d6bd6edc750db24164744e1c1ea015109490d219095150840813608fff69df96

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 02:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

741b0d74a6b2ed7ec4b23b5a1aeb00be_JaffaCakes118.html
Size

103KB
MD5

741b0d74a6b2ed7ec4b23b5a1aeb00be
SHA1

61f6ccff9a2d200dcae1c9b88a8ab40fb64a5610
SHA256

d6bd6edc750db24164744e1c1ea015109490d219095150840813608fff69df96
SHA512

b00b0ce2617229813e4de457ef360d23fbca00a805d5ef479fd3136fcb79ce97c2f45c87db75623d74688e161288c99f9a348062ac14b37331e92f563b516406
SSDEEP

3072:NNFQCBxRe8wNP7GT4aZYhBfrlsoErAKrFB:08wNzGj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0352e7d17afda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004a948e6092092e4d89c8268871d9c3c9000000000200000000001066000000010000200000006e82b65bd9d4085a3d77346843518a9fb27bfd88a30aa16ab5ed2b2f233996c7000000000e80000000020000200000006c5fb6dee7dd40b31580516f8a45f185ff44a183cc55ec7f6adf4fb1dae4fe4320000000810d27c57ea99cd197785ef8e5f5b5b6905150f9d1ce28c7d4d32de3d3847c8540000000bd1738d355777ee3db3d8881c6304a75e392b09450309b52ac4e0c0aeb3639914c8c7d1eba0d25deaeccc02cb74690b63d3f37d118951e78b9d1a25c335b4efb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004a948e6092092e4d89c8268871d9c3c9000000000200000000001066000000010000200000008e6cd9c77911e70320ae323d8a292db33d7d87fe2bc50bb823a2c140d690ebc2000000000e800000000200002000000011c230fde8c17f7093b838a206cbf20e352bb64a3278e0a9c82e792b04c12dc790000000cabc239094a20d323a1223c16195402a9f6dc77fb85eb6567f75c5eef7616f528da5e6634d1e75cc3179e70bb91fea3c1779a804c10f1708a5afcb613693a630cbb59e614f933f010dc7ce57c5b1dbb4fdcee0ba6b5ff1b7bdff5afe4abf3194ea67998cbfcdb20dbdf74d7d9bc7b016b2af4f2867881a203d5ab9bdcd96461b88ecf146e144cb523eb0b89d72aee94f40000000fb36215498693b8fade519e0d94465aa11e5b10c4f2348d1021e9ad324e54b06d1ad09fd0144dd1345f95a9ac0a55644c7eb4031cf47b57c5ead97225306e97a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A58ABA91-1B0A-11EF-8706-CEEE273A2359} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422853670"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2232	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2168	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2168	iexplore.exe
2168	iexplore.exe
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2232	2168	iexplore.exe	28
PID 2168 wrote to memory of 2232	2168	iexplore.exe	28
PID 2168 wrote to memory of 2232	2168	iexplore.exe	28
PID 2168 wrote to memory of 2232	2168	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\741b0d74a6b2ed7ec4b23b5a1aeb00be_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2232

Network

DNS

abuiyad.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

abuiyad.googlecode.com

IN A

Response

abuiyad.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

173.194.76.82
DNS

yourjavascript.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yourjavascript.com

IN A

Response

yourjavascript.com

IN A

13.248.169.48

yourjavascript.com

IN A

76.223.54.146
DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

3.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

w.sharethis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

w.sharethis.com

IN A

Response

w.sharethis.com

IN CNAME

d3mdrpbbs8qfxa.cloudfront.net

d3mdrpbbs8qfxa.cloudfront.net

IN A

3.162.140.98

d3mdrpbbs8qfxa.cloudfront.net

IN A

3.162.140.42

d3mdrpbbs8qfxa.cloudfront.net

IN A

3.162.140.91

d3mdrpbbs8qfxa.cloudfront.net

IN A

3.162.140.48
DNS

d31qbv1cthcecs.cloudfront.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

d31qbv1cthcecs.cloudfront.net

IN A

Response
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
DNS

2.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

www.shy22.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.shy22.com

IN A

Response

www.shy22.com

IN A

37.48.65.144
DNS

resources.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

lh3.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 15190
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 22 May 2024 01:06:18 GMT
Expires: Thu, 22 May 2025 01:06:18 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 351828
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=follow,gapi_iframes,gapi_iframes_style_bubble,plus,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_3?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=follow,gapi_iframes,gapi_iframes_style_bubble,plus,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_3?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 28283
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 06:32:02 GMT
Expires: Sun, 25 May 2025 06:32:02 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 73085
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/u/0/_/widget/render/follow?usegapi=1&height=20&annotation=bubble&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /u/0/_/widget/render/follow?usegapi=1&height=20&annotation=bubble&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 26 May 2024 02:50:07 GMT
Expires: Sun, 26 May 2024 03:20:07 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/platform:gapi.iframes.style.common.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/platform:gapi.iframes.style.common.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sun, 26 May 2024 02:50:08 GMT
Expires: Sun, 26 May 2024 02:50:08 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "1df5d68c1707a051"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 45677
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 10:23:44 GMT
Expires: Sun, 25 May 2025 10:23:44 GMT
Cache-Control: public, max-age=31536000
Age: 59184
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sun, 26 May 2024 02:50:08 GMT
Expires: Sun, 26 May 2024 02:50:08 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "9b77125b6924cb07"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 23473
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:32 GMT
Expires: Tue, 20 May 2025 15:06:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 474217
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://yourjavascript.com/02243316258/related.js

IEXPLORE.EXE

Remote address:

13.248.169.48:80

Request

GET /02243316258/related.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yourjavascript.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sun, 26 May 2024 02:50:05 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://3.bp.blogspot.com/-1N-DqvDB3XU/UGp6Eo4lakI/AAAAAAAAAOQ/_8S-Ahh9Pww/s1600/Home-blue3.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-1N-DqvDB3XU/UGp6Eo4lakI/AAAAAAAAAOQ/_8S-Ahh9Pww/s1600/Home-blue3.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Home-blue3.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2059
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "ve4"
Content-Type: image/png
Vary: Origin
Age: 2
GET

http://2.bp.blogspot.com/-pCmz_5Obvnc/U6hGlq5B-rI/AAAAAAAAAGk/uATHItOC6PU/s1600/%25D9%2585%25D8%25AF%25D9%2588%25D9%2586%25D8%25AA%25D9%2589.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-pCmz_5Obvnc/U6hGlq5B-rI/AAAAAAAAAGk/uATHItOC6PU/s1600/%25D9%2585%25D8%25AF%25D9%2588%25D9%2586%25D8%25AA%25D9%2589.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="______.jpg";filename*=UTF-8''%D9%85%D8%AF%D9%88%D9%86%D8%AA%D9%89.jpg
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 24904
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v6a"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://w.sharethis.com/button/buttons.js

IEXPLORE.EXE

Remote address:

3.162.140.98:80

Request

GET /button/buttons.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: w.sharethis.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Sun, 26 May 2024 02:50:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://w.sharethis.com/button/buttons.js
X-Cache: Redirect from cloudfront
Via: 1.1 a15151dab0997cb3b8192c8e65e8e564.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P2
X-Amz-Cf-Id: p8TzhoJuJFXUkFLMORn5wsFXp_Oc44f5vQ49oFJlnDiHwOsCsySZbg==
GET

http://yourjavascript.com/250120301911/related.js

IEXPLORE.EXE

Remote address:

13.248.169.48:80

Request

GET /250120301911/related.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yourjavascript.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sun, 26 May 2024 02:50:05 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://yourjavascript.com/12539432255/featured-slider.js

IEXPLORE.EXE

Remote address:

13.248.169.48:80

Request

GET /12539432255/featured-slider.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yourjavascript.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sun, 26 May 2024 02:50:05 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://abuiyad.googlecode.com/svn/read-more-right.js

IEXPLORE.EXE

Remote address:

173.194.76.82:80

Request

GET /svn/read-more-right.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: abuiyad.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1583
Date: Sun, 26 May 2024 02:50:05 GMT
GET

http://2.bp.blogspot.com/-xydf2MH9GTY/U4-v6EBVGwI/AAAAAAAAAD0/-k7Arh_wGYw/w72-h72-p-k-no-nu/images+(2).jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-xydf2MH9GTY/U4-v6EBVGwI/AAAAAAAAAD0/-k7Arh_wGYw/w72-h72-p-k-no-nu/images+(2).jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images (2).jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2792
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v3e"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://2.bp.blogspot.com/-tnWWe-3gJck/U5ZLHyrLBvI/AAAAAAAAAGA/ZOyUHF3hSNs/w72-h72-p-k-no-nu/images.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-tnWWe-3gJck/U5ZLHyrLBvI/AAAAAAAAAGA/ZOyUHF3hSNs/w72-h72-p-k-no-nu/images.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3892
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v61"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://2.bp.blogspot.com/-lMbol7UqMtk/UOBlQUhSwGI/AAAAAAAACjY/J7FkF2zNjBg/s1600/left-btn.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-lMbol7UqMtk/UOBlQUhSwGI/AAAAAAAACjY/J7FkF2zNjBg/s1600/left-btn.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="left-btn.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 217
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:04 GMT
Expires: Mon, 27 May 2024 02:50:04 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 3
ETag: "va36"
Content-Type: image/png
Vary: Origin
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sun, 26 May 2024 02:50:05 GMT
Expires: Sun, 26 May 2024 02:50:05 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "80d5c9d57d5f206f"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 55813
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:31 GMT
Expires: Tue, 20 May 2025 15:06:31 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 474215
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=follow,plus/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=follow,plus/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 6269
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 18:30:32 GMT
Expires: Sun, 25 May 2025 18:30:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 29975
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/im/_/widget/render/plus/followers?usegapi=1&width=150&theme=DARK&source=blogger%3Ablog%3Afollowers&height=300&action=followers&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/im/_/widget/render/plus/followers?usegapi=1&width=150&theme=DARK&source=blogger%3Ablog%3Afollowers&height=300&action=followers&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 26 May 2024 02:50:07 GMT
Expires: Sun, 26 May 2024 03:20:07 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1112872776418319695&zx=c033b01b-7224-40a1-b5fd-645562b5a0de

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /dyn-css/authorization.css?targetBlogID=1112872776418319695&zx=c033b01b-7224-40a1-b5fd-645562b5a0de HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/css; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 26 May 2024 02:50:06 GMT
Last-Modified: Sun, 26 May 2024 02:50:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 26 May 2024 02:50:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://2.bp.blogspot.com/-m9ze-2hSK7E/UYV4T7XQSlI/AAAAAAAAAU0/v7Q-o0bRC4c/s1600/twitter.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-m9ze-2hSK7E/UYV4T7XQSlI/AAAAAAAAAU0/v7Q-o0bRC4c/s1600/twitter.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="twitter.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 10758
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v14e"
Content-Type: image/png
Vary: Origin
Age: 2
GET

http://3.bp.blogspot.com/-UgJIsl-QGeQ/U40qv_LXjwI/AAAAAAAAACo/pixz5ipNS_E/w72-h72-p-k-no-nu/download.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-UgJIsl-QGeQ/U40qv_LXjwI/AAAAAAAAACo/pixz5ipNS_E/w72-h72-p-k-no-nu/download.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="download.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3522
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2b"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://3.bp.blogspot.com/-6eApBSymrtY/U5MpKJ5QV4I/AAAAAAAAAFw/2gCLqRNlAoY/w72-h72-p-k-no-nu/images.duckduckgo.com.jpeg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-6eApBSymrtY/U5MpKJ5QV4I/AAAAAAAAAFw/2gCLqRNlAoY/w72-h72-p-k-no-nu/images.duckduckgo.com.jpeg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images.duckduckgo.com.jpeg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3537
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v5d"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://3.bp.blogspot.com/-PdPrABRXYfI/URkpJW3m4sI/AAAAAAAADa0/HAtf1DZZn0U/s1600/btm-so.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-PdPrABRXYfI/URkpJW3m4sI/AAAAAAAADa0/HAtf1DZZn0U/s1600/btm-so.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="btm-so.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 199
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:04 GMT
Expires: Mon, 27 May 2024 02:50:04 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 3
ETag: "vdad"
Content-Type: image/png
Vary: Origin
GET

http://3.bp.blogspot.com/-isBqkDcJosA/U4-0h58FqWI/AAAAAAAAAEA/t3EPUTWwH0o/w72-h72-p-k-no-nu/download.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-isBqkDcJosA/U4-0h58FqWI/AAAAAAAAAEA/t3EPUTWwH0o/w72-h72-p-k-no-nu/download.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="download.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3812
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v41"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://3.bp.blogspot.com/-yPutIVU2TOw/U40miz2ZzhI/AAAAAAAAACc/uaCWJhXhLQw/w72-h72-p-k-no-nu/images.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-yPutIVU2TOw/U40miz2ZzhI/AAAAAAAAACc/uaCWJhXhLQw/w72-h72-p-k-no-nu/images.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4315
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:04 GMT
Expires: Mon, 27 May 2024 02:50:04 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v28"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://3.bp.blogspot.com/-BJXXCCCFnGY/URp3i83AZSI/AAAAAAAADcI/yb7zEdz1jPo/s1600/li1.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-BJXXCCCFnGY/URp3i83AZSI/AAAAAAAADcI/yb7zEdz1jPo/s1600/li1.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="li1.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 201
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 4
ETag: "vdc2"
Content-Type: image/png
Vary: Origin
GET

http://3.bp.blogspot.com/-4n-T6swwkJQ/U452qFBsHuI/AAAAAAAAADo/kK5-Dso_hiU/w72-h72-p-k-no-nu/images+%25283%2529.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-4n-T6swwkJQ/U452qFBsHuI/AAAAAAAAADo/kK5-Dso_hiU/w72-h72-p-k-no-nu/images+%25283%2529.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images (3).jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4524
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v3a"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

http://3.bp.blogspot.com/-kili2FI600k/U6oUWN0HrcI/AAAAAAAAAHA/U6InspP1LhM/s1600/%D9%85%D8%AF%D9%88%D9%86%D8%AA%D9%89+g,%5B,.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-kili2FI600k/U6oUWN0HrcI/AAAAAAAAAHA/U6InspP1LhM/s1600/%D9%85%D8%AF%D9%88%D9%86%D8%AA%D9%89+g,%5B,.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="______ g,[,.jpg";filename*=UTF-8''%D9%85%D8%AF%D9%88%D9%86%D8%AA%D9%89%20g%2C%5B%2C.jpg
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 12317
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v71"
Content-Type: image/jpeg
Vary: Origin
Age: 2
GET

https://www.blogger.com/static/v1/widgets/31027104-css_bundle_v2_rtl.css

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/31027104-css_bundle_v2_rtl.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 9148
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 24 May 2024 18:31:12 GMT
Expires: Sat, 24 May 2025 18:31:12 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 13 Aug 2018 11:32:31 GMT
Content-Type: text/css
Vary: Accept-Encoding
Age: 116333
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/202786884-widgets.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/202786884-widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 45335
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 12:43:19 GMT
Expires: Sun, 25 May 2025 12:43:19 GMT
Cache-Control: public, max-age=31536000
Age: 50806
Last-Modified: Thu, 05 Apr 2018 01:30:09 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/navbar/arrows-light.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/navbar/arrows-light.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 117
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 12:36:21 GMT
Expires: Sat, 01 Jun 2024 12:36:21 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 25 May 2024 05:57:29 GMT
Content-Type: image/png
Age: 51227
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://fonts.googleapis.com/earlyaccess/droidarabicnaskh.css

