c6f4948a57fdb473ebfcf88b76aa931bb7870a6822f93738c5d18f4c33362bc5

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 15:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html
Size

208KB
MD5

6b666d75d2d3181c289cbd26f4a9557a
SHA1

7b90d1238dd100887b6dd2cf5288947a3dd974d6
SHA256

c6f4948a57fdb473ebfcf88b76aa931bb7870a6822f93738c5d18f4c33362bc5
SHA512

0572332c70208e96cca34d9973d4035dc84cf6515d8603603e65b4a602e51debce907e074a3f37b569bfa401eae0d971571da9d83fe49e0c08471c98e2948d3f
SSDEEP

6144:ItHcIIIs3G4k5QhL8atVViVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4sO9mge/bE6zbv:mcD73G4k5QhL8at/iwMIsuQyf5bTM+Md

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d1b8d1b1efc0c148ae7cd15af8e86a480000000002000000000010660000000100002000000074ce3bccadfd568f08833dacdefd91090d2531d46fce0e1b95b3c3ad0d327627000000000e8000000002000020000000fb6f37868f400afd10ebb01f90073c5bdec48cdd9877218cc218b217006679af9000000083d71019963551f056833ee85c502daaa6e3d0cfe053eb06ac0989665f22945e8238f73ce9c8d8a12a3cbf91422400897b53b86d32d567dc32d22831ddbcaeaef07a473d4fd9dae84d2dff34bfd97549f1b63d568fd1755317948a618f882ecb2d1dc2a5e1bd4d85d1fdbb93fae4511dc757b0e22d380bfc005348c7d9b41f8a6291e4a67932307e1d4738152335d14640000000a3cbaba6229c95b0841d02c6a6a2409e1c12b266e968cdf830cade5c0b6d4c46da54bdeb164b02f479604c13b9a78ca97f3ede3cf0825f5ae5ef6e49af79ba59	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d1b8d1b1efc0c148ae7cd15af8e86a4800000000020000000000106600000001000020000000eef1e894a24017c46ed241bdcadfbb6ea5d3d1f317122f37548d4c387c7e6ea1000000000e8000000002000020000000699c53a12477f1b955bbd449f1a095016a46e7f6d40af3a5c91770a8180d75f020000000bfe0603d5816ec3dbb52d99ae27a3b3b3749b9c525bf7051268f1894bb0cca7940000000279d0d8fa0308249b59ce1ae6a4cf9f54b73098a8277a94a5b1f78409577576995f46bf3dd1ca8c8b761a50eb2899a1d382248ced16274951dfeb3c542877f20	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422640054"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47C19341-1919-11EF-8C47-FA8378BF1C4A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905a821f26adda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1300	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1300	iexplore.exe
1300	iexplore.exe
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 1760	1300	iexplore.exe	28
PID 1300 wrote to memory of 1760	1300	iexplore.exe	28
PID 1300 wrote to memory of 1760	1300	iexplore.exe	28
PID 1300 wrote to memory of 1760	1300	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1760

Network

DNS

ajax.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.187.234
DNS

stats.topofblogs.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stats.topofblogs.com

IN A

Response

stats.topofblogs.com

IN A

23.88.53.29

stats.topofblogs.com

IN A

95.216.161.60

stats.topofblogs.com

IN A

162.55.172.212

stats.topofblogs.com

IN A

168.119.245.137

stats.topofblogs.com

IN A

159.69.186.9

stats.topofblogs.com

IN A

195.201.124.255

stats.topofblogs.com

IN A

159.69.42.212

stats.topofblogs.com

IN A

65.21.240.245

stats.topofblogs.com

IN A

159.69.83.207
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
DNS

platform.twitter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

cs472.wac.edgecastcdn.net

cs472.wac.edgecastcdn.net

IN CNAME

cs1-apr-8315.wac.edgecastcdn.net

cs1-apr-8315.wac.edgecastcdn.net

IN CNAME

wac.apr-8315.edgecastdns.net

wac.apr-8315.edgecastdns.net

IN CNAME

cs1-lb-eu.8315.ecdns.net

cs1-lb-eu.8315.ecdns.net

IN CNAME

cs491.wac.edgecastcdn.net

cs491.wac.edgecastcdn.net

IN A

192.229.233.25
DNS

webstatsdomain.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

webstatsdomain.org

IN A

Response

webstatsdomain.org

IN A

46.229.169.130
DNS

webstatsdomain.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

webstatsdomain.org

IN A
DNS

static.addtoany.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.addtoany.com

IN A

Response

static.addtoany.com

IN A

104.22.70.197

static.addtoany.com

IN A

172.67.39.148

static.addtoany.com

IN A

104.22.71.197
DNS

www.blogrollcenter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogrollcenter.com

IN A

Response

www.blogrollcenter.com

IN A

91.195.240.12
DNS

resources.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

www.blogtopsites.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogtopsites.com

IN A

Response

www.blogtopsites.com

IN A

54.86.4.82

www.blogtopsites.com

IN A

35.171.118.124
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

feeds.feedburner.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

feeds.feedburner.com

IN A

Response

feeds.feedburner.com

IN CNAME

www4.l.google.com

www4.l.google.com

IN A

216.58.204.78
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Thu, 23 May 2024 15:29:48 GMT
Expires: Thu, 23 May 2024 15:29:48 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "80d5c9d57d5f206f"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 55813
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:31 GMT
Expires: Tue, 20 May 2025 15:06:31 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 260597
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 29729
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:01:29 GMT
Expires: Sun, 18 May 2025 12:01:29 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 444500
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://platform.twitter.com/widgets.js

IEXPLORE.EXE

Remote address:

192.229.233.25:80

Request

GET /widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1481
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Thu, 23 May 2024 15:29:47 GMT
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/673A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 27597
GET

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

IEXPLORE.EXE

Remote address:

