80799f7accbf48a3489e53ddcb1bd29d697e3c1de638362e02c3b4dd1d72619b

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 11:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5375a191ddc721654eca52e60e3399f_JaffaCakes118.html
Size

132KB
MD5

a5375a191ddc721654eca52e60e3399f
SHA1

b073ccd07932f9eedaea5541c164ca7bd3a7dcd1
SHA256

80799f7accbf48a3489e53ddcb1bd29d697e3c1de638362e02c3b4dd1d72619b
SHA512

22e7218dcca8a1527ae1c17c411cedc4a129460010989ba5f40ae797dfe5ed6a87154cb9d6606e35c66ddcae1f428a049143cea0202639f66736dc73fab759be
SSDEEP

3072:fz2ALzeMRM7/vO4eba9yPQpOk9D67fZb7hUWloczBQkj3cgpN:fg6L

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E9F1FC1-2975-11EF-B0BD-CE03E2754020} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000be9dcc938d7183422e3533463f4f43f0df52b6765c57ff49807db4c5df4a5a73000000000e8000000002000020000000f6fb7857838ffef537e3b9c07873bb4ce25baea05621b41b19aac10629c34c76200000008a4b784014edb3da0b2ab7ed53b9590da6c6cc05a6935d4ec9719b7112bb4b8040000000fe4d6d13a40019ba99312705ab51da35db83681047b3724f1fddd2590464793f36d6d66834ed86bf018133a1c3d2d68a545520e3cf538b815bb93e9844ce22b0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a54bf481bdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008af63a52a485d6ee5f4fea7f6df0e510a715bd9bbf4e7114f9964bf05ec0a7bc000000000e8000000002000020000000753895dcc495aa16e997f5624b38364e64d24be7a1fe120a289aa424e5520c1e900000000107335dc2494a51aab65e98ffceafc1362c7c1f849576119a57196e29c77f665e3f48e109eb28e124f1526387b07af92e0335537c31c23da84cec654ed1eb964a12864d7ac2c3599ae490ae04016bd6ee9b0af39489c02f05aab224810f1b1433c94c62ec3c87f568ac0bac2ccc681241680051921cb8e036b9313698d53e668d897f73a4a1d94f8f5f600f2efc498c4000000057e03ecb1838c40dc94ff3d8d69adb219ec388fe91885ee5c3e47f65729fcf233ff6cbb0e5d1297ad2964b933eda08dc2e1a5a8759467928ef709225743defc1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424438714"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3040	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3040	iexplore.exe
3040	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3012	3040	iexplore.exe	28
PID 3040 wrote to memory of 3012	3040	iexplore.exe	28
PID 3040 wrote to memory of 3012	3040	iexplore.exe	28
PID 3040 wrote to memory of 3012	3040	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5375a191ddc721654eca52e60e3399f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

DNS

nguyenhuytap.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

nguyenhuytap.googlecode.com

IN A

Response

nguyenhuytap.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

142.250.102.82
DNS

www.blogger.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

lh4.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
DNS

lh6.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh6.googleusercontent.com

IN A

Response

lh6.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
DNS

1.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

3.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

dl.dropbox.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dl.dropbox.com

IN A

Response

dl.dropbox.com

IN CNAME

edge-block-www-env.dropbox-dns.com

edge-block-www-env.dropbox-dns.com

IN A

162.125.64.15
DNS

2.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

svfu.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

svfu.blogspot.com

IN A

Response

svfu.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

142.250.200.1
DNS

resources.blogblog.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.178.9
DNS

4.bp.blogspot.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.16.238
DNS

lh3.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
DNS

lh5.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

lh5.googleusercontent.com

IN A

Response

lh5.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.16.225
DNS

sauciu.googlecode.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sauciu.googlecode.com

IN A

Response

sauciu.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

142.250.102.82
GET

http://1.bp.blogspot.com/-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="56756373.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 14200
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v93"
Content-Type: image/png
Vary: Origin
GET

http://1.bp.blogspot.com/-Hmr81d9vBgo/UTQHi9-_CcI/AAAAAAAABuw/YLXIsCg3bk4/s1600/doko.vn+-+Lam+the+nao+de+vuot+qua+su+rut+re+nhut+nhat+-+ebook+ky+nang+mem.gif

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-Hmr81d9vBgo/UTQHi9-_CcI/AAAAAAAABuw/YLXIsCg3bk4/s1600/doko.vn+-+Lam+the+nao+de+vuot+qua+su+rut+re+nhut+nhat+-+ebook+ky+nang+mem.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1107"
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="doko.vn - Lam the nao de vuot qua su rut re nhut nhat - ebook ky nang mem.gif"
X-Content-Type-Options: nosniff
Date: Thu, 13 Jun 2024 11:07:31 GMT
Server: fife
Content-Length: 87332
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-TFJRyZ0TLRk/UaWd_EXDkpI/AAAAAAAAALc/VQmJPXBao4M/s72-c/Lissandra.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-TFJRyZ0TLRk/UaWd_EXDkpI/AAAAAAAAALc/VQmJPXBao4M/s72-c/Lissandra.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Lissandra.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3164
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vb7"
Content-Type: image/jpeg
Vary: Origin
GET

http://4.bp.blogspot.com/-6c2ZHl45WIw/UaFt1han1jI/AAAAAAAAJmQ/YnUryhYqmlg/s1600/danh-ngon-cuoc-song.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-6c2ZHl45WIw/UaFt1han1jI/AAAAAAAAJmQ/YnUryhYqmlg/s1600/danh-ngon-cuoc-song.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v2664"
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="danh-ngon-cuoc-song.jpg"
X-Content-Type-Options: nosniff
Date: Thu, 13 Jun 2024 11:07:31 GMT
Server: fife
Content-Length: 42612
X-XSS-Protection: 0
GET

https://nguyenhuytap.googlecode.com/files/jquery.min.v1.4.1.js

IEXPLORE.EXE

Remote address:

142.250.102.82:443

Request

GET /files/jquery.min.v1.4.1.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: nguyenhuytap.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1587
Date: Thu, 13 Jun 2024 11:07:30 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://1.bp.blogspot.com/-7ALi9mJE1DM/Ud-2rFGD2BI/AAAAAAAAALA/GT394GfvpXs/s72-c/lam+web.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-7ALi9mJE1DM/Ud-2rFGD2BI/AAAAAAAAALA/GT394GfvpXs/s72-c/lam+web.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="lam web.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 5004
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 08:50:04 GMT
Expires: Fri, 14 Jun 2024 08:50:04 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 8245
ETag: "vc02"
Content-Type: image/jpeg
Vary: Origin
GET

http://1.bp.blogspot.com/-xsLQZ-gnffA/Ud-onfFN8NI/AAAAAAAAAKw/rk5J54qK72Y/s72-c/tim+viec.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-xsLQZ-gnffA/Ud-onfFN8NI/AAAAAAAAAKw/rk5J54qK72Y/s72-c/tim+viec.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="tim viec.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3811
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vc02"
Content-Type: image/jpeg
Vary: Origin
GET

http://1.bp.blogspot.com/-DCjyyHSxLDI/UZcEe4BnfRI/AAAAAAAAAFc/gZnCFMhne6c/s200/cach+phat+ngon.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-DCjyyHSxLDI/UZcEe4BnfRI/AAAAAAAAAFc/gZnCFMhne6c/s200/cach+phat+ngon.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v57"
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="cach phat ngon.jpg"
X-Content-Type-Options: nosniff
Date: Thu, 13 Jun 2024 11:07:31 GMT
Server: fife
Content-Length: 8877
X-XSS-Protection: 0
GET

http://4.bp.blogspot.com/-JhW_wp0wLzc/UVHiagGTMfI/AAAAAAAACIc/jEFWN-H6bA8/s400/Cac+ky+nang+quan+ly+thoi+gian.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-JhW_wp0wLzc/UVHiagGTMfI/AAAAAAAACIc/jEFWN-H6bA8/s400/Cac+ky+nang+quan+ly+thoi+gian.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v888"
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Cac ky nang quan ly thoi gian.jpg"
X-Content-Type-Options: nosniff
Date: Thu, 13 Jun 2024 11:07:31 GMT
Server: fife
Content-Length: 18443
X-XSS-Protection: 0
GET

http://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js

IEXPLORE.EXE

Remote address:

162.125.64.15:80

Request

GET /u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dl.dropbox.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

location: https://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js
date: Thu, 13 Jun 2024 11:07:29 GMT
server: envoy
x-dropbox-request-id: 4ec199d343c345aa95a0d59f64f22c43
content-length: 0
GET

https://nguyenhuytap.googlecode.com/files/recent14.js

IEXPLORE.EXE

Remote address:

142.250.102.82:443

Request

GET /files/recent14.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: nguyenhuytap.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1578
Date: Thu, 13 Jun 2024 11:07:30 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://1.bp.blogspot.com/-8AEdV88gOIA/UVf_7wl1VfI/AAAAAAAAALE/xOOd3p5gmzM/s72-c/galasinhvienvfu.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-8AEdV88gOIA/UVf_7wl1VfI/AAAAAAAAALE/xOOd3p5gmzM/s72-c/galasinhvienvfu.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Thu, 13 Jun 2024 11:07:29 GMT
Server: fife
Content-Length: 1323
X-XSS-Protection: 0
GET

http://1.bp.blogspot.com/-pwpY_Q0pm0c/UauTv1mCrgI/AAAAAAAAAlY/lTdGPDaJYwk/s400/0.659543001253615415.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-pwpY_Q0pm0c/UauTv1mCrgI/AAAAAAAAAlY/lTdGPDaJYwk/s400/0.659543001253615415.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="0.659543001253615415.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 51593
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v256"
Content-Type: image/jpeg
Vary: Origin
Age: 13343
GET

http://1.bp.blogspot.com/-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="us.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 620
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v39"
Content-Type: image/png
Vary: Origin
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: resources.blogblog.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 08 Jun 2024 18:39:24 GMT
Expires: Sat, 15 Jun 2024 18:39:24 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 07 Jun 2024 20:59:55 GMT
Content-Type: image/png
Age: 404885
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://3.bp.blogspot.com/-TLuI5FqX8hg/T5DMiEWjXSI/AAAAAAAABMY/D3hmqZroZmY/s1600/loading-related-namkna-blogspot-com.gif

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-TLuI5FqX8hg/T5DMiEWjXSI/AAAAAAAABMY/D3hmqZroZmY/s1600/loading-related-namkna-blogspot-com.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="loading-related-namkna-blogspot-com.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 762
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v88e"
Content-Type: image/gif
Vary: Origin
GET

http://3.bp.blogspot.com/-XIr-iRr1ae4/UcPARxeo2CI/AAAAAAAALms/HsYobECJoWc/s1600/thi-dai-hoc.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-XIr-iRr1ae4/UcPARxeo2CI/AAAAAAAALms/HsYobECJoWc/s1600/thi-dai-hoc.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="thi-dai-hoc.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13892
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v2e6c"
Content-Type: image/jpeg
Vary: Origin
GET

http://3.bp.blogspot.com/-V6RZKWgWiCI/UdY0JksKMRI/AAAAAAAAA4w/wuKJ2b59yOk/s72-c/anh-nong-ngoc-trinh-22.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-V6RZKWgWiCI/UdY0JksKMRI/AAAAAAAAA4w/wuKJ2b59yOk/s72-c/anh-nong-ngoc-trinh-22.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="anh-nong-ngoc-trinh-22.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3969
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v38c"
Content-Type: image/jpeg
Vary: Origin
GET

http://3.bp.blogspot.com/-aaQpOli7hb8/UVHYoukELLI/AAAAAAAACIM/XI1jDm9vfRM/s1600/Lap+thoi+gian+bieu+hieu+qua.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-aaQpOli7hb8/UVHYoukELLI/AAAAAAAACIM/XI1jDm9vfRM/s1600/Lap+thoi+gian+bieu+hieu+qua.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Lap thoi gian bieu hieu qua.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 89301
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v884"
Content-Type: image/jpeg
Vary: Origin
GET

http://3.bp.blogspot.com/-vAyrqYrSZxI/Ucu9KHUTthI/AAAAAAAAMKQ/Lufh_VX1DN8/s72-c/popup.gif

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-vAyrqYrSZxI/Ucu9KHUTthI/AAAAAAAAMKQ/Lufh_VX1DN8/s72-c/popup.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="popup.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2322
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v30a5"
Content-Type: image/gif
Vary: Origin
GET

http://3.bp.blogspot.com/-BFmNTUOkKqo/UauRhVXlBCI/AAAAAAAAAlM/FTwX9tW8gMI/s320/yeupt2(1).jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-BFmNTUOkKqo/UauRhVXlBCI/AAAAAAAAAlM/FTwX9tW8gMI/s320/yeupt2(1).jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="yeupt2(1).jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 39587
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 08:50:06 GMT
Expires: Fri, 14 Jun 2024 08:50:06 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v253"
Content-Type: image/jpeg
Vary: Origin
Age: 8244
GET

http://3.bp.blogspot.com/-4F6GAlViMDQ/UcBmOMdmMOI/AAAAAAAALVo/rKvuOyl2EYE/s72-c/ao-dai-thuan-viet-truyen-thong-1.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-4F6GAlViMDQ/UcBmOMdmMOI/AAAAAAAALVo/rKvuOyl2EYE/s72-c/ao-dai-thuan-viet-truyen-thong-1.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ao-dai-thuan-viet-truyen-thong-1.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 4501
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v2d5b"
Content-Type: image/jpeg
Vary: Origin
GET

http://3.bp.blogspot.com/-yuM55cIymIo/UVJeS0Sa-QI/AAAAAAAACJg/j-7DPnjwiwo/s1600/Bi+quyet+ghi+chep.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-yuM55cIymIo/UVJeS0Sa-QI/AAAAAAAACJg/j-7DPnjwiwo/s1600/Bi+quyet+ghi+chep.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 3.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Bi quyet ghi chep.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 110444
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v899"
Content-Type: image/jpeg
Vary: Origin
Age: 13343
GET

http://2.bp.blogspot.com/-WTW4fxSuIpw/Ub7Q1uTYetI/AAAAAAAALQQ/l2WtqDTikpE/s72-c/ky-tu-dac-biet.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-WTW4fxSuIpw/Ub7Q1uTYetI/AAAAAAAALQQ/l2WtqDTikpE/s72-c/ky-tu-dac-biet.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ky-tu-dac-biet.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2526
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v2d05"
Content-Type: image/jpeg
Vary: Origin
GET

https://lh4.googleusercontent.com/-so134IXw9j8/Ud_zGp8tyvI/AAAAAAAAAMY/eUfrPVsm5Ok/w180-h300-no/nhe+mb4+copy.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-so134IXw9j8/Ud_zGp8tyvI/AAAAAAAAAMY/eUfrPVsm5Ok/w180-h300-no/nhe+mb4+copy.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="nhe mb4 copy.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 29222
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vc02"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh4.googleusercontent.com/-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="RSS.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 602
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:31 GMT
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vff4"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://2.bp.blogspot.com/-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="56755822.logocopy.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30470
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v8b"
Content-Type: image/png
Vary: Origin
GET

http://2.bp.blogspot.com/-PMpt3dzsma0/UVGhbMmjS_I/AAAAAAAACHU/sFV04dn_AZQ/s1600/12+meo+nghe+thuat+giao+tiep.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-PMpt3dzsma0/UVGhbMmjS_I/AAAAAAAACHU/sFV04dn_AZQ/s1600/12+meo+nghe+thuat+giao+tiep.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v876"
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="12 meo nghe thuat giao tiep.jpg"
X-Content-Type-Options: nosniff
Date: Thu, 13 Jun 2024 11:07:31 GMT
Server: fife
Content-Length: 89730
X-XSS-Protection: 0
GET

https://lh4.googleusercontent.com/-vLGoOSRPY0E/T5Sy1CGDTgI/AAAAAAAABPE/lEYBjX-0_kM/h120/img-bg-rd1-namkna-blogspot-com.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-vLGoOSRPY0E/T5Sy1CGDTgI/AAAAAAAABPE/lEYBjX-0_kM/h120/img-bg-rd1-namkna-blogspot-com.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="img-bg-rd1-namkna-blogspot-com.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 424
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v4f1"
Content-Type: image/png
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/254310735-widget_css_bundle.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 7524
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 09 Jun 2024 01:35:45 GMT
Expires: Mon, 09 Jun 2025 01:35:45 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 05 Mar 2019 03:12:59 GMT
Content-Type: text/css
Vary: Accept-Encoding
Age: 379904
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2303470841620375819&zx=372c87ef-af03-4ded-bb23-f68ac92b5b32

