Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2024, 12:04 UTC
Static task
static1
Behavioral task
behavioral1
Sample
d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html
-
Size
159KB
-
MD5
d645be115c3f4d55390c25e1a882a915
-
SHA1
85c41c90cbd05a0278e13eabfe2d1fdc9ca79a74
-
SHA256
c52a46922aaf3e58b81b24512be09894aa6a9fc2fce2f561c2e103a232a1fa20
-
SHA512
53007d6088d715b7b397b04d8e76b1354423881122f2dbb92dc90c8d51416854637966398920cd15653b94175d714e564127d0aaa75acd9d48399d7bd27d786e
-
SSDEEP
3072:3HRcVhIVs2LQe2U0Dzvj40MZEPjLpUxAfYxslxNcl8CLcXmNRSxrfeOG9pr1a9a9:Bc7J/jXmNRT1RkR8h
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1392 msedge.exe 1392 msedge.exe 4872 msedge.exe 4872 msedge.exe 4280 identity_helper.exe 4280 identity_helper.exe 6104 msedge.exe 6104 msedge.exe 6104 msedge.exe 6104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4872 wrote to memory of 4172 4872 msedge.exe 85 PID 4872 wrote to memory of 4172 4872 msedge.exe 85 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 4124 4872 msedge.exe 86 PID 4872 wrote to memory of 1392 4872 msedge.exe 87 PID 4872 wrote to memory of 1392 4872 msedge.exe 87 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88 PID 4872 wrote to memory of 2392 4872 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d645be115c3f4d55390c25e1a882a915_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f70346f8,0x7ff9f7034708,0x7ff9f70347182⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:82⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11916992159187832541,15450828106811009566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6104
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1432
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2868
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A142.250.200.14
-
Remote address:8.8.8.8:53Requestwww.blogger.comIN AResponsewww.blogger.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A142.250.200.41
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A142.250.200.42
-
Remote address:142.250.200.42:80RequestGET /ajax/libs/mootools/1.2.4/mootools-yui-compressed.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 21029
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 04 Sep 2024 13:57:28 GMT
Expires: Thu, 04 Sep 2025 13:57:28 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 425207
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
-
Remote address:142.250.200.42:80RequestGET /ajax/libs/jquery/1.5.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30082
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 06 Sep 2024 09:34:42 GMT
Expires: Sat, 06 Sep 2025 09:34:42 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 268173
-
Remote address:142.250.200.41:443RequestGET /static/v1/widgets/254310735-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.200.41:443RequestGET /static/v1/widgets/2230271354-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://www.blogger.com/dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733msedge.exeRemote address:142.250.200.41:443RequestGET /dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733 HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.200.14:443RequestGET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scsmsedge.exeRemote address:142.250.200.14:443RequestGET /_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scsmsedge.exeRemote address:142.250.200.14:443RequestGET /_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestwww.google.co.idIN AResponsewww.google.co.idIN A172.217.169.35
-
Remote address:142.250.200.41:80RequestGET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: www.blogger.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 06 Sep 2024 20:33:15 GMT
Expires: Fri, 13 Sep 2024 20:33:15 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 06 Sep 2024 18:00:17 GMT
Content-Type: image/gif
Age: 228660
-
Remote address:8.8.8.8:53Request1.bp.blogspot.comIN AResponse1.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.200.33
-
Remote address:8.8.8.8:53Request1.bp.blogspot.comIN A
-
Remote address:8.8.8.8:53Request4.bp.blogspot.comIN AResponse4.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.200.33
-
Remote address:8.8.8.8:53Requestresources.blogblog.comIN AResponseresources.blogblog.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A142.250.200.41
-
Remote address:8.8.8.8:53Requestagenprediksibola.netIN AResponse
-
Remote address:8.8.8.8:53Requesticons.iconarchive.comIN AResponseicons.iconarchive.comIN A104.21.235.213icons.iconarchive.comIN A104.21.235.214
-
Remote address:8.8.8.8:53Request3.bp.blogspot.comIN AResponse3.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.200.33
-
Remote address:172.217.169.35:80RequestGET /cse/brand?form=cse-search-box&lang=en HTTP/1.1
Host: www.google.co.id
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Mon, 09 Sep 2024 12:34:15 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 237
X-XSS-Protection: 0