142.250.187.234:443

Request

GET /ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33593
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 15:52:20 GMT
Expires: Sun, 18 May 2025 15:52:20 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 430648
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/127631110-widgets.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/127631110-widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 36558
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 14:06:54 GMT
Expires: Sun, 18 May 2025 14:06:54 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 13 Feb 2017 19:05:13 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 436974
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/navbar.g?targetBlogID=3717365717779632801&blogName=Lowongan+Kerja+Terbaru+&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.lokerjobteranyar.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.lokerjobteranyar.com/&targetPostID=3308029486415719624&blogPostOrPageUrl=http://www.lokerjobteranyar.com/2014/06/lowongan-kerja-sebagai-guru-di-bakti.html&vt=4172821437583062325&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /navbar.g?targetBlogID=3717365717779632801&blogName=Lowongan+Kerja+Terbaru+&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.lokerjobteranyar.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.lokerjobteranyar.com/&targetPostID=3308029486415719624&blogPostOrPageUrl=http://www.lokerjobteranyar.com/2014/06/lowongan-kerja-sebagai-guru-di-bakti.html&vt=4172821437583062325&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 23 May 2024 15:29:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 15190
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 22 May 2024 01:06:18 GMT
Expires: Thu, 22 May 2025 01:06:18 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 138210
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.lokerjobteranyar.com%2F2014%2F06%2Flowongan-kerja-sebagai-guru-di-bakti.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.lokerjobteranyar.com%2F2014%2F06%2Flowongan-kerja-sebagai-guru-di-bakti.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 23 May 2024 15:29:49 GMT
Expires: Thu, 23 May 2024 15:59:49 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/platform:gapi.iframes.style.common.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/platform:gapi.iframes.style.common.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=3717365717779632801&blogName=Lowongan+Kerja+Terbaru+&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.lokerjobteranyar.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.lokerjobteranyar.com/&targetPostID=3308029486415719624&blogPostOrPageUrl=http://www.lokerjobteranyar.com/2014/06/lowongan-kerja-sebagai-guru-di-bakti.html&vt=4172821437583062325&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Thu, 23 May 2024 15:29:50 GMT
Expires: Thu, 23 May 2024 15:29:50 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "1df5d68c1707a051"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=3717365717779632801&blogName=Lowongan+Kerja+Terbaru+&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.lokerjobteranyar.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.lokerjobteranyar.com/&targetPostID=3308029486415719624&blogPostOrPageUrl=http://www.lokerjobteranyar.com/2014/06/lowongan-kerja-sebagai-guru-di-bakti.html&vt=4172821437583062325&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 45677
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 10:23:05 GMT
Expires: Sun, 18 May 2025 10:23:05 GMT
Cache-Control: public, max-age=31536000
Age: 450405
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Thu, 23 May 2024 15:29:50 GMT
Expires: Thu, 23 May 2024 15:29:50 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "9b77125b6924cb07"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 23473
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:32 GMT
Expires: Tue, 20 May 2025 15:06:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 260598
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://www.blogtopsites.com/v_193170.gif

IEXPLORE.EXE

Remote address:

54.86.4.82:80

Request

GET /v_193170.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogtopsites.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:29:47 GMT
Content-Type: image/gif
Content-Length: 168
Connection: keep-alive
Server: Apache
GET

http://static.addtoany.com/menu/page.js

IEXPLORE.EXE

Remote address:

104.22.70.197:80

Request

GET /menu/page.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.addtoany.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 23 May 2024 15:29:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 23 May 2024 16:29:47 GMT
Location: https://static.addtoany.com/menu/page.js
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 88861560c84ca00c-AMS
alt-svc: h3=":443"; ma=86400
GET

https://4.bp.blogspot.com/-sR0dok9IQk4/WGzIxYHPrkI/AAAAAAAAFNk/zo5eZzeSLbc1BfFDL6vrMt03QviVPHGDQCLcB/s320/aio3.png

IEXPLORE.EXE

Remote address:

142.250.180.1:443

Request

GET /-sR0dok9IQk4/WGzIxYHPrkI/AAAAAAAAFNk/zo5eZzeSLbc1BfFDL6vrMt03QviVPHGDQCLcB/s320/aio3.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v14da"
Expires: Fri, 24 May 2024 15:29:49 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="aio3.png"
X-Content-Type-Options: nosniff
Date: Thu, 23 May 2024 15:29:49 GMT
Server: fife
Content-Length: 102629
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://feeds.feedburner.com/~fc/lokerjobteranyar/pqIE?bg=99CCFF&fg=444444&anim=0

IEXPLORE.EXE

Remote address:

216.58.204.78:80

Request

GET /~fc/lokerjobteranyar/pqIE?bg=99CCFF&fg=444444&anim=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: feeds.feedburner.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 23 May 2024 15:29:48 GMT
Content-Security-Policy: script-src 'nonce-_yd8XGKVjORQUHy-2SHhXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/RaichuFeedServer/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/RaichuFeedServer/cspreport
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
GET

http://stats.topofblogs.com/send/196872

IEXPLORE.EXE

Remote address:

23.88.53.29:80

Request

GET /send/196872 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: stats.topofblogs.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Thu, 23 May 2024 15:04:31 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ndsp=eyJkb21haW5OYW1lIjoidG9wb2ZibG9ncy5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRjMTU1IiwidXNlckFnZW50IjoiTW96aWxsYVwvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnRcLzcuMDsgcnY6MTEuMCkgbGlrZSBHZWNrbyIsInNlc3Npb24iOiJmOWFmNGQzYjdjNTM0OTE0ZDFkMWU0MzRjMmU0YTU3NyIsInRpbWVfaW5pdCI6MTcxNjQ3NjY3MX0%3D; expires=Thu, 23-May-2024 21:59:59 GMT; Max-Age=24928; path=/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:32:12 GMT
Expires: Sat, 25 May 2024 12:32:12 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 18 May 2024 09:53:24 GMT
Content-Type: image/png
Age: 442656
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

IEXPLORE.EXE

Remote address:

91.195.240.12:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

http://www.blogrollcenter.com/rank/career-jobs/a1/lokerjobteranyar.gif

IEXPLORE.EXE

Remote address:

91.195.240.12:80

Request

GET /rank/career-jobs/a1/lokerjobteranyar.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogrollcenter.com
Connection: Keep-Alive

Response

HTTP/1.1 441

date: Thu, 23 May 2024 15:29:47 GMT
content-length: 0
server: NginX
GET

https://static.addtoany.com/menu/page.js

IEXPLORE.EXE

Remote address:

104.22.70.197:443

Request

GET /menu/page.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.addtoany.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:29:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400, stale-while-revalidate=30, public
Cf-Bgj: minify
ETag: W/"e346c2841e4abbb66ee259e9540abb61"
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilquHBfZwe112MG4lxQJaE1Bl%2F1Semnk9Mh%2BEbXe%2BDx%2BybVbsR4Q5Zk%2F9rOUWhdZ26RQjEtVIN10UNSWhZnKMUDc0iQddFAiLQn431iW1y0ENRlR2c%2FMXDQ7dgMGnGMUgYp3CKA9"}],"group":"cf-nel","max_age":604800}
Vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
CF-Cache-Status: HIT
Age: 853
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8886156c7b6a6681-AMS
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://static.addtoany.com/menu/sm.25.html

IEXPLORE.EXE

Remote address:

104.22.70.197:443

Request

GET /menu/sm.25.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.addtoany.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:29:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qSeivxXBn8S26LGjslhMi1BIR6MwRd1IOK%2BhrD%2B05RDOl%2FihCgx8zfqtRDd8YzhEqgmJHNDdyQDqdvBIBht82qzh4Zw8vj8EFWvJKOcpbqEcL4J6Z1WH13zWEiUKzgsUa09ueVyX4uf%2B%2BRo%2FBpUFaZzD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 17836
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8886156e0cba6681-AMS
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://static.addtoany.com/menu/eso.BRQnzO8v.js