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /dyn-css/authorization.css?targetBlogID=2303470841620375819&zx=372c87ef-af03-4ded-bb23-f68ac92b5b32 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/css; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 13 Jun 2024 11:07:30 GMT
Last-Modified: Thu, 13 Jun 2024 11:07:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.blogger.com/navbar.g?targetBlogID=2303470841620375819&blogName=SV+L%C3%A2m+Nghi%E1%BB%87p&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://svfu.blogspot.com/search&blogLocale=vi&v=2&homepageUrl=http://svfu.blogspot.com/&vt=-3610913815217020809&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /navbar.g?targetBlogID=2303470841620375819&blogName=SV+L%C3%A2m+Nghi%E1%BB%87p&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://svfu.blogspot.com/search&blogLocale=vi&v=2&homepageUrl=http://svfu.blogspot.com/&vt=-3610913815217020809&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Content-Security-Policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 13 Jun 2024 11:07:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://lh4.googleusercontent.com/-7479kstSn10/Ud_zFkdJISI/AAAAAAAAAME/3U9xpA8y3DQ/w830-h74-no/Duoi+web.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-7479kstSn10/Ud_zFkdJISI/AAAAAAAAAME/3U9xpA8y3DQ/w830-h74-no/Duoi+web.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Duoi web.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 55037
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vc02"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh4.googleusercontent.com/-Na6WNNSGuiI/UHb_aG5hY2I/AAAAAAAAD2k/MA0Js_GJh-Y/s30/bg-menu-foot.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-Na6WNNSGuiI/UHb_aG5hY2I/AAAAAAAAD2k/MA0Js_GJh-Y/s30/bg-menu-foot.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="bg-menu-foot.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 369
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vf69"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh4.googleusercontent.com/-DhT7TaOwPHg/UHaC2uyfwoI/AAAAAAAADyk/9t1sqImvJPo/s83/back-tile.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-DhT7TaOwPHg/UHaC2uyfwoI/AAAAAAAADyk/9t1sqImvJPo/s83/back-tile.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="back-tile.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 756
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vf29"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://2.bp.blogspot.com/-zQ5K4rdCC1E/UZenfmsKktI/AAAAAAAAJHo/ksOhDtcum1I/s72-c/samsung-galaxy-S4.jpg

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-zQ5K4rdCC1E/UZenfmsKktI/AAAAAAAAJHo/ksOhDtcum1I/s72-c/samsung-galaxy-S4.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 2.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="samsung-galaxy-S4.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3292
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v247a"
Content-Type: image/jpeg
Vary: Origin
GET

http://svfu.blogspot.com/feeds/posts/default/-/k%E1%BB%B9%20n%C4%83ng%20m%E1%BB%81m?alt=json-in-script&callback=getRandomPosts&max-results=999999

IEXPLORE.EXE

Remote address:

142.250.200.1:80

Request

GET /feeds/posts/default/-/k%E1%BB%B9%20n%C4%83ng%20m%E1%BB%81m?alt=json-in-script&callback=getRandomPosts&max-results=999999 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: svfu.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Server: blogger-renderd
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Length: 75485
X-Frame-Options: SAMEORIGIN
Date: Thu, 13 Jun 2024 11:07:29 GMT
Expires: Thu, 13 Jun 2024 11:07:30 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Last-Modified: Wed, 13 Mar 2024 00:40:54 GMT
ETag: W/"f9902ec1a8f409d6947219f68d2a4eb2cd568a63c07ead9230ef3321378bd4b3"
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 0
GET

https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico-p.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 784
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf88"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh4.googleusercontent.com/-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="twitter.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 653
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1013"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh4.googleusercontent.com/-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh4.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="iconsearchr.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 350
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v22e0"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.blogger.com/static/v1/widgets/211300122-widgets.js

IEXPLORE.EXE

Remote address:

142.250.178.9:443

Request

GET /static/v1/widgets/211300122-widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.blogger.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 52284
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 10 Jun 2024 15:21:51 GMT
Expires: Tue, 10 Jun 2025 15:21:51 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 25 Jan 2019 19:19:46 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 243938
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://1.bp.blogspot.com/-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png

IEXPLORE.EXE

Remote address:

142.250.180.1:80

Request

GET /-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.bp.blogspot.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="vn.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 446
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "v36"
Content-Type: image/png
Vary: Origin
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Thu, 13 Jun 2024 11:07:29 GMT
Expires: Thu, 13 Jun 2024 11:07:29 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "f9177ff6f5150176"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 56667
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 09 Jun 2024 06:30:35 GMT
Expires: Mon, 09 Jun 2025 06:30:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 06 May 2024 15:31:30 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 362215
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/platform:gapi.iframes.style.common.js

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /js/platform:gapi.iframes.style.common.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=2303470841620375819&blogName=SV+L%C3%A2m+Nghi%E1%BB%87p&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://svfu.blogspot.com/search&blogLocale=vi&v=2&homepageUrl=http://svfu.blogspot.com/&vt=-3610913815217020809&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Thu, 13 Jun 2024 11:07:31 GMT
Expires: Thu, 13 Jun 2024 11:07:31 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "ec623040ac7f59b9"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.blogger.com/navbar.g?targetBlogID=2303470841620375819&blogName=SV+L%C3%A2m+Nghi%E1%BB%87p&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://svfu.blogspot.com/search&blogLocale=vi&v=2&homepageUrl=http://svfu.blogspot.com/&vt=-3610913815217020809&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 46050
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 08 Jun 2024 18:13:08 GMT
Expires: Sun, 08 Jun 2025 18:13:08 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 06 May 2024 15:31:30 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 406463
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

172.217.16.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 14806
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 08 Jun 2024 19:28:35 GMT
Expires: Sun, 08 Jun 2025 19:28:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 06 May 2024 15:31:30 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 401935
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-mGuMMXcOEkM/UH15S1Px2EI/AAAAAAAAEAo/ICNRZxoRk_g/s16/googlebuzz.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-mGuMMXcOEkM/UH15S1Px2EI/AAAAAAAAEAo/ICNRZxoRk_g/s16/googlebuzz.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="googlebuzz.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 635
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v100a"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-8Q8_bB8Jhf8/UH15SxtVP4I/AAAAAAAAEAw/5A9nHwtU3As/s16/facebook.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-8Q8_bB8Jhf8/UH15SxtVP4I/AAAAAAAAEAw/5A9nHwtU3As/s16/facebook.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="facebook.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 632
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v100c"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-0E_Cmoz-GGU/UHbGi-ggJ3I/AAAAAAAAD08/raRmKvf_A4o/s4/dot1.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-0E_Cmoz-GGU/UHbGi-ggJ3I/AAAAAAAAD08/raRmKvf_A4o/s4/dot1.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="dot1.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 347
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vf4f"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="56757145.baner (1).gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 189070
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vc02"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="content-texture.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8666
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:31 GMT
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf29"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico-gioithieu.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 288
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf82"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-py3UTWU3Nzw/UHehopAwXOI/AAAAAAAAD34/GPkxUEHwl5Q/s15/ico-a.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-py3UTWU3Nzw/UHehopAwXOI/AAAAAAAAD34/GPkxUEHwl5Q/s15/ico-a.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico-a.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 775
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf7e"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-2PL9in0wE_s/UHaC3hj507I/AAAAAAAADyk/wmtgohNnyPM/s150/neutral-texture.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-2PL9in0wE_s/UHaC3hj507I/AAAAAAAADyk/wmtgohNnyPM/s150/neutral-texture.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="neutral-texture.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3463
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:08 GMT
Expires: Fri, 14 Jun 2024 07:25:08 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13342
ETag: "vf29"
Content-Type: image/png
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-F2254ftq9vc/Ud_zGK4toKI/AAAAAAAAAMI/US6--I6h_Vo/w180-h300-no/nhe+mb1+copy.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-F2254ftq9vc/Ud_zGK4toKI/AAAAAAAAAMI/US6--I6h_Vo/w180-h300-no/nhe+mb1+copy.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="nhe mb1 copy.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 41664
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vc02"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="hnjn.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1417
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:31 GMT
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1e3c"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh3.googleusercontent.com/-e0DJRG2ArxE/Ud_zFl-9zxI/AAAAAAAAAL4/W36esqjCSNc/w294-h68-no/56757449.bnewsfootercopy.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-e0DJRG2ArxE/Ud_zFl-9zxI/AAAAAAAAAL4/W36esqjCSNc/w294-h68-no/56757449.bnewsfootercopy.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="56757449.bnewsfootercopy.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 10485
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:06 GMT
Expires: Fri, 14 Jun 2024 07:25:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vc02"
Content-Type: image/png
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh3.googleusercontent.com/-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="bg-nav-foot.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 365
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vf64"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh3.googleusercontent.com/-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="quang cao.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3036
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13342
ETag: "vc02"
Content-Type: image/png
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh3.googleusercontent.com/-eEoX3YdUMGg/UHxDSVpNFcI/AAAAAAAAD9s/gGao2ZhvyNM/s18/hbhjs.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-eEoX3YdUMGg/UHxDSVpNFcI/AAAAAAAAD9s/gGao2ZhvyNM/s18/hbhjs.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="hbhjs.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 364
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vfdb"
Content-Type: image/png
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh3.googleusercontent.com/-Tie8MX__wvA/UHehq5XkyzI/AAAAAAAAD4w/fOZkTtYvAQk/s48/li-right.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-Tie8MX__wvA/UHehq5XkyzI/AAAAAAAAD4w/fOZkTtYvAQk/s48/li-right.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="li-right.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 490
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:07 GMT
Expires: Fri, 14 Jun 2024 07:25:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13343
ETag: "vf8c"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh3.googleusercontent.com/-Af6eAravO_c/UHehq1qMshI/AAAAAAAAD40/s9eDnyD170c/s8/l-space.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-Af6eAravO_c/UHehq1qMshI/AAAAAAAAD40/s9eDnyD170c/s8/l-space.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="l-space.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 351
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:08 GMT
Expires: Fri, 14 Jun 2024 07:25:08 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13342
ETag: "vf8d"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh5.googleusercontent.com/-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico-h.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 785
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf83"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh5.googleusercontent.com/-2hiRNXeaiW0/Ud_zGRALr1I/AAAAAAAAAMU/m1Ib5LbywTI/w180-h300-no/nhe+mb3+copy.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-2hiRNXeaiW0/Ud_zGRALr1I/AAAAAAAAAMU/m1Ib5LbywTI/w180-h300-no/nhe+mb3+copy.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="nhe mb3 copy.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 29432
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vc02"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh5.googleusercontent.com/-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="headerj.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1369
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:31 GMT
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1e64"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh5.googleusercontent.com/-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico-m.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 785
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf85"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh5.googleusercontent.com/-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="njnm.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1148
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:31 GMT
Expires: Fri, 14 Jun 2024 11:07:31 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v1f81"
Content-Type: image/gif
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh5.googleusercontent.com/-ndguCUG8K_k/UH5HcOi-TII/AAAAAAAAECs/1S8LT_5hYlw/s13/ico_top.png