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request68.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request16.43.107.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request42.200.250.142.in-addr.arpaIN PTRResponse42.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f101e100net
-
Remote address:8.8.8.8:53Request41.200.250.142.in-addr.arpaIN PTRResponse41.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f91e100net
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
GEThttp://4.bp.blogspot.com/-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="contentwrap-bg.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 199
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32ac"
Content-Type: image/png
Vary: Origin
Age: 0
-
GEThttp://4.bp.blogspot.com/-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v32b8"
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="rss.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Server: fife
Content-Length: 1080
X-XSS-Protection: 0
-
GEThttp://4.bp.blogspot.com/_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v68a"
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="date.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Server: fife
Content-Length: 643
X-XSS-Protection: 0
-
GEThttp://3.bp.blogspot.com/-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="nav-bg.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 238
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32b0"
Content-Type: image/png
Vary: Origin
Age: 0
-
Remote address:142.250.200.41:443RequestGET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:104.21.235.213:80RequestGET /icons/deleket/folder/24/Mozilla-Thunderbird-icon.png HTTP/1.1
Host: icons.iconarchive.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 404 Not Found
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=5356800
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foRnLeSA6bDWBMPLPzXo1Z36tBkwN7VxiiPYD2Z%2F%2BwFJ7WGE3MtuGjzzex6Iivz93bD3TNzQd14xbSOTYANO3aimVblWrXOKP0kpa58VvUbZOyqXzgVDL17I77WDZa%2B7kjSoDo%2Bqlek%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c070a2bda5abea0-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
-
GEThttp://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mt1hh_I/AAAAAAAAMrY/exBKat_juV8/s1600/post-line.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_4HKUHirY_2U/TVV-mt1hh_I/AAAAAAAAMrY/exBKat_juV8/s1600/post-line.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v32b6"
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="post-line.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:15 GMT
Server: fife
Content-Length: 343
X-XSS-Protection: 0
-
GEThttp://3.bp.blogspot.com/_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="user.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 841
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:15 GMT
Expires: Tue, 10 Sep 2024 12:04:15 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v68b"
Content-Type: image/png
Vary: Origin
Age: 1
-
GEThttp://4.bp.blogspot.com/_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="wrapper-bg.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 248
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:16 GMT
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32c2"
Content-Type: image/png
Vary: Origin
Age: 0
-
GEThttp://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v32b4"
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="nav-seperator.png"
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:16 GMT
Server: fife
Content-Length: 226
X-XSS-Protection: 0
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A157.240.221.35
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.178.4
-
GEThttp://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80msedge.exeRemote address:157.240.221.35:80RequestGET /plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 09 Sep 2024 12:04:16 GMT
Connection: keep-alive
Content-Length: 0
-
GEThttp://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21msedge.exeRemote address:157.240.221.35:80RequestGET /plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 09 Sep 2024 12:04:38 GMT
Connection: keep-alive
Content-Length: 0
-
Remote address:8.8.8.8:53Request2.bp.blogspot.comIN AResponse2.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.200.33
-
Remote address:8.8.8.8:53Requests10.histats.comIN AResponses10.histats.comIN CNAMEs10.histats.com.cdn.cloudflare.nets10.histats.com.cdn.cloudflare.netIN A172.66.132.118s10.histats.com.cdn.cloudflare.netIN A172.66.132.114
-
Remote address:142.250.178.4:443RequestGET /cse/static/images/1x/en/branding.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttp://2.bp.blogspot.com/_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.png HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="sidebar-tab.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 367
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:16 GMT
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32be"
Content-Type: image/png
Vary: Origin
Age: 0
-
Remote address:8.8.8.8:53Request35.169.217.172.in-addr.arpaIN PTRResponse35.169.217.172.in-addr.arpaIN PTRlhr48s08-in-f31e100net