IEXPLORE.EXE

Remote address:

104.22.70.197:443

Request

GET /menu/eso.BRQnzO8v.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.addtoany.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:29:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Cf-Bgj: minify
ETag: W/"93c41722448d9f615d5594fdaa7bb9e0"
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLuOW9KcPEXpd0Aaz9bC3yP83jI%2BjXDT4MyttMj%2FwaWEyM%2FsmgeL%2FZD9RkFTj6I6qqbcY5HG7v2nMtPB9Var3bfOStzL35jNl4BVIFvk9bL8Q%2BzRDI4c4RtoLLk2l2miXmMnNeRs"}],"group":"cf-nel","max_age":604800}
Vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
CF-Cache-Status: HIT
Age: 835
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 88861570ffbc6681-AMS
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

2.18.24.8

a1952.dscq.akamai.net

IN A

2.18.24.9
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

2.18.24.8:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 23 May 2024 16:29:48 GMT
Date: Thu, 23 May 2024 15:29:48 GMT
Connection: keep-alive
GET

http://webstatsdomain.org/widget/raiting/www.lokerjobteranyar.com/gold-small.png

IEXPLORE.EXE

Remote address:

46.229.169.130:80

Request

GET /widget/raiting/www.lokerjobteranyar.com/gold-small.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: webstatsdomain.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx/1.10.3
Date: Thu, 23 May 2024 15:29:48 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://webstatsdomain.org/widget/raiting/www.lokerjobteranyar.com/gold-small.png
DNS

jqueryapi.info

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jqueryapi.info

IN A

Response

jqueryapi.info

IN A

45.56.79.23

jqueryapi.info

IN A

198.58.118.167

jqueryapi.info

IN A

45.33.23.183

jqueryapi.info

IN A

96.126.123.244

jqueryapi.info

IN A

45.79.19.196

jqueryapi.info

IN A

45.33.2.79

jqueryapi.info

IN A

173.255.194.134

jqueryapi.info

IN A

72.14.185.43

jqueryapi.info

IN A

45.33.18.44

jqueryapi.info

IN A

45.33.30.197

jqueryapi.info

IN A

72.14.178.174

jqueryapi.info

IN A

45.33.20.235
DNS

themes.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

themes.googleusercontent.com

IN A

Response

themes.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
GET

http://jqueryapi.info/?getsrc=ok&ref=&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html

IEXPLORE.EXE

Remote address:

45.56.79.23:80

Request

GET /?getsrc=ok&ref=&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: jqueryapi.info
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

server: openresty/1.13.6.1
date: Thu, 23 May 2024 15:29:49 GMT
content-type: application/javascript
content-length: 157
last-modified: Wed, 07 Mar 2018 18:30:37 GMT
etag: "5aa02fcd-9d"
accept-ranges: bytes
connection: close
GET

http://themes.googleusercontent.com/static/fonts/roboto/v11/2UX7WLTfW3W8TclTUvlFyQ.woff

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /static/fonts/roboto/v11/2UX7WLTfW3W8TclTUvlFyQ.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Timing-Allow-Origin: *
Content-Length: 21132
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:06:22 GMT
Expires: Sun, 18 May 2025 12:06:22 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT
Content-Type: font/woff
Age: 444207
GET

http://themes.googleusercontent.com/static/fonts/roboto/v11/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /static/fonts/roboto/v11/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Timing-Allow-Origin: *
Content-Length: 20636
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 13:29:57 GMT
Expires: Sun, 18 May 2025 13:29:57 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT
Content-Type: font/woff
Age: 439192
GET

http://themes.googleusercontent.com/static/fonts/roboto/v11/Hgo13k-tfSpn0qi1SFdUfT8E0i7KZn-EPnyo3HZu7kw.woff

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /static/fonts/roboto/v11/Hgo13k-tfSpn0qi1SFdUfT8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Timing-Allow-Origin: *
Content-Length: 19973
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 13:29:57 GMT
Expires: Sun, 18 May 2025 13:29:57 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
Content-Type: font/woff
Vary: Accept-Encoding
Age: 439192
GET

http://themes.googleusercontent.com/static/fonts/roboto/v11/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /static/fonts/roboto/v11/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Timing-Allow-Origin: *
Content-Length: 19812
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:06:22 GMT
Expires: Sun, 18 May 2025 12:06:22 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT
Content-Type: font/woff
Age: 444207
GET

http://themes.googleusercontent.com/static/fonts/roboto/v11/1pO9eUAp8pSF8VnRTP3xnvesZW2xOQ-xsNqO47m55DA.woff

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /static/fonts/roboto/v11/1pO9eUAp8pSF8VnRTP3xnvesZW2xOQ-xsNqO47m55DA.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Timing-Allow-Origin: *
Content-Length: 22396
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 22 May 2024 19:38:22 GMT
Expires: Thu, 22 May 2025 19:38:22 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT
Content-Type: font/woff
Age: 71487
GET

http://themes.googleusercontent.com/static/fonts/oswald/v8/-g5pDUSRgvxvOl5u-a_WHw.woff

IEXPLORE.EXE

Remote address:

172.217.16.225:80

Request

GET /static/fonts/oswald/v8/-g5pDUSRgvxvOl5u-a_WHw.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: themes.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Timing-Allow-Origin: *
Content-Length: 21520
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 11:51:18 GMT
Expires: Sun, 18 May 2025 11:51:18 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT
Content-Type: font/woff
Age: 445111
DNS

www.lokerjobteranyar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.lokerjobteranyar.com

IN A

Response

www.lokerjobteranyar.com

IN A

154.85.140.12
DNS

x2.c.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.55.97.11
GET

http://x2.c.lencr.org/

IEXPLORE.EXE

Remote address:

23.55.97.11:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Mon, 12 Feb 2024 22:07:27 GMT
ETag: "65ca969f-12b"
Cache-Control: max-age=3600
Expires: Thu, 23 May 2024 16:29:49 GMT
Date: Thu, 23 May 2024 15:29:49 GMT
Content-Length: 299
Connection: keep-alive
DNS

s10.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s10.histats.com

IN A

Response

s10.histats.com

IN CNAME

s10.histats.com.cdn.cloudflare.net

s10.histats.com.cdn.cloudflare.net

IN A

104.20.18.71

s10.histats.com.cdn.cloudflare.net

IN A

104.20.19.71
GET

http://s10.histats.com/js15_gif.js

IEXPLORE.EXE

Remote address:

104.20.18.71:80

Request

GET /js15_gif.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s10.histats.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:29:49 GMT
Content-Type: text/javascript
Content-Length: 4422
Connection: keep-alive
Content-Encoding: gzip
ETag: "1458891563"
Last-Modified: Thu, 16 Apr 2020 10:44:17 GMT
Vary: Accept-Encoding
Cache-Control: max-age=28800
CF-Cache-Status: HIT
Age: 72813
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 8886156cc9f693ef-LHR
GET

http://www.lokerjobteranyar.com/feeds/posts/summary/-/Guru?alt=json-in-script&orderby=updated&max-results=0&callback=randomRelatedIndex

IEXPLORE.EXE

Remote address:

154.85.140.12:80

Request

GET /feeds/posts/summary/-/Guru?alt=json-in-script&orderby=updated&max-results=0&callback=randomRelatedIndex HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.lokerjobteranyar.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Cache-Control: private
Content-Length: 79
Content-Type: text/html; Charset=gb2312
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDCQQQRBCT=NLGNCDJDKPBHLOACMIGKEDJE; path=/
X-Powered-By: ASP.NET
Date: Thu, 23 May 2024 15:29:50 GMT
DNS

s4i.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s4i.histats.com

IN A

Response

s4i.histats.com

IN A

149.56.240.132

s4i.histats.com

IN A

142.4.219.198

s4i.histats.com

IN A

149.56.240.129

s4i.histats.com

IN A

149.56.240.31

s4i.histats.com

IN A

149.56.240.127

s4i.histats.com

IN A

149.56.240.130
GET

https://s4i.histats.com/stats/i/2601181.gif?2601181&@f16&@g1&@h1&@i1&@j1716478188058&@k0&@l1&@mLowongan%20Kerja%20Sebagai%20Guru%20di%20Bakti%20Mulya%20400%20Jakarta%20Selatan%20%7C%20Lowongan%20Kerja%20Terbaru&@n0&@o1000&@q0&@r0&@s10049&@ten-US&@u1280&@b1:25735877&@b3:1716478188&@b4:js15_gif.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html&@w

IEXPLORE.EXE

Remote address:

149.56.240.132:443

Request

GET /stats/i/2601181.gif?2601181&@f16&@g1&@h1&@i1&@j1716478188058&@k0&@l1&@mLowongan%20Kerja%20Sebagai%20Guru%20di%20Bakti%20Mulya%20400%20Jakarta%20Selatan%20%7C%20Lowongan%20Kerja%20Terbaru&@n0&@o1000&@q0&@r0&@s10049&@ten-US&@u1280&@b1:25735877&@b3:1716478188&@b4:js15_gif.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html&@w HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s4i.histats.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:29:59 GMT
Content-Type: image/png
Content-Length: 1005
Connection: close
ETag: 1195929020
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 23 May 2024 15:23:38 GMT
Expires: Thu, 23 May 2024 17:23:38 GMT
Cache-Control: public, max-age=7200
Age: 371
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

developers.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

216.58.201.110
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

64.233.167.84
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: 03527283559d66e0bb6a3e8b11fc4c5a
Date: Thu, 23 May 2024 15:29:50 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

64.233.167.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 23 May 2024 15:29:50 GMT
Content-Security-Policy: script-src 'nonce-dWi3ig8Pp3N_M0H4WKhggA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

64.233.167.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 23 May 2024 15:30:50 GMT
Content-Security-Policy: script-src 'nonce-BrQqwVOpW4TYB5N8jQSQOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 May 2024 15:08:21 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.1910448046.1716478190; Expires=Sat, 23 May 2026 15:29:50 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-f9gtig7yxaT3nVCkpGE26DjzoMlJhN' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: 42fec1fb88f5f422ce504757336519a8
Date: Thu, 23 May 2024 15:29:50 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.169.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

IEXPLORE.EXE

Remote address:

172.217.169.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 4846
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:40 GMT
Expires: Tue, 20 May 2025 15:06:40 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 12 May 2024 02:08:16 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 260590
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

s4.histats.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s4.histats.com

IN A

Response

s4.histats.com

IN A

54.39.156.32

s4.histats.com

IN A

149.56.240.130

s4.histats.com

IN A

142.4.219.198

s4.histats.com

IN A

149.56.240.31

s4.histats.com

IN A

54.39.128.162

s4.histats.com

IN A

149.56.240.27

s4.histats.com

IN A

54.39.128.117

s4.histats.com

IN A

149.56.240.127

s4.histats.com

IN A

149.56.240.131

s4.histats.com

IN A

149.56.240.128

s4.histats.com

IN A

158.69.254.144

s4.histats.com

IN A

149.56.240.132

s4.histats.com

IN A

149.56.240.129
GET

https://s4.histats.com/stats/e.php?2601181&@Ab&@R98056&@w

IEXPLORE.EXE

Remote address:

54.39.156.32:443

Request

GET /stats/e.php?2601181&@Ab&@R98056&@w HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s4.histats.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 15:30:35 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 429
Connection: close
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

64.233.167.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 23 May 2024 15:31:52 GMT
Cross-Origin-Resource-Policy: same-site
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Security-Policy: script-src 'nonce-9IS3mV67pcnFE6712HQ1yg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

tls, http

IEXPLORE.EXE

4.1kB
122.6kB
58
96

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

HTTP Response

200
192.229.233.25:80

http://platform.twitter.com/widgets.js

http

IEXPLORE.EXE

997 B
29.2kB
16
24

HTTP Request

GET http://platform.twitter.com/widgets.js

HTTP Response

200
142.250.187.234:443

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

tls, http

IEXPLORE.EXE

2.0kB
41.5kB
26
36

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

HTTP Response

200
192.229.233.25:80

platform.twitter.com

IEXPLORE.EXE

190 B
132 B
4
3
142.250.178.9:443

https://www.blogger.com/navbar.g?targetBlogID=3717365717779632801&blogName=Lowongan+Kerja+Terbaru+&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.lokerjobteranyar.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.lokerjobteranyar.com/&targetPostID=3308029486415719624&blogPostOrPageUrl=http://www.lokerjobteranyar.com/2014/06/lowongan-kerja-sebagai-guru-di-bakti.html&vt=4172821437583062325&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

2.8kB
48.3kB
30
45

HTTP Request

GET https://www.blogger.com/static/v1/widgets/127631110-widgets.js

HTTP Response

200

HTTP Request

GET https://www.blogger.com/navbar.g?targetBlogID=3717365717779632801&blogName=Lowongan+Kerja+Terbaru+&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.lokerjobteranyar.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.lokerjobteranyar.com/&targetPostID=3308029486415719624&blogPostOrPageUrl=http://www.lokerjobteranyar.com/2014/06/lowongan-kerja-sebagai-guru-di-bakti.html&vt=4172821437583062325&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

7.3kB
124.5kB
60
103

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.lokerjobteranyar.com%2F2014%2F06%2Flowongan-kerja-sebagai-guru-di-bakti.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301