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-ndguCUG8K_k/UH5HcOi-TII/AAAAAAAAECs/1S8LT_5hYlw/s13/ico_top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh5.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico_top.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 262
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v102b"
Content-Type: image/png
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://sauciu.googlecode.com/files/mrelatedpost.js

IEXPLORE.EXE

Remote address:

142.250.102.82:80

Request

GET /files/mrelatedpost.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sauciu.googlecode.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1582
Date: Thu, 13 Jun 2024 11:07:29 GMT
GET

https://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js

IEXPLORE.EXE

Remote address:

162.125.64.15:443

Request

GET /u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dl.dropbox.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Date: Thu, 13 Jun 2024 11:07:30 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow, noimageindex
Content-Encoding: gzip
Vary: Accept-Encoding
X-Dropbox-Response-Origin: remote
X-Dropbox-Request-Id: e36e874de1454d46853f4d07b6508bbc
Transfer-Encoding: chunked
GET

https://lh6.googleusercontent.com/-ENGt3WNWQnA/UHehqcn1hQI/AAAAAAAAD4o/7qXMb3s5hS8/s15/ico-u.jpg

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-ENGt3WNWQnA/UHehqcn1hQI/AAAAAAAAD4o/7qXMb3s5hS8/s15/ico-u.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ico-u.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 784
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:07:30 GMT
Expires: Fri, 14 Jun 2024 11:07:30 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf8a"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://lh6.googleusercontent.com/-wiu3WjmJSnI/Twqqu98YNMI/AAAAAAAABhE/8E4XYKpG7fQ/s6/li2.gif

IEXPLORE.EXE

Remote address:

172.217.16.225:443

Request

GET /-wiu3WjmJSnI/Twqqu98YNMI/AAAAAAAABhE/8E4XYKpG7fQ/s6/li2.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh6.googleusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="li2.gif"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 49
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 07:25:08 GMT
Expires: Fri, 14 Jun 2024 07:25:08 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 13342
ETag: "v2108"
Content-Type: image/gif
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

142.250.180.1:80

http://1.bp.blogspot.com/-Hmr81d9vBgo/UTQHi9-_CcI/AAAAAAAABuw/YLXIsCg3bk4/s1600/doko.vn+-+Lam+the+nao+de+vuot+qua+su+rut+re+nhut+nhat+-+ebook+ky+nang+mem.gif

http

IEXPLORE.EXE

2.9kB
107.9kB
47
82

HTTP Request

GET http://1.bp.blogspot.com/-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-Hmr81d9vBgo/UTQHi9-_CcI/AAAAAAAABuw/YLXIsCg3bk4/s1600/doko.vn+-+Lam+the+nao+de+vuot+qua+su+rut+re+nhut+nhat+-+ebook+ky+nang+mem.gif

HTTP Response

200
142.250.180.1:80

http://4.bp.blogspot.com/-6c2ZHl45WIw/UaFt1han1jI/AAAAAAAAJmQ/YnUryhYqmlg/s1600/danh-ngon-cuoc-song.jpg

http

IEXPLORE.EXE

1.8kB
48.3kB
24
39

HTTP Request

GET http://4.bp.blogspot.com/-TFJRyZ0TLRk/UaWd_EXDkpI/AAAAAAAAALc/VQmJPXBao4M/s72-c/Lissandra.jpg

HTTP Response

200

HTTP Request

GET http://4.bp.blogspot.com/-6c2ZHl45WIw/UaFt1han1jI/AAAAAAAAJmQ/YnUryhYqmlg/s1600/danh-ngon-cuoc-song.jpg

HTTP Response

200
142.250.102.82:443

https://nguyenhuytap.googlecode.com/files/jquery.min.v1.4.1.js

tls, http

IEXPLORE.EXE

1.2kB
6.8kB
12
10

HTTP Request

GET https://nguyenhuytap.googlecode.com/files/jquery.min.v1.4.1.js

HTTP Response

404
142.250.180.1:80

http://1.bp.blogspot.com/-7ALi9mJE1DM/Ud-2rFGD2BI/AAAAAAAAALA/GT394GfvpXs/s72-c/lam+web.jpg

http

IEXPLORE.EXE

699 B
5.8kB
8
8

HTTP Request

GET http://1.bp.blogspot.com/-7ALi9mJE1DM/Ud-2rFGD2BI/AAAAAAAAALA/GT394GfvpXs/s72-c/lam+web.jpg

HTTP Response

200
142.250.180.1:80

http://1.bp.blogspot.com/-DCjyyHSxLDI/UZcEe4BnfRI/AAAAAAAAAFc/gZnCFMhne6c/s200/cach+phat+ngon.jpg

http

IEXPLORE.EXE

1.2kB
14.2kB
12
15

HTTP Request

GET http://1.bp.blogspot.com/-xsLQZ-gnffA/Ud-onfFN8NI/AAAAAAAAAKw/rk5J54qK72Y/s72-c/tim+viec.jpg

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/-DCjyyHSxLDI/UZcEe4BnfRI/AAAAAAAAAFc/gZnCFMhne6c/s200/cach+phat+ngon.jpg

HTTP Response

200
142.250.180.1:80

http://4.bp.blogspot.com/-JhW_wp0wLzc/UVHiagGTMfI/AAAAAAAACIc/jEFWN-H6bA8/s400/Cac+ky+nang+quan+ly+thoi+gian.jpg

http

IEXPLORE.EXE

904 B
19.6kB
12
17

HTTP Request

GET http://4.bp.blogspot.com/-JhW_wp0wLzc/UVHiagGTMfI/AAAAAAAACIc/jEFWN-H6bA8/s400/Cac+ky+nang+quan+ly+thoi+gian.jpg