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request33.200.250.142.in-addr.arpaIN PTRResponse33.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f11e100net
-
Remote address:8.8.8.8:53Request213.235.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request227.179.250.142.in-addr.arpaIN PTRResponse227.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f31e100net
-
Remote address:172.66.132.118:80RequestGET /js15.js HTTP/1.1
Host: s10.histats.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 4405
Connection: keep-alive
Content-Encoding: gzip
ETag: "980881274"
Last-Modified: Thu, 16 Apr 2020 10:44:16 GMT
Vary: Accept-Encoding
Cache-Control: max-age=28800
CF-Cache-Status: HIT
Age: 59898
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 8c070a31ea5455ea-LHR
-
GEThttp://1.bp.blogspot.com/_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.pngmsedge.exeRemote address:142.250.200.33:80RequestGET /_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="twitter.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 890
X-XSS-Protection: 0
Date: Mon, 09 Sep 2024 12:04:16 GMT
Expires: Tue, 10 Sep 2024 12:04:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v32c0"
Content-Type: image/png
Vary: Origin
Age: 0
-
GEThttp://1.bp.blogspot.com/_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmpmsedge.exeRemote address:142.250.200.33:80RequestGET /_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmp HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 404 Not Found
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:16 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.250.102.84
-
GEThttps://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=truemsedge.exeRemote address:142.250.102.84:443RequestGET /ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=true HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requests4.histats.comIN AResponses4.histats.comIN A54.39.128.162s4.histats.comIN A149.56.240.130s4.histats.comIN A54.39.156.32s4.histats.comIN A149.56.240.128s4.histats.comIN A149.56.240.131s4.histats.comIN A149.56.240.31s4.histats.comIN A54.39.128.117s4.histats.comIN A149.56.240.132s4.histats.comIN A142.4.219.198s4.histats.comIN A158.69.254.144s4.histats.comIN A149.56.240.129s4.histats.comIN A149.56.240.27s4.histats.comIN A149.56.240.127
-
GEThttps://s4.histats.com/stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@wmsedge.exeRemote address:54.39.128.162:443RequestGET /stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@w HTTP/1.1
Host: s4.histats.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Content-Length: 103
Connection: close
-
Remote address:8.8.8.8:53Request35.221.240.157.in-addr.arpaIN PTRResponse35.221.240.157.in-addr.arpaIN PTRedge-star-mini-shv-01-lhr8facebookcom
-
Remote address:8.8.8.8:53Request4.178.250.142.in-addr.arpaIN PTRResponse4.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f41e100net
-
Remote address:8.8.8.8:53Request118.132.66.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request84.102.250.142.in-addr.arpaIN PTRResponse84.102.250.142.in-addr.arpaIN PTRrb-in-f841e100net
-
Remote address:8.8.8.8:53Request162.128.39.54.in-addr.arpaIN PTRResponse162.128.39.54.in-addr.arpaIN PTRns562109ip-54-39-128net
-
Remote address:172.66.132.118:443RequestGET /counters/cc_604.js HTTP/2.0
host: s10.histats.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/javascript
content-length: 4509
content-encoding: gzip
etag: "1135266286"
last-modified: Thu, 16 Apr 2020 10:45:32 GMT
vary: Accept-Encoding
cache-control: max-age=28800
cf-cache-status: HIT
age: 59720
accept-ranges: bytes
server: cloudflare
cf-ray: 8c070a8dde40654d-LHR
-
Remote address:8.8.8.8:53Requestlh3.ggpht.comIN AResponselh3.ggpht.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A142.250.200.33
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
GEThttp://lh3.ggpht.com/_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpgmsedge.exeRemote address:142.250.200.33:80RequestGET /_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpg HTTP/1.1
Host: lh3.ggpht.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 404 Not Found
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 09 Sep 2024 12:04:38 GMT
Server: fife
Content-Length: 915
X-XSS-Protection: 0
-
Remote address:8.8.8.8:53Requestayanojou.blogspot.comIN AResponseayanojou.blogspot.comIN CNAMEblogspot.l.googleusercontent.comblogspot.l.googleusercontent.comIN A216.58.213.1
-
Remote address:216.58.213.1:80RequestGET /favicon.ico HTTP/1.1
Host: ayanojou.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Expires: Mon, 09 Sep 2024 12:04:39 GMT
Date: Mon, 09 Sep 2024 12:04:39 GMT
Cache-Control: private, max-age=86400
Last-Modified: Thu, 05 Sep 2024 11:29:35 GMT
ETag: W/"3108a7d0825c544079b5441dbcab39f50d75618031bf8021fc4c450d780b18dc"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
-
Remote address:8.8.8.8:53Request1.213.58.216.in-addr.arpaIN PTRResponse1.213.58.216.in-addr.arpaIN PTRber01s14-in-f11e100net1.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f1�F