HTTP Request

GET https://apis.google.com/js/platform:gapi.iframes.style.common.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200
142.250.178.9:443

www.blogger.com

tls

IEXPLORE.EXE

700 B
4.7kB
9
8
142.250.187.234:443

ajax.googleapis.com

tls

IEXPLORE.EXE

756 B
5.1kB
10
9
54.86.4.82:80

www.blogtopsites.com

IEXPLORE.EXE

190 B
92 B
4
2
54.86.4.82:80

http://www.blogtopsites.com/v_193170.gif

http

IEXPLORE.EXE

556 B
482 B
6
4

HTTP Request

GET http://www.blogtopsites.com/v_193170.gif

HTTP Response

200
104.22.70.197:80

static.addtoany.com

IEXPLORE.EXE

466 B
92 B
10
2
104.22.70.197:80

http://static.addtoany.com/menu/page.js

http

IEXPLORE.EXE

590 B
1.3kB
7
5

HTTP Request

GET http://static.addtoany.com/menu/page.js

HTTP Response

301
142.250.180.1:443

4.bp.blogspot.com

tls

IEXPLORE.EXE

754 B
6.9kB
10
10
142.250.180.1:443

https://4.bp.blogspot.com/-sR0dok9IQk4/WGzIxYHPrkI/AAAAAAAAFNk/zo5eZzeSLbc1BfFDL6vrMt03QviVPHGDQCLcB/s320/aio3.png

tls, http

IEXPLORE.EXE

2.9kB
115.5kB
49
89

HTTP Request

GET https://4.bp.blogspot.com/-sR0dok9IQk4/WGzIxYHPrkI/AAAAAAAAFNk/zo5eZzeSLbc1BfFDL6vrMt03QviVPHGDQCLcB/s320/aio3.png

HTTP Response

200
216.58.204.78:80

http://feeds.feedburner.com/~fc/lokerjobteranyar/pqIE?bg=99CCFF&fg=444444&anim=0

http

IEXPLORE.EXE

642 B
2.1kB
7
6

HTTP Request

GET http://feeds.feedburner.com/~fc/lokerjobteranyar/pqIE?bg=99CCFF&fg=444444&anim=0

HTTP Response

404
23.88.53.29:80

stats.topofblogs.com

IEXPLORE.EXE

190 B
132 B
4
3
216.58.204.78:80

feeds.feedburner.com

IEXPLORE.EXE

190 B
92 B
4
2
23.88.53.29:80

http://stats.topofblogs.com/send/196872

http

IEXPLORE.EXE

831 B
2.0kB
12
5

HTTP Request

GET http://stats.topofblogs.com/send/196872

HTTP Response

200
142.250.178.9:443

resources.blogblog.com

tls

IEXPLORE.EXE

707 B
4.7kB
9
8
142.250.178.9:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http

IEXPLORE.EXE

1.1kB
7.1kB
11
11

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200
91.195.240.12:80

www.blogrollcenter.com

http

IEXPLORE.EXE

236 B
361 B
5
3

HTTP Response

408
91.195.240.12:80

http://www.blogrollcenter.com/rank/career-jobs/a1/lokerjobteranyar.gif

http

IEXPLORE.EXE

862 B
344 B
12
4

HTTP Request

GET http://www.blogrollcenter.com/rank/career-jobs/a1/lokerjobteranyar.gif

HTTP Response

441
104.22.70.197:443

https://static.addtoany.com/menu/eso.BRQnzO8v.js

tls, http

IEXPLORE.EXE

2.6kB
40.8kB
31
44

HTTP Request

GET https://static.addtoany.com/menu/page.js

HTTP Response

200

HTTP Request

GET https://static.addtoany.com/menu/sm.25.html

HTTP Response

200

HTTP Request

GET https://static.addtoany.com/menu/eso.BRQnzO8v.js

HTTP Response

200
2.18.24.8:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

369 B
1.6kB
5
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
46.229.169.130:80

http://webstatsdomain.org/widget/raiting/www.lokerjobteranyar.com/gold-small.png

http

IEXPLORE.EXE

602 B
1.1kB
6
6

HTTP Request

GET http://webstatsdomain.org/widget/raiting/www.lokerjobteranyar.com/gold-small.png

HTTP Response

301
46.229.169.130:80

webstatsdomain.org

IEXPLORE.EXE

466 B
92 B
10
2
46.229.169.130:443

webstatsdomain.org

tls

IEXPLORE.EXE

825 B
5.2kB
11
10
45.56.79.23:80

jqueryapi.info

IEXPLORE.EXE

466 B
92 B
10
2
45.56.79.23:80

http://jqueryapi.info/?getsrc=ok&ref=&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html

http

IEXPLORE.EXE

607 B
580 B
5
4

HTTP Request

GET http://jqueryapi.info/?getsrc=ok&ref=&url=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html

HTTP Response

200
172.217.16.225:80

http://themes.googleusercontent.com/static/fonts/roboto/v11/2UX7WLTfW3W8TclTUvlFyQ.woff

http

IEXPLORE.EXE

985 B
22.6kB
15
20

HTTP Request

GET http://themes.googleusercontent.com/static/fonts/roboto/v11/2UX7WLTfW3W8TclTUvlFyQ.woff

HTTP Response

200
172.217.16.225:80

http://themes.googleusercontent.com/static/fonts/roboto/v11/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff

http

IEXPLORE.EXE

960 B
22.1kB
14
19

HTTP Request

GET http://themes.googleusercontent.com/static/fonts/roboto/v11/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff

HTTP Response

200
172.217.16.225:80

http://themes.googleusercontent.com/static/fonts/roboto/v11/Hgo13k-tfSpn0qi1SFdUfT8E0i7KZn-EPnyo3HZu7kw.woff

http

IEXPLORE.EXE

960 B
21.5kB
14
19

HTTP Request

GET http://themes.googleusercontent.com/static/fonts/roboto/v11/Hgo13k-tfSpn0qi1SFdUfT8E0i7KZn-EPnyo3HZu7kw.woff

HTTP Response

200
172.217.16.225:80

http://themes.googleusercontent.com/static/fonts/roboto/v11/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff

http

IEXPLORE.EXE

960 B
21.2kB
14
19

HTTP Request

GET http://themes.googleusercontent.com/static/fonts/roboto/v11/d-6IYplOFocCacKzxwXSOD8E0i7KZn-EPnyo3HZu7kw.woff

HTTP Response

200
172.217.16.225:80

http://themes.googleusercontent.com/static/fonts/oswald/v8/-g5pDUSRgvxvOl5u-a_WHw.woff

http

IEXPLORE.EXE

1.8kB
47.3kB
26
39

HTTP Request

GET http://themes.googleusercontent.com/static/fonts/roboto/v11/1pO9eUAp8pSF8VnRTP3xnvesZW2xOQ-xsNqO47m55DA.woff

HTTP Response

200

HTTP Request

GET http://themes.googleusercontent.com/static/fonts/oswald/v8/-g5pDUSRgvxvOl5u-a_WHw.woff