HTTP Response

200
162.125.64.15:80

dl.dropbox.com

IEXPLORE.EXE

466 B
92 B
10
2
162.125.64.15:80

http://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js

http

IEXPLORE.EXE

632 B
762 B
7
6

HTTP Request

GET http://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js

HTTP Response

301
142.250.102.82:443

https://nguyenhuytap.googlecode.com/files/recent14.js

tls, http

IEXPLORE.EXE

1.2kB
6.9kB
12
12

HTTP Request

GET https://nguyenhuytap.googlecode.com/files/recent14.js

HTTP Response

404
142.250.180.1:80

http://1.bp.blogspot.com/-pwpY_Q0pm0c/UauTv1mCrgI/AAAAAAAAAlY/lTdGPDaJYwk/s400/0.659543001253615415.jpg

http

IEXPLORE.EXE

2.0kB
55.4kB
28
45

HTTP Request

GET http://1.bp.blogspot.com/-8AEdV88gOIA/UVf_7wl1VfI/AAAAAAAAALE/xOOd3p5gmzM/s72-c/galasinhvienvfu.png

HTTP Response

404

HTTP Request

GET http://1.bp.blogspot.com/-pwpY_Q0pm0c/UauTv1mCrgI/AAAAAAAAAlY/lTdGPDaJYwk/s400/0.659543001253615415.jpg

HTTP Response

200
142.250.180.1:80

http://1.bp.blogspot.com/-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png

http

IEXPLORE.EXE

602 B
1.2kB
6
4

HTTP Request

GET http://1.bp.blogspot.com/-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png

HTTP Response

200
142.250.178.9:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http

IEXPLORE.EXE

1.2kB
7.1kB
12
11

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200
142.250.178.9:443

resources.blogblog.com

tls

IEXPLORE.EXE

759 B
4.8kB
10
9
142.250.180.1:80

http://3.bp.blogspot.com/-XIr-iRr1ae4/UcPARxeo2CI/AAAAAAAALms/HsYobECJoWc/s1600/thi-dai-hoc.jpg

http

IEXPLORE.EXE

1.4kB
17.5kB
15
16

HTTP Request

GET http://3.bp.blogspot.com/-TLuI5FqX8hg/T5DMiEWjXSI/AAAAAAAABMY/D3hmqZroZmY/s1600/loading-related-namkna-blogspot-com.gif

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-XIr-iRr1ae4/UcPARxeo2CI/AAAAAAAALms/HsYobECJoWc/s1600/thi-dai-hoc.jpg

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-aaQpOli7hb8/UVHYoukELLI/AAAAAAAACIM/XI1jDm9vfRM/s1600/Lap+thoi+gian+bieu+hieu+qua.jpg

http

IEXPLORE.EXE

2.7kB
97.5kB
43
75

HTTP Request

GET http://3.bp.blogspot.com/-V6RZKWgWiCI/UdY0JksKMRI/AAAAAAAAA4w/wuKJ2b59yOk/s72-c/anh-nong-ngoc-trinh-22.jpg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-aaQpOli7hb8/UVHYoukELLI/AAAAAAAACIM/XI1jDm9vfRM/s1600/Lap+thoi+gian+bieu+hieu+qua.jpg

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-BFmNTUOkKqo/UauRhVXlBCI/AAAAAAAAAlM/FTwX9tW8gMI/s320/yeupt2(1).jpg

http

IEXPLORE.EXE

1.7kB
44.3kB
23
36

HTTP Request

GET http://3.bp.blogspot.com/-vAyrqYrSZxI/Ucu9KHUTthI/AAAAAAAAMKQ/Lufh_VX1DN8/s72-c/popup.gif

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-BFmNTUOkKqo/UauRhVXlBCI/AAAAAAAAAlM/FTwX9tW8gMI/s320/yeupt2(1).jpg

HTTP Response

200
142.250.180.1:80

http://3.bp.blogspot.com/-yuM55cIymIo/UVJeS0Sa-QI/AAAAAAAACJg/j-7DPnjwiwo/s1600/Bi+quyet+ghi+chep.jpg

http

IEXPLORE.EXE

3.0kB
119.5kB
50
89

HTTP Request

GET http://3.bp.blogspot.com/-4F6GAlViMDQ/UcBmOMdmMOI/AAAAAAAALVo/rKvuOyl2EYE/s72-c/ao-dai-thuan-viet-truyen-thong-1.jpg

HTTP Response

200

HTTP Request

GET http://3.bp.blogspot.com/-yuM55cIymIo/UVJeS0Sa-QI/AAAAAAAACJg/j-7DPnjwiwo/s1600/Bi+quyet+ghi+chep.jpg

HTTP Response

200
142.250.180.1:80

http://2.bp.blogspot.com/-WTW4fxSuIpw/Ub7Q1uTYetI/AAAAAAAALQQ/l2WtqDTikpE/s72-c/ky-tu-dac-biet.jpg

http

IEXPLORE.EXE

660 B
3.2kB
7
6

HTTP Request

GET http://2.bp.blogspot.com/-WTW4fxSuIpw/Ub7Q1uTYetI/AAAAAAAALQQ/l2WtqDTikpE/s72-c/ky-tu-dac-biet.jpg

HTTP Response

200
172.217.16.225:443

https://lh4.googleusercontent.com/-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png

tls, http

IEXPLORE.EXE

2.4kB
42.2kB
28
37

HTTP Request

GET https://lh4.googleusercontent.com/-so134IXw9j8/Ud_zGp8tyvI/AAAAAAAAAMY/eUfrPVsm5Ok/w180-h300-no/nhe+mb4+copy.gif

HTTP Response

200

HTTP Request

GET https://lh4.googleusercontent.com/-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png

HTTP Response

200
142.250.180.1:80

http://2.bp.blogspot.com/-PMpt3dzsma0/UVGhbMmjS_I/AAAAAAAACHU/sFV04dn_AZQ/s1600/12+meo+nghe+thuat+giao+tiep.jpg

http

IEXPLORE.EXE

3.1kB
124.9kB
53
94

HTTP Request

GET http://2.bp.blogspot.com/-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png

HTTP Response

200

HTTP Request

GET http://2.bp.blogspot.com/-PMpt3dzsma0/UVGhbMmjS_I/AAAAAAAACHU/sFV04dn_AZQ/s1600/12+meo+nghe+thuat+giao+tiep.jpg

HTTP Response

200
172.217.16.225:443

https://lh4.googleusercontent.com/-vLGoOSRPY0E/T5Sy1CGDTgI/AAAAAAAABPE/lEYBjX-0_kM/h120/img-bg-rd1-namkna-blogspot-com.png

tls, http

IEXPLORE.EXE

1.3kB
11.6kB
13
13

HTTP Request

GET https://lh4.googleusercontent.com/-vLGoOSRPY0E/T5Sy1CGDTgI/AAAAAAAABPE/lEYBjX-0_kM/h120/img-bg-rd1-namkna-blogspot-com.png

HTTP Response

200
142.250.178.9:443

https://www.blogger.com/navbar.g?targetBlogID=2303470841620375819&blogName=SV+L%C3%A2m+Nghi%E1%BB%87p&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://svfu.blogspot.com/search&blogLocale=vi&v=2&homepageUrl=http://svfu.blogspot.com/&vt=-3610913815217020809&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

2.6kB
19.2kB
21
26

HTTP Request

GET https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.css

HTTP Response

200

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2303470841620375819&zx=372c87ef-af03-4ded-bb23-f68ac92b5b32

HTTP Response

200

HTTP Request

GET https://www.blogger.com/navbar.g?targetBlogID=2303470841620375819&blogName=SV+L%C3%A2m+Nghi%E1%BB%87p&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://svfu.blogspot.com/search&blogLocale=vi&v=2&homepageUrl=http://svfu.blogspot.com/&vt=-3610913815217020809&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.6jI6mC1Equ4.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ%2Fm%3D__features__

HTTP Response

200
172.217.16.225:443

https://lh4.googleusercontent.com/-DhT7TaOwPHg/UHaC2uyfwoI/AAAAAAAADyk/9t1sqImvJPo/s83/back-tile.jpg

tls, http

IEXPLORE.EXE

3.1kB
71.9kB
37
59

HTTP Request

GET https://lh4.googleusercontent.com/-7479kstSn10/Ud_zFkdJISI/AAAAAAAAAME/3U9xpA8y3DQ/w830-h74-no/Duoi+web.png