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /earlyaccess/droidarabicnaskh.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 26 May 2024 02:50:05 GMT
Date: Sun, 26 May 2024 02:50:05 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 12:32:25 GMT
Expires: Sat, 01 Jun 2024 12:32:25 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 24 May 2024 18:54:23 GMT
Content-Type: image/png
Age: 51460
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://resources.blogblog.com/img/navbar/icons_peach.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/navbar/icons_peach.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 907
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 12:27:04 GMT
Expires: Sat, 01 Jun 2024 12:27:04 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 25 May 2024 04:53:40 GMT
Content-Type: image/png
Age: 51784
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://www.shy22.com/upfilpng/spi54630.png

IEXPLORE.EXE

Remote address:

37.48.65.144:80

Request

GET /upfilpng/spi54630.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.shy22.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sun, 26 May 2024 02:50:04 GMT
server: nginx
set-cookie: sid=a7c804e4-1b0a-11ef-b006-24aaab65c4ae; path=/; domain=.shy22.com; expires=Fri, 13 Jun 2092 06:04:12 GMT; max-age=2147483647; HttpOnly
GET

http://www.shy22.com/upfilpng/xbc54601.png

IEXPLORE.EXE

Remote address:

37.48.65.144:80

Request

GET /upfilpng/xbc54601.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.shy22.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sun, 26 May 2024 02:50:04 GMT
server: nginx
set-cookie: sid=a7c804cc-1b0a-11ef-9175-24aa99fdcedc; path=/; domain=.shy22.com; expires=Fri, 13 Jun 2092 06:04:12 GMT; max-age=2147483647; HttpOnly
GET

http://www.shy22.com/upfilpng/oee54655.png

IEXPLORE.EXE

Remote address:

37.48.65.144:80

Request

GET /upfilpng/oee54655.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.shy22.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sun, 26 May 2024 02:50:04 GMT
server: nginx
set-cookie: sid=a7c804cc-1b0a-11ef-b715-24aac0f766bd; path=/; domain=.shy22.com; expires=Fri, 13 Jun 2092 06:04:12 GMT; max-age=2147483647; HttpOnly
GET

http://4.bp.blogspot.com/-PCFSSSXGrNg/Uv9eZ1OrIQI/AAAAAAAAAC8/9utCdW4HFCQ/w72-h72-p-k-no-nu/images.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-PCFSSSXGrNg/Uv9eZ1OrIQI/AAAAAAAAAC8/9utCdW4HFCQ/w72-h72-p-k-no-nu/images.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1964
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:04 GMT
Expires: Mon, 27 May 2024 02:50:04 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v30"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/-IVC1OVVMVBk/UIJ8y8n8ibI/AAAAAAAABvo/euUZmNLeM7M/s1600/rech.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-IVC1OVVMVBk/UIJ8y8n8ibI/AAAAAAAABvo/euUZmNLeM7M/s1600/rech.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="rech.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 505
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v6fa"
Content-Type: image/png
Vary: Origin
Age: 3
GET

http://4.bp.blogspot.com/-VySrL4OjOKQ/U5JuXX1o5ZI/AAAAAAAAAFQ/4p10QBH2c-E/w72-h72-p-k-no-nu/images.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-VySrL4OjOKQ/U5JuXX1o5ZI/AAAAAAAAAFQ/4p10QBH2c-E/w72-h72-p-k-no-nu/images.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="images.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4003
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v55"
Content-Type: image/jpeg
Vary: Origin
Age: 2
DNS

dl.dropbox.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dl.dropbox.com

IN A

Response

dl.dropbox.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
DNS

tqarob.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tqarob.googlecode.com

IN A

Response

tqarob.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

173.194.76.82
GET

https://lh3.googleusercontent.com/proxy/iCdCzIq9b3_4BnZgEATmaQIP04iRxNEWi9lVDCbZz7WgVvo4V4C0_82v5GIa0ACTWjSpR3T9YTnHeRb2xS0=w72-h72-p-k-no-nu

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /proxy/iCdCzIq9b3_4BnZgEATmaQIP04iRxNEWi9lVDCbZz7WgVvo4V4C0_82v5GIa0ACTWjSpR3T9YTnHeRb2xS0=w72-h72-p-k-no-nu HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="unnamed.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4072
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:04 GMT
Expires: Mon, 27 May 2024 02:50:04 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Type: image/jpeg
Vary: Origin
Age: 1
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://dl.dropbox.com/u/12924430/contentslider.js

IEXPLORE.EXE

Remote address:

162.125.64.15:80

Request

GET /u/12924430/contentslider.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dl.dropbox.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

location: https://dl.dropbox.com/u/12924430/contentslider.js
date: Sun, 26 May 2024 02:50:04 GMT
server: envoy
x-dropbox-request-id: 764ffd2bcdcb49289e237cb91cec4d50
content-length: 0
GET

http://tqarob.googlecode.com/files/tqarob_bloggerpagenavi.js

IEXPLORE.EXE

Remote address:

173.194.76.82:80

Request

GET /files/tqarob_bloggerpagenavi.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tqarob.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1592
Date: Sun, 26 May 2024 02:50:05 GMT
GET

https://dl.dropbox.com/u/12924430/contentslider.js

IEXPLORE.EXE

Remote address:

162.125.64.15:443

Request

GET /u/12924430/contentslider.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dl.dropbox.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Date: Sun, 26 May 2024 02:50:05 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow, noimageindex
Content-Encoding: gzip
Vary: Accept-Encoding
X-Dropbox-Response-Origin: remote
X-Dropbox-Request-Id: 0d130214ed634a778081b4c58194b90e
Transfer-Encoding: chunked
DNS

www.googletagservices.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.179.226
GET

http://www.googletagservices.com/tag/js/gpt.js

IEXPLORE.EXE

Remote address:

142.250.179.226:80

Request

GET /tag/js/gpt.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Sun, 26 May 2024 02:50:06 GMT
Expires: Sun, 26 May 2024 02:50:06 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Location: https://www.googletagservices.com/tag/js/gpt.js
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
DNS

1.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
GET

https://www.googletagservices.com/tag/js/gpt.js

IEXPLORE.EXE

Remote address:

142.250.179.226:443

Request

GET /tag/js/gpt.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Sun, 26 May 2024 02:50:06 GMT
Expires: Sun, 26 May 2024 02:50:06 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 311 / 19869 / 31083928 / config-hash: 9677823490987414970
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://1.bp.blogspot.com/-l2z8V-eDRZs/URZj2JsTQPI/AAAAAAAADUw/2hu5tsz98y4/s1600/png.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-l2z8V-eDRZs/URZj2JsTQPI/AAAAAAAADUw/2hu5tsz98y4/s1600/png.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="png.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 53063
X-XSS-Protection: 0
Date: Sun, 26 May 2024 02:50:03 GMT
Expires: Mon, 27 May 2024 02:50:03 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vd4c"
Content-Type: image/png
Vary: Origin
Age: 3
DNS

securepubads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

142.250.200.34
GET

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405220101/pubads_impl.js?cb=31083928

IEXPLORE.EXE

Remote address:

142.250.200.34:443

Request

GET /pagead/managed/js/gpt/m202405220101/pubads_impl.js?cb=31083928 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: securepubads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 157111
X-XSS-Protection: 0
Date: Sat, 25 May 2024 15:08:32 GMT
Expires: Sun, 25 May 2025 15:08:32 GMT
Cache-Control: public, immutable, max-age=31536000
Age: 42095
ETag: 8652273211762621675
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www4.0zz0.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www4.0zz0.com

IN A

Response

www4.0zz0.com

IN A

104.21.29.39

www4.0zz0.com

IN A

172.67.148.85
GET

http://www4.0zz0.com/2013/03/28/15/582085212.png

IEXPLORE.EXE

Remote address:

104.21.29.39:80

Request

GET /2013/03/28/15/582085212.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www4.0zz0.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 26 May 2024 02:50:07 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31536000
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrrDIgCi3zthNKP1LUn4xdKmWQlvHa0poEBgQykkrOPGiCBBsXP2FRTlDErepvwwtfad56%2Bk2tNfVa2oUAXfr0kDqtckpBgy4ad64qOv%2BdWTtgXya09H6tMoXlmcwWtS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 889a74b42f2f48b1-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

developers.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

216.58.201.110
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: 94dc9443978e8b709aeadc99f47285dc
Date: Sun, 26 May 2024 02:50:07 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: fcaeb783354394d07f7bcc30d7524c56
Date: Sun, 26 May 2024 02:50:08 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.206.84
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

74.125.206.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 26 May 2024 02:50:08 GMT
Content-Security-Policy: script-src 'nonce-HkOP9vnSm3I5XxvBPncJBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 May 2024 15:08:21 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.2694782084.1716691808; Expires=Tue, 26 May 2026 02:50:08 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-UAiFGUqKiSZNkNRGcI2AFRC33EBotM' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: d664c63491589d0e483195047cfa7a61
Date: Sun, 26 May 2024 02:50:08 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://developers.google.com/extras.css

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /extras.css HTTP/1.1
Accept: text/css, */*
Referer: https://developers.google.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive
Cookie: _ga_devsite=GA1.3.2694782084.1716691808
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 May 2024 15:08:21 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.2901252423.1716691809; Expires=Tue, 26 May 2026 02:50:09 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-6Pk2QbJu9d7+DtEykYr4FtyRJWvNLj' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: 07227cb629015af667ad6814ad4370f1
Date: Sun, 26 May 2024 02:50:09 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://developers.google.com/extras.css

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /extras.css HTTP/1.1
Accept: text/css, */*
Referer: https://developers.google.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive
Cookie: _ga_devsite=GA1.3.2901252423.1716691809
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.169.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

IEXPLORE.EXE

Remote address:

172.217.169.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 4846
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:40 GMT
Expires: Tue, 20 May 2025 15:06:40 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 12 May 2024 02:08:16 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 474209
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

74.125.206.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 26 May 2024 02:51:09 GMT
Content-Security-Policy: script-src 'nonce-IujFtCNJ1MZYprurJRyQqg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

74.125.206.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 26 May 2024 02:52:11 GMT
Content-Security-Policy: script-src 'nonce-J-nt8BsO476iOmfshGG47A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

8.9kB
160.6kB
85
129

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=follow,gapi_iframes,gapi_iframes_style_bubble,plus,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_3?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/u/0/_/widget/render/follow?usegapi=1&height=20&annotation=bubble&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301

HTTP Request

GET https://apis.google.com/js/platform:gapi.iframes.style.common.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200
13.248.169.48:80

http://yourjavascript.com/02243316258/related.js

http

IEXPLORE.EXE

547 B
471 B
6
5

HTTP Request

GET http://yourjavascript.com/02243316258/related.js

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-1N-DqvDB3XU/UGp6Eo4lakI/AAAAAAAAAOQ/_8S-Ahh9Pww/s1600/Home-blue3.png

http

IEXPLORE.EXE

610 B
2.7kB
6
5

HTTP Request

GET http://3.bp.blogspot.com/-1N-DqvDB3XU/UGp6Eo4lakI/AAAAAAAAAOQ/_8S-Ahh9Pww/s1600/Home-blue3.png

HTTP Response

200
142.250.180.1:80

http://2.bp.blogspot.com/-pCmz_5Obvnc/U6hGlq5B-rI/AAAAAAAAAGk/uATHItOC6PU/s1600/%25D9%2585%25D8%25AF%25D9%2588%25D9%2586%25D8%25AA%25D9%2589.jpg

http

IEXPLORE.EXE

1.1kB
26.3kB
15
22

HTTP Request

GET http://2.bp.blogspot.com/-pCmz_5Obvnc/U6hGlq5B-rI/AAAAAAAAAGk/uATHItOC6PU/s1600/%25D9%2585%25D8%25AF%25D9%2588%25D9%2586%25D8%25AA%25D9%2589.jpg

HTTP Response

200
3.162.140.98:80

w.sharethis.com

IEXPLORE.EXE

466 B
92 B
10
2
3.162.140.98:80

http://w.sharethis.com/button/buttons.js

http

IEXPLORE.EXE

545 B
1.4kB
6
5

HTTP Request

GET http://w.sharethis.com/button/buttons.js

HTTP Response

301
13.248.169.48:80

http://yourjavascript.com/250120301911/related.js

http

IEXPLORE.EXE

548 B
471 B
6
5

HTTP Request

GET http://yourjavascript.com/250120301911/related.js

HTTP Response

200
13.248.169.48:80

http://yourjavascript.com/12539432255/featured-slider.js

http

IEXPLORE.EXE

555 B
471 B
6
5

HTTP Request

GET http://yourjavascript.com/12539432255/featured-slider.js

HTTP Response

200
173.194.76.82:80

http://abuiyad.googlecode.com/svn/read-more-right.js

http

IEXPLORE.EXE

597 B
1.9kB
7
5

HTTP Request

GET http://abuiyad.googlecode.com/svn/read-more-right.js

HTTP Response

404
173.194.76.82:80

abuiyad.googlecode.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.180.1:80

http://2.bp.blogspot.com/-xydf2MH9GTY/U4-v6EBVGwI/AAAAAAAAAD0/-k7Arh_wGYw/w72-h72-p-k-no-nu/images+(2).jpg

http

IEXPLORE.EXE

674 B
4.1kB
7
7

HTTP Request

GET http://2.bp.blogspot.com/-xydf2MH9GTY/U4-v6EBVGwI/AAAAAAAAAD0/-k7Arh_wGYw/w72-h72-p-k-no-nu/images+(2).jpg