HTTP Response

200
23.55.97.11:80

http://x2.c.lencr.org/

http

IEXPLORE.EXE

396 B
1.3kB
6
4

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
104.20.18.71:80

http://s10.histats.com/js15_gif.js

http

IEXPLORE.EXE

579 B
5.1kB
7
7

HTTP Request

GET http://s10.histats.com/js15_gif.js

HTTP Response

200
104.20.18.71:80

s10.histats.com

IEXPLORE.EXE

466 B
92 B
10
2
154.85.140.12:80

http://www.lokerjobteranyar.com/feeds/posts/summary/-/Guru?alt=json-in-script&orderby=updated&max-results=0&callback=randomRelatedIndex

http

IEXPLORE.EXE

634 B
516 B
6
4

HTTP Request

GET http://www.lokerjobteranyar.com/feeds/posts/summary/-/Guru?alt=json-in-script&orderby=updated&max-results=0&callback=randomRelatedIndex

HTTP Response

404
154.85.140.12:80

www.lokerjobteranyar.com

IEXPLORE.EXE

144 B
92 B
3
2
104.22.70.197:443

static.addtoany.com

tls

IEXPLORE.EXE

834 B
5.3kB
11
10
149.56.240.132:443

https://s4i.histats.com/stats/i/2601181.gif?2601181&@f16&@g1&@h1&@i1&@j1716478188058&@k0&@l1&@mLowongan%20Kerja%20Sebagai%20Guru%20di%20Bakti%20Mulya%20400%20Jakarta%20Selatan%20%7C%20Lowongan%20Kerja%20Terbaru&@n0&@o1000&@q0&@r0&@s10049&@ten-US&@u1280&@b1:25735877&@b3:1716478188&@b4:js15_gif.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html&@w

tls, http

IEXPLORE.EXE

1.8kB
4.5kB
12
10

HTTP Request

GET https://s4i.histats.com/stats/i/2601181.gif?2601181&@f16&@g1&@h1&@i1&@j1716478188058&@k0&@l1&@mLowongan%20Kerja%20Sebagai%20Guru%20di%20Bakti%20Mulya%20400%20Jakarta%20Selatan%20%7C%20Lowongan%20Kerja%20Terbaru&@n0&@o1000&@q0&@r0&@s10049&@ten-US&@u1280&@b1:25735877&@b3:1716478188&@b4:js15_gif.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5C6b666d75d2d3181c289cbd26f4a9557a_JaffaCakes118.html&@w

HTTP Response

200
149.56.240.132:443

s4i.histats.com

tls

IEXPLORE.EXE

932 B
3.1kB
9
7
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

864 B
19.7kB
13
17

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
132 B
4
3
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

538 B
690 B
6
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
216.58.201.110:80

developers.google.com

IEXPLORE.EXE

190 B
92 B
4
2
64.233.167.84:443

accounts.google.com

tls

IEXPLORE.EXE

756 B
4.8kB
10
9
64.233.167.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.9kB
8.0kB
15
17

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
216.58.201.110:443

https://developers.google.com/

tls, http

IEXPLORE.EXE

1.7kB
42.1kB
25
36

HTTP Request

GET https://developers.google.com/

HTTP Response

200
172.217.169.3:443

ssl.gstatic.com

tls

IEXPLORE.EXE

700 B
4.7kB
9
8
172.217.169.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.4kB
10.7kB
12
13

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Response

200
46.229.169.130:443

webstatsdomain.org

tls

IEXPLORE.EXE

546 B
373 B
6
5
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
54.39.156.32:443

s4.histats.com

tls

IEXPLORE.EXE

1.3kB
3.2kB
10
8
54.39.156.32:443

https://s4.histats.com/stats/e.php?2601181&@Ab&@R98056&@w

tls, http

IEXPLORE.EXE

1.3kB
3.8kB
10
8

HTTP Request

GET https://s4.histats.com/stats/e.php?2601181&@Ab&@R98056&@w

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
64.233.167.84:443

accounts.google.com

tls

IEXPLORE.EXE

431 B
315 B
4
4
64.233.167.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.0kB
1.9kB
7
8

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200

8.8.8.8:53

ajax.googleapis.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.187.234
8.8.8.8:53

stats.topofblogs.com

dns

IEXPLORE.EXE

66 B
210 B
1
1

DNS Request

stats.topofblogs.com

DNS Response

23.88.53.29

95.216.161.60

162.55.172.212

168.119.245.137

159.69.186.9

195.201.124.255

159.69.42.212

65.21.240.245

159.69.83.207
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

platform.twitter.com

dns

IEXPLORE.EXE

66 B
242 B
1
1

DNS Request

platform.twitter.com

DNS Response

192.229.233.25
8.8.8.8:53

webstatsdomain.org

dns

IEXPLORE.EXE

128 B
80 B
2
1

DNS Request

webstatsdomain.org

DNS Request

webstatsdomain.org

DNS Response

46.229.169.130
8.8.8.8:53

static.addtoany.com

dns

IEXPLORE.EXE

65 B
113 B
1
1

DNS Request

static.addtoany.com

DNS Response

104.22.70.197

172.67.39.148

104.22.71.197
8.8.8.8:53

www.blogrollcenter.com

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

www.blogrollcenter.com

DNS Response

91.195.240.12
8.8.8.8:53

resources.blogblog.com

dns

IEXPLORE.EXE

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.178.9
8.8.8.8:53

www.blogtopsites.com

dns

IEXPLORE.EXE

66 B
98 B
1
1

DNS Request

www.blogtopsites.com

DNS Response

54.86.4.82

35.171.118.124
8.8.8.8:53

4.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.178.9
8.8.8.8:53

feeds.feedburner.com

dns

IEXPLORE.EXE

66 B
110 B
1
1

DNS Request

feeds.feedburner.com

DNS Response

216.58.204.78
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

2.18.24.8

2.18.24.9
8.8.8.8:53

jqueryapi.info

dns

IEXPLORE.EXE

60 B
252 B
1
1

DNS Request

jqueryapi.info

DNS Response

45.56.79.23

198.58.118.167

45.33.23.183

96.126.123.244

45.79.19.196

45.33.2.79

173.255.194.134

72.14.185.43

45.33.18.44

45.33.30.197

72.14.178.174

45.33.20.235
8.8.8.8:53

themes.googleusercontent.com

dns

IEXPLORE.EXE

74 B
119 B
1
1

DNS Request

themes.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

www.lokerjobteranyar.com

dns

IEXPLORE.EXE

70 B
86 B
1
1

DNS Request

www.lokerjobteranyar.com

DNS Response

154.85.140.12
8.8.8.8:53

x2.c.lencr.org

dns

IEXPLORE.EXE

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

23.55.97.11
8.8.8.8:53

s10.histats.com

dns

IEXPLORE.EXE

61 B
141 B
1
1

DNS Request

s10.histats.com

DNS Response

104.20.18.71

104.20.19.71
8.8.8.8:53

s4i.histats.com

dns

IEXPLORE.EXE

61 B
157 B
1
1

DNS Request

s4i.histats.com

DNS Response

149.56.240.132

142.4.219.198

149.56.240.129

149.56.240.31

149.56.240.127

149.56.240.130
8.8.8.8:53

developers.google.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

216.58.201.110
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

64.233.167.84
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.169.3
8.8.8.8:53

s4.histats.com

dns

IEXPLORE.EXE

60 B
268 B
1
1

DNS Request

s4.histats.com

DNS Response

54.39.156.32

149.56.240.130

142.4.219.198

149.56.240.31

54.39.128.162

149.56.240.27

54.39.128.117

149.56.240.127

149.56.240.131

149.56.240.128

158.69.254.144

149.56.240.132

149.56.240.129
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9e130b50184e39e32205c9dd3befee15