HTTP Response

200

HTTP Request

GET https://lh4.googleusercontent.com/-Na6WNNSGuiI/UHb_aG5hY2I/AAAAAAAAD2k/MA0Js_GJh-Y/s30/bg-menu-foot.jpg

HTTP Response

200

HTTP Request

GET https://lh4.googleusercontent.com/-DhT7TaOwPHg/UHaC2uyfwoI/AAAAAAAADyk/9t1sqImvJPo/s83/back-tile.jpg

HTTP Response

200
142.250.180.1:80

http://2.bp.blogspot.com/-zQ5K4rdCC1E/UZenfmsKktI/AAAAAAAAJHo/ksOhDtcum1I/s72-c/samsung-galaxy-S4.jpg

http

IEXPLORE.EXE

663 B
4.0kB
7
6

HTTP Request

GET http://2.bp.blogspot.com/-zQ5K4rdCC1E/UZenfmsKktI/AAAAAAAAJHo/ksOhDtcum1I/s72-c/samsung-galaxy-S4.jpg

HTTP Response

200
142.250.200.1:80

http://svfu.blogspot.com/feeds/posts/default/-/k%E1%BB%B9%20n%C4%83ng%20m%E1%BB%81m?alt=json-in-script&callback=getRandomPosts&max-results=999999

http

IEXPLORE.EXE

2.0kB
78.5kB
35
60

HTTP Request

GET http://svfu.blogspot.com/feeds/posts/default/-/k%E1%BB%B9%20n%C4%83ng%20m%E1%BB%81m?alt=json-in-script&callback=getRandomPosts&max-results=999999

HTTP Response

200
172.217.16.225:443

https://lh4.googleusercontent.com/-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif

tls, http

IEXPLORE.EXE

2.1kB
13.3kB
15
18

HTTP Request

GET https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg

HTTP Response

200

HTTP Request

GET https://lh4.googleusercontent.com/-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png

HTTP Response

200

HTTP Request

GET https://lh4.googleusercontent.com/-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif

HTTP Response

200
142.250.200.1:80

svfu.blogspot.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.178.9:443

https://www.blogger.com/static/v1/widgets/211300122-widgets.js

tls, http

IEXPLORE.EXE

2.0kB
60.5kB
30
48

HTTP Request

GET https://www.blogger.com/static/v1/widgets/211300122-widgets.js

HTTP Response

200
142.250.178.9:443

www.blogger.com

tls

IEXPLORE.EXE

752 B
4.8kB
10
9
142.250.180.1:80

http://1.bp.blogspot.com/-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png

http

IEXPLORE.EXE

602 B
1.1kB
6
4

HTTP Request

GET http://1.bp.blogspot.com/-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png

HTTP Response

200
172.217.16.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

5.9kB
162.5kB
71
126

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/platform:gapi.iframes.style.common.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_0?le=scs

HTTP Response

200
172.217.16.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs

tls, http

IEXPLORE.EXE

1.5kB
21.2kB
16
20

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.6jI6mC1Equ4.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo-79kMK-M6Si-J0E_6fI_9RBHBrwQ/cb=gapi.loaded_1?le=scs

HTTP Response

200
172.217.16.225:443

https://lh6.googleusercontent.com/-0E_Cmoz-GGU/UHbGi-ggJ3I/AAAAAAAAD08/raRmKvf_A4o/s4/dot1.jpg

tls, http

IEXPLORE.EXE

2.1kB
13.1kB
15
17

HTTP Request

GET https://lh6.googleusercontent.com/-mGuMMXcOEkM/UH15S1Px2EI/AAAAAAAAEAo/ICNRZxoRk_g/s16/googlebuzz.png

HTTP Response

200

HTTP Request

GET https://lh6.googleusercontent.com/-8Q8_bB8Jhf8/UH15SxtVP4I/AAAAAAAAEAw/5A9nHwtU3As/s16/facebook.png

HTTP Response

200

HTTP Request

GET https://lh6.googleusercontent.com/-0E_Cmoz-GGU/UHbGi-ggJ3I/AAAAAAAAD08/raRmKvf_A4o/s4/dot1.jpg

HTTP Response

200
172.217.16.225:443

lh6.googleusercontent.com

tls

IEXPLORE.EXE

762 B
9.7kB
10
12
172.217.16.225:443

https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

tls, http

IEXPLORE.EXE

5.2kB
218.8kB
90
163

HTTP Request

GET https://lh6.googleusercontent.com/-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif

HTTP Response

200

HTTP Request

GET https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

HTTP Response

200
172.217.16.225:443

https://lh6.googleusercontent.com/-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png

tls, http

IEXPLORE.EXE

1.3kB
10.5kB
13
13

HTTP Request

GET https://lh6.googleusercontent.com/-MfUTwAJDVHs/UHehpNyiReI/AAAAAAAAD4I/o0u-CP5al-M/s15/ico-gioithieu.png

HTTP Response

200
172.217.16.225:443

https://lh6.googleusercontent.com/-2PL9in0wE_s/UHaC3hj507I/AAAAAAAADyk/wmtgohNnyPM/s150/neutral-texture.png

tls, http

IEXPLORE.EXE

1.8kB
15.4kB
16
19

HTTP Request

GET https://lh6.googleusercontent.com/-py3UTWU3Nzw/UHehopAwXOI/AAAAAAAAD34/GPkxUEHwl5Q/s15/ico-a.jpg

HTTP Response

200

HTTP Request

GET https://lh6.googleusercontent.com/-2PL9in0wE_s/UHaC3hj507I/AAAAAAAADyk/wmtgohNnyPM/s150/neutral-texture.png

HTTP Response

200
172.217.16.225:443

https://lh6.googleusercontent.com/-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif

tls, http

IEXPLORE.EXE

2.4kB
56.1kB
29
47

HTTP Request

GET https://lh6.googleusercontent.com/-F2254ftq9vc/Ud_zGK4toKI/AAAAAAAAAMI/US6--I6h_Vo/w180-h300-no/nhe+mb1+copy.gif

HTTP Response

200

HTTP Request

GET https://lh6.googleusercontent.com/-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif

HTTP Response

200
172.217.16.225:443

https://lh3.googleusercontent.com/-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg

tls, http

IEXPLORE.EXE

1.9kB
22.2kB
18
21

HTTP Request

GET https://lh3.googleusercontent.com/-e0DJRG2ArxE/Ud_zFl-9zxI/AAAAAAAAAL4/W36esqjCSNc/w294-h68-no/56757449.bnewsfootercopy.png

HTTP Response

200

HTTP Request

GET https://lh3.googleusercontent.com/-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg

HTTP Response

200
172.217.16.225:443

https://lh3.googleusercontent.com/-Af6eAravO_c/UHehq1qMshI/AAAAAAAAD40/s9eDnyD170c/s8/l-space.jpg

tls, http

IEXPLORE.EXE

2.7kB
16.3kB
20
17

HTTP Request

GET https://lh3.googleusercontent.com/-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png

HTTP Response

200

HTTP Request

GET https://lh3.googleusercontent.com/-eEoX3YdUMGg/UHxDSVpNFcI/AAAAAAAAD9s/gGao2ZhvyNM/s18/hbhjs.png

HTTP Response

200

HTTP Request

GET https://lh3.googleusercontent.com/-Tie8MX__wvA/UHehq5XkyzI/AAAAAAAAD4w/fOZkTtYvAQk/s48/li-right.jpg

HTTP Response

200

HTTP Request

GET https://lh3.googleusercontent.com/-Af6eAravO_c/UHehq1qMshI/AAAAAAAAD40/s9eDnyD170c/s8/l-space.jpg

HTTP Response

200
172.217.16.225:443

https://lh5.googleusercontent.com/-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg

tls, http

IEXPLORE.EXE

1.3kB
11.1kB
13
14

HTTP Request

GET https://lh5.googleusercontent.com/-5joH5eWvLJE/UHehpUlIUZI/AAAAAAAAD4M/3dUKKd5YczY/s15/ico-h.jpg

HTTP Response

200
172.217.16.225:443

https://lh5.googleusercontent.com/-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif

tls, http

IEXPLORE.EXE

2.2kB
43.3kB
26
39

HTTP Request

GET https://lh5.googleusercontent.com/-2hiRNXeaiW0/Ud_zGRALr1I/AAAAAAAAAMU/m1Ib5LbywTI/w180-h300-no/nhe+mb3+copy.gif

HTTP Response

200

HTTP Request

GET https://lh5.googleusercontent.com/-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif

HTTP Response

200
172.217.16.225:443

https://lh5.googleusercontent.com/-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif

tls, http

IEXPLORE.EXE

1.7kB
12.9kB
14
17

HTTP Request

GET https://lh5.googleusercontent.com/-BmTGLIYo3FU/UHehpyJ-ixI/AAAAAAAAD4U/PCCko5XgXZo/s15/ico-m.jpg

HTTP Response

200

HTTP Request

GET https://lh5.googleusercontent.com/-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif

HTTP Response

200
172.217.16.225:443

https://lh5.googleusercontent.com/-ndguCUG8K_k/UH5HcOi-TII/AAAAAAAAECs/1S8LT_5hYlw/s13/ico_top.png

tls, http

IEXPLORE.EXE

1.3kB
11.4kB
13
15

HTTP Request

GET https://lh5.googleusercontent.com/-ndguCUG8K_k/UH5HcOi-TII/AAAAAAAAECs/1S8LT_5hYlw/s13/ico_top.png

HTTP Response

200
142.250.102.82:80

http://sauciu.googlecode.com/files/mrelatedpost.js

http

IEXPLORE.EXE

549 B
1.9kB
6
4

HTTP Request

GET http://sauciu.googlecode.com/files/mrelatedpost.js

HTTP Response

404
142.250.102.82:80

sauciu.googlecode.com

IEXPLORE.EXE

190 B
92 B
4
2
162.125.64.15:443

https://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js

tls, http

IEXPLORE.EXE

1.3kB
5.9kB
13
13

HTTP Request

GET https://dl.dropbox.com/u/70549761/Ramdon-post/namkna-blogspot-com/rd-post-thumb.js

HTTP Response

404
172.217.16.225:443

https://lh6.googleusercontent.com/-wiu3WjmJSnI/Twqqu98YNMI/AAAAAAAABhE/8E4XYKpG7fQ/s6/li2.gif

tls, http

IEXPLORE.EXE

1.5kB
4.4kB
11
11

HTTP Request

GET https://lh6.googleusercontent.com/-ENGt3WNWQnA/UHehqcn1hQI/AAAAAAAAD4o/7qXMb3s5hS8/s15/ico-u.jpg

HTTP Response

200

HTTP Request

GET https://lh6.googleusercontent.com/-wiu3WjmJSnI/Twqqu98YNMI/AAAAAAAABhE/8E4XYKpG7fQ/s6/li2.gif

HTTP Response

200
172.217.16.225:443

lh3.googleusercontent.com

tls

IEXPLORE.EXE

529 B
355 B
6
5
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12

8.8.8.8:53

nguyenhuytap.googlecode.com

dns

IEXPLORE.EXE

73 B
134 B
1
1

DNS Request

nguyenhuytap.googlecode.com

DNS Response

142.250.102.82
8.8.8.8:53

www.blogger.com

dns

IEXPLORE.EXE

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.178.9
8.8.8.8:53

lh4.googleusercontent.com

dns

IEXPLORE.EXE

71 B
116 B
1
1

DNS Request

lh4.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

lh6.googleusercontent.com

dns

IEXPLORE.EXE

71 B
116 B
1
1

DNS Request

lh6.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

1.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

3.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

dl.dropbox.com

dns

IEXPLORE.EXE

60 B
121 B
1
1

DNS Request

dl.dropbox.com

DNS Response

162.125.64.15
8.8.8.8:53

2.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

svfu.blogspot.com

dns

IEXPLORE.EXE

63 B
122 B
1
1

DNS Request

svfu.blogspot.com

DNS Response

142.250.200.1
8.8.8.8:53

resources.blogblog.com

dns

IEXPLORE.EXE

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.178.9
8.8.8.8:53

4.bp.blogspot.com

dns

IEXPLORE.EXE

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.180.1
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.16.238
8.8.8.8:53

lh3.googleusercontent.com

dns

IEXPLORE.EXE

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

lh5.googleusercontent.com

dns

IEXPLORE.EXE

71 B
116 B
1
1

DNS Request

lh5.googleusercontent.com

DNS Response

172.217.16.225
8.8.8.8:53

sauciu.googlecode.com

dns

IEXPLORE.EXE

67 B
128 B
1
1

DNS Request

sauciu.googlecode.com

DNS Response

142.250.102.82

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb85f3fcf86ef0de7ef258539cae87de

SHA1
c73288fff07885a62f8c7033b348863ed3b8cad1

SHA256
7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f

SHA512
dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47

Filesize
472B

MD5
31c72108356bcbb5569409aa463923e3

SHA1
647712555d187d6763bdafc3e9c2ee9645bae56a

SHA256
16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb

SHA512
4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
61849b005e6e9f707e7ce2c58dd7d660

SHA1
8e1e1b0b6330eb84be4d3b1faf4c618f43fbf78b

SHA256
02f137dabab82cb128323d458008edeb84f034bd0af24abcce5b93bbba2460c4

SHA512
c2eeb3f03d54d989fc1de4d9ca42517a53dcf913fcbe01f642f3133aad1d0514914b37739590e92b7c65c4790605bebd792eaf4bf86aae24aa9c647d552b6fd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6218682f66cb7fe254448046108449f7

SHA1
8751641068dad1d186f0c84eeeea9a718fbfbb34

SHA256
4be35d4a3734e6c58d45622a78ae5369e34a3cefaed74e96cb3f0cd346936e11

SHA512
f960c6b815be0ff87d927554836738c8547e88ad5bff89f57fb81e92ce4f51a5222828003eb30e6db88099c42ce60c30cf562db96ebf977eeb562124084e7889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f464dc353a2ae0254617e5b42cfe0ff

SHA1
ac163ca0db296c9245d5a158d2db3fb2537b95f3

SHA256
13f55fbd5c0793177ef20a13daa5d655114193c2b860ef307453ab3ce7b2d474

SHA512
e9c24510e7f6c5c9d3aa697417cf6896ff25a0576f97536c97be67fcdda5cd067854ca9d7d5f231f25048f3b9fdbb2ff0e5cb211f0cfae21d40ced0c3e17358b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cdf7d607e49f2f418acec2a9be4bd6a

SHA1
a261e762824661917851a79692bdc1204b8c538f

SHA256
74c4493416182bc64c567d8d45047dc941e138bfee2930da0c18d4bb8fcf6ae5

SHA512
0a8c23f6a8b66c553f5bf9f28b87bb6481abb072d5ab22b5744a2ee3da375d378e0a1f5ca92f0622ba1fe7e81285f157fa953b8810cd5f23ceaed713c0e69d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6e89f059da72a10144d72102729671d

SHA1
46d90c0fab72282c75ba6d0c7cc9fc2f86684b26

SHA256
c17cd8975825d5bdd5d24594471ccde92e765c0514dd566ac072143ff469b320

SHA512
1762ab964890913a937932aea5b8eaae7075b3cfd4184dd1f45e8b9db31eb5c5b454b3b26ef9305496aa83e68912ddd8bed3816570fcc6255ff4c40898c4225c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8f1614b0c68ae0fef358670c4744582

SHA1
ae479280dd8d22ce4791af7c3ff7c689d186be12

SHA256
11447b12e784e86664fc67640399e88ea33f8c6b194ac2ea1625a58de3936c90

SHA512
51f272779c7948cfa4cf06ff9904e804e6cb66378413015ff805fcb727a926a3ffc822db224f75b74d6b996b210e750a2e75e88a8ffd13cc67d5fa2f932fe2f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
248ea88d681790289af5d10270746af2

SHA1
3fe81d63dc86414a6e79795de4628ed2d24e9a05

SHA256
bd959588fe1b43e14ebe841a26a256971b46cf329746429e14a1af95a46fa000

SHA512
e714615a289cc99c99f61549f696f0562e5f150a32af9fddea667e83cf78f4bc9c67d3917d92d6cd8dbc73d013d35897d8f0b197fa94bf3b9405233b30025628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccc68b35793b8835025c9dc8dcb4c787

SHA1
e65124fefd97a371f50e2369a3298b7a9de45f06

SHA256
c8a1a8c90d3c66fd46e8e4d5279cc2e51f535db996c65518a40256632a39143f

SHA512
3704d7b271eaa39ecb4ba2473dacca43f179bb1e6fbf4d53fcdb6b89ffbc13d5b50481597b2476ccb9b4fd0c563ff2917e3f817bfbc12d0f21a941f7c4fc6df9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b6e653519a18ab44537319f07eae84a