HTTP Response

200
142.250.180.1:80

http://2.bp.blogspot.com/-lMbol7UqMtk/UOBlQUhSwGI/AAAAAAAACjY/J7FkF2zNjBg/s1600/left-btn.png

http

IEXPLORE.EXE

1.1kB
6.1kB
9
9

HTTP Request

GET http://2.bp.blogspot.com/-tnWWe-3gJck/U5ZLHyrLBvI/AAAAAAAAAGA/ZOyUHF3hSNs/w72-h72-p-k-no-nu/images.jpg

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-lMbol7UqMtk/UOBlQUhSwGI/AAAAAAAACjY/J7FkF2zNjBg/s1600/left-btn.png

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/im/_/widget/render/plus/followers?usegapi=1&width=150&theme=DARK&source=blogger%3Ablog%3Afollowers&height=300&action=followers&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

4.5kB
99.4kB
52
81

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=follow,plus/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_2?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/im/_/widget/render/plus/followers?usegapi=1&width=150&theme=DARK&source=blogger%3Ablog%3Afollowers&height=300&action=followers&hl=ar&origin=file%3A%2F%2F&url=https%3A%2F%2Fplus.google.com%2F102289240421683104090&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301
142.250.178.9:443

https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

2.2kB
10.5kB
16
19

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1112872776418319695&zx=c033b01b-7224-40a1-b5fd-645562b5a0de

HTTP Response

200

HTTP Request

GET https://www.blogger.com/navbar.g?targetBlogID=1112872776418319695&blogName=%D8%A7%D8%A8%D8%AF%D8%A7%D8%B9+%D9%84%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D9%8A%D8%A7%D8%AA&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://ebda3ma3lomat.blogspot.com/search&blogLocale=ar&v=2&homepageUrl=http://ebda3ma3lomat.blogspot.com/&vt=4479444549120325454&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
142.250.180.1:80

http://2.bp.blogspot.com/-m9ze-2hSK7E/UYV4T7XQSlI/AAAAAAAAAU0/v7Q-o0bRC4c/s1600/twitter.png

http

IEXPLORE.EXE

791 B
11.7kB
10
12

HTTP Request

GET http://2.bp.blogspot.com/-m9ze-2hSK7E/UYV4T7XQSlI/AAAAAAAAAU0/v7Q-o0bRC4c/s1600/twitter.png

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-UgJIsl-QGeQ/U40qv_LXjwI/AAAAAAAAACo/pixz5ipNS_E/w72-h72-p-k-no-nu/download.jpg

http

IEXPLORE.EXE

672 B
5.5kB
7
7

HTTP Request

GET http://3.bp.blogspot.com/-UgJIsl-QGeQ/U40qv_LXjwI/AAAAAAAAACo/pixz5ipNS_E/w72-h72-p-k-no-nu/download.jpg

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-PdPrABRXYfI/URkpJW3m4sI/AAAAAAAADa0/HAtf1DZZn0U/s1600/btm-so.png

http

IEXPLORE.EXE

1.1kB
7.0kB
9
9

HTTP Request

GET http://3.bp.blogspot.com/-6eApBSymrtY/U5MpKJ5QV4I/AAAAAAAAAFw/2gCLqRNlAoY/w72-h72-p-k-no-nu/images.duckduckgo.com.jpeg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-PdPrABRXYfI/URkpJW3m4sI/AAAAAAAADa0/HAtf1DZZn0U/s1600/btm-so.png

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-BJXXCCCFnGY/URp3i83AZSI/AAAAAAAADcI/yb7zEdz1jPo/s1600/li1.png

http

IEXPLORE.EXE

1.6kB
10.9kB
12
13

HTTP Request

GET http://3.bp.blogspot.com/-isBqkDcJosA/U4-0h58FqWI/AAAAAAAAAEA/t3EPUTWwH0o/w72-h72-p-k-no-nu/download.jpg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-yPutIVU2TOw/U40miz2ZzhI/AAAAAAAAACc/uaCWJhXhLQw/w72-h72-p-k-no-nu/images.jpg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-BJXXCCCFnGY/URp3i83AZSI/AAAAAAAADcI/yb7zEdz1jPo/s1600/li1.png

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-4n-T6swwkJQ/U452qFBsHuI/AAAAAAAAADo/kK5-Dso_hiU/w72-h72-p-k-no-nu/images+%25283%2529.jpg

http

IEXPLORE.EXE

676 B
5.3kB
7
7

HTTP Request

GET http://3.bp.blogspot.com/-4n-T6swwkJQ/U452qFBsHuI/AAAAAAAAADo/kK5-Dso_hiU/w72-h72-p-k-no-nu/images+%25283%2529.jpg

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-kili2FI600k/U6oUWN0HrcI/AAAAAAAAAHA/U6InspP1LhM/s1600/%D9%85%D8%AF%D9%88%D9%86%D8%AA%D9%89+g,%5B,.jpg

http

IEXPLORE.EXE

873 B
13.4kB
11
13

HTTP Request

GET http://3.bp.blogspot.com/-kili2FI600k/U6oUWN0HrcI/AAAAAAAAAHA/U6InspP1LhM/s1600/%D9%85%D8%AF%D9%88%D9%86%D8%AA%D9%89+g,%5B,.jpg

HTTP Response

200
142.250.178.9:443

https://www.blogger.com/static/v1/widgets/31027104-css_bundle_v2_rtl.css

tls, http

IEXPLORE.EXE

1.2kB
15.2kB
14
17

HTTP Request

GET https://www.blogger.com/static/v1/widgets/31027104-css_bundle_v2_rtl.css

HTTP Response

200
142.250.178.9:443

https://www.blogger.com/static/v1/widgets/202786884-widgets.js

tls, http

IEXPLORE.EXE

2.4kB
54.2kB
38
45

HTTP Request

GET https://www.blogger.com/static/v1/widgets/202786884-widgets.js

HTTP Response

200
142.250.178.9:443

https://resources.blogblog.com/img/navbar/arrows-light.png

tls, http

IEXPLORE.EXE

1.7kB
6.4kB
12
11

HTTP Request

GET https://resources.blogblog.com/img/navbar/arrows-light.png

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/earlyaccess/droidarabicnaskh.css

http

IEXPLORE.EXE

539 B
995 B
6
5

HTTP Request

GET http://fonts.googleapis.com/earlyaccess/droidarabicnaskh.css

HTTP Response

200
142.250.178.9:443

https://resources.blogblog.com/img/navbar/icons_peach.png

tls, http

IEXPLORE.EXE

2.1kB
7.6kB
13
12

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200

HTTP Request

GET https://resources.blogblog.com/img/navbar/icons_peach.png

HTTP Response

200
37.48.65.144:80

http://www.shy22.com/upfilpng/spi54630.png

http

IEXPLORE.EXE

512 B
531 B
5
5

HTTP Request

GET http://www.shy22.com/upfilpng/spi54630.png

HTTP Response

404
37.48.65.144:80

http://www.shy22.com/upfilpng/xbc54601.png

http

IEXPLORE.EXE

512 B
531 B
5
5

HTTP Request

GET http://www.shy22.com/upfilpng/xbc54601.png

HTTP Response

404
37.48.65.144:80

http://www.shy22.com/upfilpng/oee54655.png

http

IEXPLORE.EXE

512 B
531 B
5
5

HTTP Request

GET http://www.shy22.com/upfilpng/oee54655.png

HTTP Response

404
142.250.180.1:80

http://4.bp.blogspot.com/-IVC1OVVMVBk/UIJ8y8n8ibI/AAAAAAAABvo/euUZmNLeM7M/s1600/rech.png

http

IEXPLORE.EXE

1.0kB
4.6kB
8
7

HTTP Request

GET http://4.bp.blogspot.com/-PCFSSSXGrNg/Uv9eZ1OrIQI/AAAAAAAAAC8/9utCdW4HFCQ/w72-h72-p-k-no-nu/images.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-IVC1OVVMVBk/UIJ8y8n8ibI/AAAAAAAABvo/euUZmNLeM7M/s1600/rech.png