SHA1
150b8bfb3208d3a854996e02c1470d81530335b5

SHA256
7b5bd8bc8ac2cd655c212c4790e5d9a259046730a9f0bb51616b036da55d2c50

SHA512
3cf76690e692c874792fa99d6358ebdd3596bab33bede653067375fc7de617eb7f150f52e640d34b2d51dcbe39c5bb88381bdc0279054ab65d5f1492d89f648f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
2d3d4fc892a34c5e471e79d599e8a30c

SHA1
99fc9166a2e76daebc80147a2ad13abc56427290

SHA256
db4a002095a64e3e225dc401b43cd9007aa363de66c6477cae4e0183701d9ab1

SHA512
4a65984750a394f7be34a572123e0d799b99590d984373b34310d822dde11d372ba59dc36de788636f7bd420c5339329a0bf088bb35f4ef8e9576cb612774f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
456638ec6a9175d9ba28f261178e27da

SHA1
ca0246e1cf29ba4978dc8e580cbd13286895f894

SHA256
94991734c53fefa522e9f182ef8b7b18b5463c6098d838f160b9253953d99d62

SHA512
6772bd4db42c9493d5be73551b27157bf86b07e83ac653d136a8c58b9b4288c960fdb614d9f2baf7baf366514df6364b94072c8cc213f4c5d77a3d952b6cce73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10d33f70e8a82ea1548fbbd7da8043ab

SHA1
77e67a5f6dbb32e53803bea08e39e1bc695ccf57

SHA256
3475742ea271aa95abbf110ab6a60d61709dc6509a6caef9c9163541063e332d

SHA512
6717771370d94c87b432fa3777267bc6dd4748bbdfa3f17d064106c86c2ea55a738d66129192c84d5e67e1bdb9215a588e24dde0caca4af4655d48d2dd182751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97754fe287fbc3f9d0813efb338d7bfe

SHA1
4e2d4e5663ac657d524e7133737b59482409f88d

SHA256
3ade4cbf24bca215c85a86913bf5c13b4e621b6a87ac89e42632e959ce394bdb

SHA512
036ec888fc0ccf906d42b371dd4aa852b4835ff7ea37ba29cf079b32a94038210578ce7d1b65519cd7f897d8c1ef9e1c1d3659d1ab23e9ee9fb0dc120113ee6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e856640ef73cf3b7312bae27d5b34353

SHA1
65f38cfdaa66c08afc3341f8f49c319aac1d4489

SHA256
16c31f90bccfa46dc5085dc24983be1671cd394383442a29eb8346e17300c4e0

SHA512
59d9e897eff64050b48ea2412806fa57380b6bd37d251bef19a135b84e25daa6f6e416f817fa3a974b8b5546a6a9d89bc53e17137cf676a7fcdf2c5b1ceda8af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20e369a8434e9f296294bca1e4d71dcf

SHA1
b6dfa80498400261a0ed75916113494977d34f24

SHA256
6a539041fa23be9222cc9c0cf2d8046de6a601d6c52c72f764d5e3ef9f1839d8

SHA512
57cd3c259d5c7b2ed5c7572146731683593823189a9e2af38a50d8703a903a52b9d6ed2f30dda0ef7982b6bdee1894b6e50b7ba5920eda5763cc26354e4457a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
306d0585899bdfb60e9e009b2c01f4e7

SHA1
6cbb484b6b9482819169b820a8aecb1744853fdd

SHA256
1f77a5cef7d8df7c3e5cbc75471412c3cfb550abcaade4fc8df51c68d75d5154

SHA512
83561202ead57c5d3e21f16d5e786e5f1f0f63bd3281c06468186fb700ba405d34526f35bfa0f035d3bdddd1cefdd3c8797559d8a097f970529ad9b1c9019698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a06d740fcdfdb155e4ee83fdbd69dc5e

SHA1
3af3625f194f7e4bc981865c8954738342bb9c62

SHA256
65605d73af973b928eea55043386c063e58afedf8ebd53875f33782fbf7a55f5

SHA512
7e30c0750c780ce7a451de570c8cec760cdc8387a3143e98501e148e52a6134ebe0941b7d21c6ece6e361ed34a9db544955d5bb137ed7e334d7ce190c62e561f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
866ccf7eb292f7c9b2f12c43ce72d328

SHA1
dcd50895def2f3f54d43fa09bd525e2a291eb6fb

SHA256
0bc90eaf4d6987402cdaec9a5bfa06092501dab749ef2e8010e2bedcb672180d

SHA512
0397e132cf5b27eb6a8f48bb54ef0785cb8175f31b1d795d6496786c040f913e7ef3ded2e6479c32575af3f90895d8f1641574e85768e32b7a815c64887e8426

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44b5bcae1f6de70f5d6732dd77749546

SHA1
799b2d963fb54590db73ac5835f2b9e21950f48b

SHA256
a71b90f2d451739b3d076a8a42de34c925f770d708b186352614749cafff76d1

SHA512
36626f539bda8280c7327f333b36fc4bf72f8398bd73c3496200a901bacc8581267560fefc0cd96c05289796523b7ec18fa8819c8bf0be080189b849004dae03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7742c5ad90103202a7728daa5d2e769b

SHA1
d8284273105c7e2077b9a0d0f8aa95c2bed69856

SHA256
7bd24854bfa9eba6e589d8196c70e433478967f3bad650ec769b473755d39b5d

SHA512
1491fa27e2d14677843e0677c56770fd0b74fc062069c8d71ef3b0942c070fabb7eeae7bfa9a251e73b071dbcffdb5607fb217c652b0597822837762f03fde4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c93dd9b9ea3b775a812af3d6b54560c2