SHA1
efd05f17e5b00045c92d10964fe956abbb572753

SHA256
19407b127ae4b75b257e7f34acfe1f4f5d8397aa9446cde031f8c4d56d7a24f6

SHA512
ab8806157a1e8506b61b1b8a986cdd05bdc0f32fdaadaa05a12d73e953a3d23a4a49f631cfa067525ee7a974f8296e068a610ffccf3686cd878438962cd4b51e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06b21d4bc8e09edf49d0c354f700a5ff

SHA1
848b85b2cde8eb3d040892917be09d69277ff67f

SHA256
19227ec251dfdd85352d2cb77251b413ec0e2f58148a5fe927b993ab41aa302e

SHA512
be4b0087622441ae995b9359add11cde10f6e7368506b56c7acf86d1d739eb9d4d5c57071d51b56b84789cc1e4e7164de63d984b7bca3c2c234cc7d07da394c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4dcacd59a1e60d03e83740fc10eb250

SHA1
15903026b8ed3813c2126dc7fd2a988eed762c23

SHA256
170769f26981c270fa00c4c34bf9be5ceaf711254fd916b878da6f3fcc35b8f0

SHA512
fc55f419b274d12afbe87937b16a952b3f8ccb0415aeeeea15057d7cc06b571171a50fb5e750995fb2a483ec34855914d64099428b1038486da1fb5b5bc2ad3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6f507c1aa53a9e328c96bf6d68e1923

SHA1
0f8500fa82d6232e413e7e7a5911d624fe7baef2

SHA256
f9346f9a75fe7cf7a94c9696374820bebe8e0d0c4d813a3b8b002f566c4dd1f8

SHA512
f8b83bc6a0e87f058cbe94439f5ad9347ef5a8ba333b07c82c2373ba380dda157356aa192e90b4b8e0a8540c0ff7675f4dd6c926814a935902a295b8fd1cae9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45131fe902a47435954d2f5d161d3934

SHA1
a62e135828691e3f221363fc03b73abb6985440f

SHA256
6b4e00ce97b4201575529c6fba81273267280d00cf77892af8a579ac2af1c628

SHA512
d1f68aea22ff81689c6e2fafc321788894e039db539d1e062a106470d20f221c61787da87fa14068df05cfb80a2ec48ba6129e1c1a23129530661445b1fa755a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a47e3dd3e1e3d99ec0c8c7ee8a4551b

SHA1
d2524623ea704bbfecd739fe0f967f181339bc33

SHA256
917fe201729b93d54af30a4c38866c6fa1d8642f3949827455e82120cec1a693

SHA512
d53a21d3eb5afcab510ce934328c7c4be8419b0ed97de3dfb442878b0067ed22608b055457806734c4052b39e36da00ab54b5cff7189e2dfe083cafad21606fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cb8c48338e2b2ee496afa02f66cd815

SHA1
71bbb0afeea544c80f21c7c0bf8d3f5b37f2cfa0

SHA256
e59a5c6f0f2e6ac2acfdc31eb1463164b135567c70e4217f48af9c2ce3b7e7fc

SHA512
8c53a573d9a191b30e40ae682e0737d89cdea04511d096f73f7429231c286e4ddcc9159d7dcfea50f88a248ed85b44738855c77a7418b454c88b423c68660696

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfd38b42e3eab3234600ab311086ea81

SHA1
70222f5914416629d8cd862f7d89140277ef2eae

SHA256
e15eb3d629b7da21924c4c42d935cd34f34861cc6592412889f51497ec512e86

SHA512
91c28faa893660d3f19082aa7eb1c14670968a7d9cb243821cd8c6180b2f33c20a333e0a9fdc1e92bf727530580aecefb0ff5d895ccf79f1671c9c8ecfd13beb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a9ef978166600689c35caae28a49b1b

SHA1
071d4f4768265a0a1e15fbcae0807cd1d494d2e1

SHA256
bc92e6f5de4af21d615db354efc6416c0b09b1cd9b6f68042b9370803bc07268

SHA512
0dcc12936cae8622aa69fd6aa08d5b411aefbd040402a501049248b6c91d2cddd1758aa2ac30d3e7f983085665d8ef81114db0e30bdfa9d5f29cfb3862cdb2bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8f48f09484c4b5255072b5d8027f865

SHA1
65524a580b4481c7da33b4e00f59a93c768c689e

SHA256
7672effe31e03678fa02bdec888bf18b71770aae89b142821b6bbb2f6cb12175

SHA512
32f0d280e0f6793a373bb7ea5c169d7f2fb83f6395c5cb6783be66c7eed4eb0256da6fb6f734bfad302c0257c9802a11cceffa9efc6fc8d502822edfeeb350cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41dcac8bbf4af31d48d9f07297eb47bd

SHA1
b851b26c214f7e235fdcc4eb315a7448be2b05ea

SHA256
e5421bb3ce7ba9b8b592e7762eb4ca254e3ddab2c95bc6b2121a9807bbb2ff97

SHA512
37eb0f0232e277b7760d3c9b0fd77146043f1c7ffbc58b7d760750f367b325593b6e986cae1fb26933631631e9657b81d450a6cb8318fd9a7168be3c03fe7497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bed52d61fa1cf4d564d9bff13baaeece

SHA1
19400248c03a9a1a33e64392e8b957ec9e105bd2

SHA256
0dd29b2099cf543389e7f7a7dcfbb0039ed36f72b99d667a2a798f85056c3982

SHA512
29a2acc5fe06a491885bc754fdba03c84b7cf27aac47646295ff203bfec49a4eb5c1bad7083829ff8fbba33db24b687a0dddefee76c6d6a3603b47bbcefcfc9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5ad7b48a058be85fbad10af38930294

SHA1
27c98ecac9ad4179e639af845fd9b560e21944fb

SHA256
7b7111db64588f91ac3ea27106c890c93e704cb95218db53979dca58e6677dd6

SHA512
83f66946e11081c5152106769ca10132cf9ae12557f6d5fd557a66b7531979646c7cb0bfc87e67ab4f75fc573630f089b0ad428b698f24fc98a95a7948af5566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b9cff7b78e765ed14be2ee9c8c3582f

SHA1
20748a6bb69fec0afcf66b6c1f1940708ae44953

SHA256
d86b717641579ff882cf482323210deba9be93365109bc5a6a0559cb70430046

SHA512
010dfbc1e0f5fcb5ddd0572e47c21e9dea594d821b7fd8de25e33cad38830cfe4629afb72469adc1d0aa1e3539abae61b3bb1a743996fff52a3a8befb4ca0eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
a739e6cdd4ef9c21039582d925d6389a

SHA1
ad6a9c984b61a9cd79fdb19d0e46e4ea932b5f5d

SHA256
50dd276d3a99e4e5d8e85badfb7201b84c95031a66eebfb2466a8a9d66719b26

SHA512
0d2231e52ea9ffa98cb494b8b3ced51e4beb6e44da8dd87769a8ac2feddb03238c9211213fd8244cd335dcea0cc560db65e0cb5beefba7389a07beaa0b6b88bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
d5b1e125bf93e0720de08f7cc62edfb7

SHA1
c71715642ab8f670ad3cdfc4dd7abbd410a2a7a7

SHA256
15ccc25bdd3dc775b1a734cd9c73ba73bf591a1ade0c23ea5c4e69d583d4ab48

SHA512
b12ca3a0b971edfb1b87122ba862805ad2dc38a392c188ef3fb315246b67f6fde6ab9d7c179a1e59ca6970b2e191a3fea4d808e66b2d3032158e224341c41cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4892a779154c551c76a97ce710551615

SHA1
a42f9af4086bc17c0de0f27f4abc5839942142f8

SHA256
b578abbefdb987b9175555c25dc2528e022cb3e7c12b45fa43a10e380cda4dcc

SHA512
b1766edbcddb7d4c00f24caf6f9e557954ed99e2e0b2ccff66b3b01cdba043d4548827bc19e92cbe4930750e70caeddd215672579c8160ebb6724c7123196117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
682c26af19b240f98d2cb951721fa54d

SHA1
18e58b652c7f82a55ab4b1910693686049e25d62

SHA256
96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980

SHA512
078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\cb=gapi[1].js

Filesize
134KB

MD5
f9255a0dec7524a9a3e867a9f878a68b

SHA1
813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b

SHA256
d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d

SHA512
d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C3A.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C41.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request