HTTP Response

200
142.250.180.1:80

http://4.bp.blogspot.com/-VySrL4OjOKQ/U5JuXX1o5ZI/AAAAAAAAAFQ/4p10QBH2c-E/w72-h72-p-k-no-nu/images.jpg

http

IEXPLORE.EXE

664 B
4.7kB
7
7

HTTP Request

GET http://4.bp.blogspot.com/-VySrL4OjOKQ/U5JuXX1o5ZI/AAAAAAAAAFQ/4p10QBH2c-E/w72-h72-p-k-no-nu/images.jpg

HTTP Response

200
216.58.204.74:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
172.217.16.225:443

https://lh3.googleusercontent.com/proxy/iCdCzIq9b3_4BnZgEATmaQIP04iRxNEWi9lVDCbZz7WgVvo4V4C0_82v5GIa0ACTWjSpR3T9YTnHeRb2xS0=w72-h72-p-k-no-nu

tls, http

IEXPLORE.EXE

1.3kB
14.6kB
13
16

HTTP Request

GET https://lh3.googleusercontent.com/proxy/iCdCzIq9b3_4BnZgEATmaQIP04iRxNEWi9lVDCbZz7WgVvo4V4C0_82v5GIa0ACTWjSpR3T9YTnHeRb2xS0=w72-h72-p-k-no-nu

HTTP Response

200
172.217.16.225:443

lh3.googleusercontent.com

tls

IEXPLORE.EXE

808 B
9.7kB
11
12
162.125.64.15:80

dl.dropbox.com

IEXPLORE.EXE

466 B
92 B
10
2
162.125.64.15:80

http://dl.dropbox.com/u/12924430/contentslider.js

http

IEXPLORE.EXE

554 B
698 B
6
6

HTTP Request

GET http://dl.dropbox.com/u/12924430/contentslider.js

HTTP Response

301
173.194.76.82:80

http://tqarob.googlecode.com/files/tqarob_bloggerpagenavi.js

http

IEXPLORE.EXE

559 B
1.9kB
6
4

HTTP Request

GET http://tqarob.googlecode.com/files/tqarob_bloggerpagenavi.js

HTTP Response

404
173.194.76.82:80

tqarob.googlecode.com

IEXPLORE.EXE

190 B
92 B
4
2
162.125.64.15:443

https://dl.dropbox.com/u/12924430/contentslider.js

tls, http

IEXPLORE.EXE

1.2kB
7.0kB
13
14

HTTP Request

GET https://dl.dropbox.com/u/12924430/contentslider.js

HTTP Response

404
3.162.140.98:443

w.sharethis.com

tls

IEXPLORE.EXE

396 B
219 B
5
5
3.162.140.98:443

w.sharethis.com

tls

IEXPLORE.EXE

358 B
219 B
5
5
3.162.140.98:443

w.sharethis.com

tls

IEXPLORE.EXE

288 B
219 B
5
5
3.162.140.98:443

w.sharethis.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.179.226:80

http://www.googletagservices.com/tag/js/gpt.js

http

IEXPLORE.EXE

551 B
1.3kB
6
5

HTTP Request

GET http://www.googletagservices.com/tag/js/gpt.js

HTTP Response

302
142.250.179.226:80

www.googletagservices.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.179.226:443

https://www.googletagservices.com/tag/js/gpt.js

tls, http

IEXPLORE.EXE

1.6kB
39.3kB
22
34

HTTP Request

GET https://www.googletagservices.com/tag/js/gpt.js

HTTP Response

200
142.250.180.1:80

http://1.bp.blogspot.com/-l2z8V-eDRZs/URZj2JsTQPI/AAAAAAAADUw/2hu5tsz98y4/s1600/png.png

http

IEXPLORE.EXE

1.5kB
55.2kB
26
43

HTTP Request

GET http://1.bp.blogspot.com/-l2z8V-eDRZs/URZj2JsTQPI/AAAAAAAADUw/2hu5tsz98y4/s1600/png.png

HTTP Response

200
142.250.180.1:80

1.bp.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.200.34:443

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405220101/pubads_impl.js?cb=31083928

tls, http

IEXPLORE.EXE

3.9kB
171.0kB
70
127

HTTP Request

GET https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405220101/pubads_impl.js?cb=31083928

HTTP Response

200
142.250.200.34:443

securepubads.g.doubleclick.net

tls

IEXPLORE.EXE

721 B
5.0kB
9
9
104.21.29.39:80

http://www4.0zz0.com/2013/03/28/15/582085212.png

http

IEXPLORE.EXE

564 B
1.1kB
6
5

HTTP Request

GET http://www4.0zz0.com/2013/03/28/15/582085212.png

HTTP Response

404
104.21.29.39:80

www4.0zz0.com

IEXPLORE.EXE

466 B
92 B
10
2
142.250.200.14:443

apis.google.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
142.250.200.14:443

apis.google.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

538 B
690 B
6
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

584 B
690 B
7
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
74.125.206.84:443

accounts.google.com

tls

IEXPLORE.EXE

756 B
4.8kB
10
9
74.125.206.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.3kB
6.2kB
11
11

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
216.58.201.110:443

https://developers.google.com/extras.css

tls, http

IEXPLORE.EXE

3.0kB
42.2kB
37
37

HTTP Request

GET https://developers.google.com/

HTTP Response

200

HTTP Request

GET https://developers.google.com/extras.css
216.58.201.110:443

https://developers.google.com/extras.css

tls, http

IEXPLORE.EXE

2.2kB
35.2kB
28
32

HTTP Request

GET https://developers.google.com/

HTTP Response

200

HTTP Request

GET https://developers.google.com/extras.css
172.217.169.3:443

ssl.gstatic.com

tls

IEXPLORE.EXE

870 B
4.8kB
12
9
172.217.169.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.4kB
10.7kB
13
13

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Response

200
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

525 B
355 B
6
5
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
74.125.206.84:443

accounts.google.com

tls

IEXPLORE.EXE

523 B
355 B
6
5
74.125.206.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.1kB
1.8kB
9
9

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
74.125.206.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.1kB
2.0kB
8
9

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
74.125.206.84:443

accounts.google.com

tls

IEXPLORE.EXE

431 B
315 B
4
4

8.8.8.8:53

abuiyad.googlecode.com

dns

IEXPLORE.EXE

68 B
129 B
1
1

DNS Request

abuiyad.googlecode.com

DNS Response

173.194.76.82
8.8.8.8:53

yourjavascript.com

dns

IEXPLORE.EXE

64 B
96 B
1
1

DNS Request

yourjavascript.com

DNS Response

13.248.169.48

76.223.54.146
8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.178.9
8.8.8.8:53

3.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

w.sharethis.com

dns

IEXPLORE.EXE

61 B
168 B
1
1

DNS Request

w.sharethis.com

DNS Response

3.162.140.98

3.162.140.42

3.162.140.91

3.162.140.48
8.8.8.8:53

d31qbv1cthcecs.cloudfront.net

dns

IEXPLORE.EXE

75 B
142 B
1
1

DNS Request

d31qbv1cthcecs.cloudfront.net
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