SHA1
a4a0ee976c165dc167c0645c9f19e69ccd767c3e

SHA256
4e0cd42209e57aa2042b33989d52abb6eeda56f77ba4f4fa736995aef0951202

SHA512
39b0f99a9649b8047e3f8cb41395c1258016ac3a6112cdc7af9d3c415d6309037d0687cd12bbe7f747e78f7cff471f40557e66bb843901df2470973e89ad1a2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba2461455986431b8d7542e53838d661

SHA1
e405ce191f9e20bfe44303ccb59b117696ce32e2

SHA256
50a125ed4e00b726219be3260bfef030d286714c62598b702ac2185b6099fbbc

SHA512
40ba5dc870ecae1deb0ad4a0da0c3ef5666722ea65ce6a1fbb259b4531f49aa649cd02f2d9415fd956e8a2d729f7136a4bc25b83578cf3d78ce515cc2bc419ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd74e1c67a9cecf824f2cbae4dcf48e4

SHA1
56164bf1a899f3f5d9fc69cad8f9b75a356f6549

SHA256
7086b2903425f8a983ff11325f8121e3e9a923b09846011b20546363a7549e56

SHA512
c8163c5dbd03daa103b220d73400ef8a098f25ef21f045a5aa89646d6a02d4d76fdea7d205298e4460e3ba5229f706ae584c112100baeccddc8b9b078ad4e303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6439dc7f412d56ef7ff5f6eab7bd533

SHA1
85e7bfb8912900b96d88cc4e1bb79eba71e3bbd5

SHA256
ee90ff88a8d6bec4831353c57db50ad953aa95a98cf7074b74a62334b8044401

SHA512
19591efa8eac78f5efffad2eb443e45b6147b8de8620a1404de9c63ed40eba4143d24715ec33756d2c7857ee7eddbc0e8abb7528a4eb5cf19bf594e10e89b5bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63246c3c55381d39f2e58588b905408e

SHA1
e7c4d0def1941dafbbb1ffa639d68c7e3fb3758a

SHA256
0ebe20412e9a7876507d275703ea04ab5729f2fd20cdf3a3d06b599cd027b964

SHA512
d9ece9bee66c3a6dd8961a211ff6c4d7f0ed98d0a8bf87b575a36dbc55e99067a20e4430346f3e3666c0cb22935866d443bce2595002137706c7d0e4e3380c48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d04d91459d17819214171ff527adb4c3

SHA1
eeed7adea36437396ef15e19cec2f21d13df783a

SHA256
c7de1bc6fee417c16e899f7f1cac7e186f66d2e4f595261d9c916d5b11954ac4

SHA512
78cccbbb5738f5f03a384d2ff43ac1a842536ff66efc63e363f5ff329bbf8792c77b5f63c13a00a340fbc5cfb1b1f26b399c57a01c28080f156632451f3ca780

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0314d442a0fe80f66fe1411f89485fca

SHA1
05102e90e3d66de8217b03351f8ab5c9f0ae7ea2

SHA256
02cdfeaa5b987c32f5dd59b10adcc3c83af45d3b307d1429fdfccb0f0343e3fb

SHA512
a46d36fa41a7768a608eccf5ca426c0865783007341472c4cc9ce793193a7c9eb8b9db916bf07195430f93004f10883486e3668ef7c7e5741fed33f0bf380756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0ed6e8323a0578c492837a04306b161

SHA1
98b349ee63628e2b4e037a381a2a3cd9ad9f1252

SHA256
3392f21c1e80449f41765213780bd26b96ad7e0ddb673f62831676d735f0d69c

SHA512
21a1789a22dff4974a2f4fe0905cf93c20e0c6493f1317bd59cef95d0d3bd593cf4c6f1dc2e881f1367efb2e18d271a94585156bf16f7568ad86b8668e028010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f597a42c9e82cfea51f49f95d919c0e

SHA1
106898817c283d8dbba93407d48c6c458d5b8881

SHA256
45e57d99ab3e73c41a8b5b2d58f44f98fa45413c9ccbf3d0eb1828d6a30a5cde

SHA512
7e8f8a8369fc1da7a6da93736f14c1d4239ecf83e2694011548e06bfbbbbbef3980a6ec137fc13ba768907e38e90aed52b83f94767c34b90c2f6f113cfba63e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91c449394beb6d80581cac1d87c04652

SHA1
0fc8aef5f631e53d0ee13f4b4a3ca2a2801cdc42

SHA256
3553f9c8df52c06f20d6b64ed176529602ca8fb47badfb11567fb76913bf70ee

SHA512
47f8ad55aefd6c4388a829f3f728aa17de17e39f0be8ebb7902ba16ba0cee16ae6cdc4412d644d0abf3c9d1b3396f9cb9beea9d72cef89f262cce5816997951b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61f679a06aa6cbe08e6063f5a58a08a6

SHA1
bc56faa2f9eee3da2c5ec603ba516b40c3483a36

SHA256
14bba7351559ab122e34856a1f3d4aa66a674064f0e4f9b89dff06ea39d3e43c

SHA512
e9f1eb5a88a8244853727e327539f3c70559cb678c6a791e0a80c64d465c6703f27ea83737bc9394d4effc497356e5f3127883683caa40f824ceb27e7b520f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
60a7d89d20fe7068d670e41fab7f2067

SHA1
900c5b14462b9abb23524bd37c0e1d7c026d2983

SHA256
85b562136536010ce9605f30d62de1f2c874769057f04543399ec13f409eec38

SHA512
65d10fa0fa96e9d3962b3005455aeaafc51764dac237cb218f236472e81f84a149c0ef8afcbadcb10b451d081dc0e8652262cf62e3cf2e83451b3380ee693bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b4ed166d69b19de86c7f3bf15ace72b3

SHA1
ff959f844f36c16555296c2655575ae9d6e6595c

SHA256
59b32cc956e6c8f996a31adac7ca2e97500ce8f6b4e696de5fda15cdd7361f03

SHA512
80857d0ae8857a8e999b657b9b2bb776b919ca32cc771ccb91ed2e5eb2679bea0db9a4e2c186b758f25f4eb053738f18ba92b85466fbeed7a487e37f986475e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\cb=gapi[2].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\3604799710-postmessagerelay[1].js

Filesize
11KB

MD5
40aaadf2a7451d276b940cddefb2d0ed

SHA1
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

SHA256
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

SHA512
6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\plusone[1].js

Filesize
54KB

MD5
fb86282646c76d835cd2e6c49b8625f7

SHA1
d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

SHA256
638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

SHA512
07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\rpc_shindig_random[1].js

Filesize
14KB

MD5
23a7ab8d8ba33d255e61be9fc36b1d16

SHA1
042d8431d552c81f4e504644ac88adce7bf2b76f

SHA256
127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

SHA512
e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\9VU1TZNO.js

Filesize
157B

MD5
67e216a27dda24bdcb086c2385b0cb99

SHA1
17141c80f5d32bec3691c5ab24741d8b7dd5f0c6

SHA256
9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

SHA512
802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8F27.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9028.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response