    14KB

    MD5

    23a7ab8d8ba33d255e61be9fc36b1d16

    SHA1

    042d8431d552c81f4e504644ac88adce7bf2b76f

    SHA256

    127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

    SHA512

    e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\3604799710-postmessagerelay[1].js

    Filesize

    11KB

    MD5

    40aaadf2a7451d276b940cddefb2d0ed

    SHA1

    b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

    SHA256

    4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

    SHA512

    6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\platform_gapi.iframes.style.common[1].js

    Filesize

    54KB

    MD5

    7ef4bc18139bcdbdd14c5b58b0955a67

    SHA1

    afe44fd9a877f81a3c36f571c0fc934324c6cbd7

    SHA256

    192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

    SHA512

    6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

  • C:\Users\Admin\AppData\Local\Temp\Cab8FD3.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar9034.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar9124.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.