2.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

www.shy22.com

dns

IEXPLORE.EXE

59 B
75 B
1
1

DNS Request

www.shy22.com

DNS Response

37.48.65.144
8.8.8.8:53

resources.blogblog.com

dns

IEXPLORE.EXE

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.178.9
8.8.8.8:53

4.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

lh3.googleusercontent.com

dns

IEXPLORE.EXE

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

dl.dropbox.com

dns

IEXPLORE.EXE

60 B
121 B
1
1

DNS Request

dl.dropbox.com

DNS Response

162.125.64.15
8.8.8.8:53

tqarob.googlecode.com

dns

IEXPLORE.EXE

67 B
128 B
1
1

DNS Request

tqarob.googlecode.com

DNS Response

173.194.76.82
8.8.8.8:53

www.googletagservices.com

dns

IEXPLORE.EXE

71 B
87 B
1
1

DNS Request

www.googletagservices.com

DNS Response

142.250.179.226
8.8.8.8:53

1.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

securepubads.g.doubleclick.net

dns

IEXPLORE.EXE

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

www4.0zz0.com

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

www4.0zz0.com

DNS Response

104.21.29.39

172.67.148.85
8.8.8.8:53

developers.google.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

216.58.201.110
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.206.84
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.169.3
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
dd3850d9ce5a33ba453ba4d1dfb4ba51

SHA1
df05b044dd14e7d009aad0398686bbfd6fff1491

SHA256
e9e041a83d7f3dbd6adfeda50b7ff9d3fd1abfcfb4fc5906d481c33db7072b85

SHA512
ec27ccc61d0133a76a612d5ddde2c6193f96302e17f66a75da8e1ad18ee871fe6b307e535317726449dc724331d4f48376d03201ad8d9dc2985aa0420d45b8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
bbd8a22bce8e235ff71c32a1c69268bb

SHA1
bf9d0b7346510ab10023a7432e1462dd8a314668

SHA256
1cb9f8b414abb33992f9db36b33cc6de31155449b134b719c1ebd38a90f3aee3

SHA512
31fd88f0a24bdc81ba3cd2a4a1ca61064bce259009f1ca10261adfb8ffa6ecb2c9776a136caff03670a4f8a3a6d87cb91e4f2409ca57be1a8deef80855f0e688

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
36a3064166a4e0a42b8ff299cbef1119

SHA1
11dfbefe0648fc9b575fb6e2abf3f1152615b3cf

SHA256
c34f6f400a63dcce9046d023dc4cc6b2648fb367b368e70a18294249fec31cce

SHA512
b09edc18da14e4146ee4b1474e03585c9a7ceb8af1f0484ff9722373d02ab9dc8d4376c8eb3e0c9a55affd584ba651f226651b701b860a7489fc951d67f9fb2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0f13fec16a15051ba88a62bbde28ceed

SHA1
2de5500154a5bb569a5762bcbe925a7c57ca708b

SHA256
3856ab7d2271dcd4cca52fa8e0b1925e3dbc72ce818302925798bbbe360c58a2

SHA512
aa5965486a8fda4fa8ac43246d84c124d70a92639956b1464833def1daa3a6ba985e40ef2bc0e120711a34ca38267bbdb66ae5d99710fb63d4af40cde8596bfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f52660594db3fec5bc3d342ac21c343

SHA1
199f8a7801317154ba16330eff8c53d43a7e47fc

SHA256
7035b64b92a96a7d0a9a5ee1e30abe087a230714c2289457893068e87b27309c

SHA512
ac02f573853b3ddb27ce01142472e5040ec9de8049642199895af1a344b095968f6bd11eeb721bf154d16f9fa6f124bcbb63a169187094fd1e64a2910fcacec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08aa7c3a0ddd03fba66374e6c15fe074

SHA1
7e029275a69ac9da593fd22f2be31742635ea99e

SHA256
eafff1dbca6f3b1854722238e6cd42e93476eb5b52f23fcb3731ee6d4030c0e2

SHA512
e594b2739ed4f310fbd82675f3c6cf1e477312da92b7927772283510ebe3d12ec4a9a0951b89bc3b1a494a5ad309bf86f1eee1d52f8f837a201c62dee2f2207b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40ce51119c755ee0c870f5b55e6a13ed

SHA1
e0601f056776548899004e8f6427895dfe27b48b

SHA256
029e8caa154ca617485dd83edb13d7161511af093b9ae9321485eb63626c12c0

SHA512
b0f606b8f70eed3db887c5ab1f75dd5976d768258e1ce9fb65841a989f1ffea57cee7704eb5721b4aee78922fe08613a61637b0e95fe5fada509a49775182077

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd34a4e7b9238511a32a14c8c074700

SHA1
c65db54876f89a086c6dac21401acfe078f6ac42

SHA256
403b194ce15839494a9fce935c9ea9eed6fee616bae1d904e538d28a2456eb26

SHA512
8244e962717d1a98e6b52083ca4826e04d3c53c205792cdfdc859799375149d51d64c363e104cf32639225f7eb1d96e24b5e3cff7bed2f5dfa1139b363b4f7ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67b576e2a9bf758ba8b76b21d503d6c6

SHA1
6003e9c4c6091a14cafbf56427a26782850f8bec

SHA256
7b0f3b5bf846d54a4b14c5f6fadcb4b575d04a2b603b7911e6c2216efc729348

SHA512
7d442a58e0c40bdf98afc600651f55be45c4fe7070eb5b28a7d8e6f064cbbd2546979751ab396c1be9e18e213a82f20a8aff6b82128fd274d6ee4cb9a49faaf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04603426cf8f6a8f24980e70a983b2d8

SHA1
89755c4dbeeb8eab132a48ddbf2bb32efdea5dbb

SHA256
661a246a943bc14879056aa4bb3ef46c922018a45e8390702f9156aee7060e57

SHA512
258c9b3af5224315a0d7a6029794881a366691bfd6c1dc301dbe263fd513434220a6e2a29531cd7aa5d4ac7371e91a7b0cfc2ab86cedda8f63981c6593dfc6bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9938dc1098d20f95838fd46d8b92343

SHA1
142fae07249e3282b6656a3a9ef6ce4df3e520d9

SHA256
bf8e629b1bd675e25c48381868c2f3cef3aed6fdae73afbbf0b42e6aa44943bc

SHA512
cdc832762d4d525bdef9c3dcc2760800ffb96ace2ce9f9184e148f5ca496d7677973621e13712641c55e03851973e09ba2490a9a47d8eef5ed20771e29eb7e95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4fd5d8f76d8eee8578d1d46f145cd23

SHA1
eab54e6a0263760686be83e473226d726a99fefc

SHA256
36eb2362992fc362f21deefdc4b76193448816d3f4c2c9db363c782ff6e32773

SHA512
60cd1d8bdc815e456c4f51e25e23e5cf79b7ba449fe981b886e34f73baeae934824be135999fc8b927144fdb05ae2859fe7cf11f6330e055fb8d84f9449dbc5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae18ea8c519a77c1b119144aea835b3e

SHA1
86d13fbdc0c64f52db6c22323120e9b842bd1077

SHA256
81e7ad4905f2bf9e1085d17230cbd53ffbde59f28de188e0dd0f71274754fc24

SHA512
7c903139887463db1d7e1a2c7e41a1109edd958fcbfb46464094bdd0217f08033adedd595dbbece02a6e2cbf2d4c95b3347be2783bbbeea81f53616b3ce0eee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40d80bb31618a550bcf03ddb376fc8a2

SHA1
61dbd2c5608ab7357704d21080975399cde59de2

SHA256
0ff0d457183db98882b7031211de2010dbd6a45e0546665ae38de26a727fd3f8

SHA512
e1ed19b683cedde72db4faece07a6894474dbebc5951eb4246ef7d19b0d5a406723f1d25d778405e0daabb459f1ac52b316cdbab4492673f6b2c627befaec305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
132dd71c9e223f9eccce9701846fbdf2

SHA1
3aad175078bfbdc748efc2e8d47fb49f7fa032d1

SHA256
4c0c36edd762b3d3a4916acfe2777c42756cd1de3a8e3ae398250f0f88b8f20c

SHA512
fb7339b2112bcbdd4d2f2737ca2340a0e18617e655c6dd2530c86598c43015ba9027d76ff1846fa0a364b5d5bed3c0278415196ab8860a7b60d65b8e798ab9cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f16b8bba0ef3c7be055ebd66199f02c8

SHA1
221e2c84f3ee091ff5a4d5d719f5f0b3494d4c52

SHA256
d85dd7531556eec7be4b4eaa947de355047e1b065d9882bbcc35314956676ecb

SHA512
ab1386a1e8339b176411e4882935fa5dec1b677784871ad0694db268b1e092961e04617bef81bce82d8a172cff0c2b39517ecd1f3d95871c34f3778581ea91bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8190639f09ca3b93a0b6ffe27e10fffe

SHA1
23da23db9822cce38e980e27e4a5af6aa36fb5b8

SHA256
ebbb656a4570c411e6ff7aeeeb90f1f2e210b370797c38747727bb9928bd840a

SHA512
6abc609dcb819716a85b08431dc2f746595b9bcd25285f82147d6fb7c313dac5cdf8780b991c5909673a3de9bca2e6e987237c0dc84b9a5c511ff716dc9d2cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5169d5cdeaf2c1d55c731e853453a179

SHA1
3b1830907c9ee7a8a9ec8a88c88c8e5a6969be9e

SHA256
6d263596249d1339f43b347ef813a7d1c2db004d4f84b4138ef517547491c83c

SHA512
6013e6a392104c898b7cca7f54f860a806b32a2a7908e5cf3a402c7b07fd888735e20e4e441bfabc91b028e7ec9e9e7f398636a59e0725ba7f15175668b26073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eda50907ebb179c4b2fd75ecdb14864a

SHA1
e88e0458ecd85502f5667aec518923e31a8a108b

SHA256
1a415751d0cdafd04078022eefcff6d32b5628b92e98e09d364f09e7fe7568bb

SHA512
13e60969d812cb056cf8a96695461ddc310be31b7c484f3d9a73460e38f8e833ff567d08623c1732cbd8acb1d3b47c696c1093a5197fef771b4c6bb38676ce09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e43b323e6a4db48a9c6e64714be064b5

SHA1
cd4fca17c8e6c4f8ebaf94e3a55690448ba6056b

SHA256
4a775f61d5c1122ae876ee037d2b9e5e23e36a0d36691e96252a254b8bafb230

SHA512
1cf2d5ae0a46cbd0da9d31c0507834cc95d118e1b5801187c7854219cbc4e57d661a9937c479972bf20c85aa18d45baf1f3592597facce3421d1318cb03a7e6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be6d8ee1cc87fd275a3925073b781412

SHA1
55cbe4ac1539f3c0817f0aa9248127d31eef98d4

SHA256
ff4f2716f367ebe00bde6abd6cd1703198f559bc29b877083de14087494b49c8

SHA512
eaec5edda8d2e0f8d9aa73b15cbd7107081d1a50d4a39d6fe7768a764a9a8fd77a4c20cbf506d7ea63b190735da769c3c5073861636e1ce7cefb53307cb6d5a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71da1f25ea64eeb0193b719f74022aae

SHA1
c4f10f618f858a608c597363f6486d22cee1f299

SHA256
e0267648bd40d926d35017991171a9f917c30f3902ffb3efe00e88cce315a36a

SHA512
f85c77f6f154f911c4c3521cefd12b2ad2ec9e54d2d2e180d34d097ff6780598efc0843ae09b6ab82dcf91fb42b777e88e69ccc313e4d30d3845bb83621cf9ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
aa5190337ffa5757fb7135d38c993520

SHA1
676066d34afb8a722f0aab742b5657418f8830e4

SHA256
4b31d53d1123f6fb8e77f37712a6ece67ae7eadcd4807da80c7b8258e9ee53ba

SHA512
ee3e692ccd73d8c779e17d5a70b9d66e412f9c51c9ea7ce0fde85456eaf01b71871e5f6a55f79ad2f577aef23a82c2553a21fffc4ee8bef0f46d966d783a3adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
ddaa3e7440b4b311e247e003614a0084

SHA1
fdc12eaeaf0be23d4c44671d8a0655d3534d94fa

SHA256
4a0e4a96c44b7a81f8586582a573f88bce9dfd479f346f2727f692705c8a6307

SHA512
903afb8ca202e566192944a76937650c04fd58547b9249b28df0671f5f5ae4cce92af9615f7e1bc800eddd3f0be10862999cb62b58ca67410f197baa3d23fe79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
406B

MD5
b6d252e101e78c6ef016931a38376db4

SHA1
9a55d5845e69c5b29d54f564acd9b4b4edde711f

SHA256
13cb633d6b2a274aa7e8963f5dd561bcf9dc5714b4e0f5673d9996fb9756371e

SHA512
8daebd7cc40be690739d5053dc55e940ad3815a8783273e644bfb4298da92d73adf0bbda45516014566895690daf884419581da884490baa9600f04942e44184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
406B

MD5
57cbe727d5486300e08068f1fbdec2e3

SHA1
c7a26e46a102d61919c7da164c04fadc9371cf49

SHA256
4327483f5b3098da7041f9518a8f3eef39a1285e8933ee60800e89846e1b1a09

SHA512
5c3806ab7eaa41c28be3a2a19339f4b8794f88f39e922d7423ce326ab5163ede40fed5a4df9bb715778cee105b86d4a6796eb95795ab5edcce3ba530dd706d00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4364531db8d94383e0abbb5c477e6559

SHA1
608682e3e6ae7aad7c81f9cc5ea00b916817e7cd

SHA256
a8e207c6593cb09696cae19c895504b1e6365199671da175a5373709967e0eb9

SHA512
460c34cb954b92c7fa3182771813007011f1cefc68ee84b6845854417c8408df5f81f5065204fc54076e619a3c88b1ca9d545e83f188a501cd4e600802d2d89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\3604799710-postmessagerelay[1].js

Filesize
11KB

MD5
40aaadf2a7451d276b940cddefb2d0ed

SHA1
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

SHA256
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

SHA512
6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\cb=gapi[1].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\rpc_shindig_random[1].js

Filesize
14KB

MD5
23a7ab8d8ba33d255e61be9fc36b1d16

SHA1
042d8431d552c81f4e504644ac88adce7bf2b76f

SHA256
127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

SHA512
e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\related[2].htm

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7FCF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7FD0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA703.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request