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request92.12.20.2.in-addr.arpaIN PTRResponse92.12.20.2.in-addr.arpaIN PTRa2-20-12-92deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
142.250.200.42:80http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.jshttpmsedge.exe1.0kB 22.9kB 15 22
HTTP Request
GET http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.jsHTTP Response
200 -
1.2kB 32.2kB 18 28
HTTP Request
GET http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.jsHTTP Response
200 -
142.250.200.41:443https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733tls, http2msedge.exe4.5kB 70.5kB 63 70
HTTP Request
GET https://www.blogger.com/static/v1/widgets/254310735-widget_css_bundle.cssHTTP Request
GET https://www.blogger.com/static/v1/widgets/2230271354-widgets.jsHTTP Request
GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7429458911528392134&zx=352d3b35-c030-4ca5-b803-4bef1e444733 -
142.250.200.14:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scstls, http2msedge.exe4.4kB 109.5kB 64 92
HTTP Request
GET https://apis.google.com/js/plusone.jsHTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scsHTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_1?le=scs -
694 B 1.0kB 7 6
HTTP Request
GET http://www.blogger.com/img/icon18_edit_allbkg.gifHTTP Response
200 -
656 B 854 B 7 6
HTTP Request
GET http://www.google.co.id/cse/brand?form=cse-search-box&lang=enHTTP Response
301 -
142.250.200.33:80http://4.bp.blogspot.com/-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.pnghttpmsedge.exe743 B 948 B 7 6
HTTP Request
GET http://4.bp.blogspot.com/-Gbb8kYvEiuk/TVV-ayQN_fI/AAAAAAAAMqw/iU7Gwo0oyEk/s1600/contentwrap-bg.pngHTTP Response
200 -
142.250.200.33:80http://4.bp.blogspot.com/-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.pnghttpmsedge.exe778 B 1.9kB 8 7
HTTP Request
GET http://4.bp.blogspot.com/-JGfQh1LdPPI/TVV-m3XhJiI/AAAAAAAAMrg/F3QbjYShfRM/s1600/rss.pngHTTP Response
200 -
142.250.200.33:80http://4.bp.blogspot.com/_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.pnghttpmsedge.exe732 B 1.4kB 7 6
HTTP Request
GET http://4.bp.blogspot.com/_8aZXeWtZzQY/TUxa8rOHgJI/AAAAAAAABoo/KPlS9FsnWUc/s000/date.pngHTTP Response
200 -
142.250.200.33:80http://3.bp.blogspot.com/-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.pnghttpmsedge.exe735 B 979 B 7 6
HTTP Request
GET http://3.bp.blogspot.com/-UdXruBDNMtQ/TVV-bkrtUWI/AAAAAAAAMrA/CSywoMq8-pk/s1600/nav-bg.pngHTTP Response
200 -
142.250.200.41:443https://resources.blogblog.com/img/icon18_wrench_allbkg.pngtls, http2msedge.exe2.4kB 7.1kB 16 19
HTTP Request
GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png -
104.21.235.213:80http://icons.iconarchive.com/icons/deleket/folder/24/Mozilla-Thunderbird-icon.pnghttpmsedge.exe1.1kB 1.1kB 6 5
HTTP Request
GET http://icons.iconarchive.com/icons/deleket/folder/24/Mozilla-Thunderbird-icon.pngHTTP Response
404 -
288 B 156 B 6 3
-
288 B 156 B 6 3
-
288 B 156 B 6 3
-
142.250.200.33:80http://3.bp.blogspot.com/_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.pnghttpmsedge.exe1.6kB 2.5kB 9 8
HTTP Request
GET http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mt1hh_I/AAAAAAAAMrY/exBKat_juV8/s1600/post-line.pngHTTP Response
200HTTP Request
GET http://3.bp.blogspot.com/_8aZXeWtZzQY/TUxa89eMz0I/AAAAAAAABos/QxyE7Xc_430/s000/user.pngHTTP Response
200 -
260 B 5
-
142.250.200.33:80http://4.bp.blogspot.com/_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.pnghttpmsedge.exe739 B 941 B 7 5
HTTP Request
GET http://4.bp.blogspot.com/_4HKUHirY_2U/TVV-y1IljsI/AAAAAAAAMsI/SH5PnhV7Gdw/s1600/wrapper-bg.pngHTTP Response
200 -
142.250.200.33:80http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.pnghttpmsedge.exe846 B 2.4kB 9 7
HTTP Request
GET http://3.bp.blogspot.com/_4HKUHirY_2U/TVV-mTW-pNI/AAAAAAAAMrQ/5qEgmpCeTGE/s1600/nav-seperator.pngHTTP Response
200 -
157.240.221.35:80http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21httpmsedge.exe1.6kB 1.0kB 8 6
HTTP Request
GET http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959[/COLOR]&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=80HTTP Response
301HTTP Request
GET http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pages/Agen-Prediksi-Bola/702558806520959&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21HTTP Response
301 -
2.2kB 11.6kB 23 23
HTTP Request
GET https://www.google.com/cse/static/images/1x/en/branding.png -
142.250.200.33:80http://2.bp.blogspot.com/_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.pnghttpmsedge.exe792 B 2.0kB 8 7
HTTP Request
GET http://2.bp.blogspot.com/_4HKUHirY_2U/TVV-yjU0qjI/AAAAAAAAMr4/ktSRdkhv4so/s1600/sidebar-tab.pngHTTP Response
200 -
870 B 7.3kB 10 10
HTTP Request
GET http://s10.histats.com/js15.jsHTTP Response
200 -
142.250.200.33:80http://1.bp.blogspot.com/_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.pnghttpmsedge.exe742 B 3.0kB 7 7
HTTP Request
GET http://1.bp.blogspot.com/_4HKUHirY_2U/TVV-y7BiRSI/AAAAAAAAMsA/ZP05TIq1cks/s1600/twitter.pngHTTP Response
200 -
142.250.200.33:80http://1.bp.blogspot.com/_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmphttpmsedge.exe741 B 2.6kB 7 7
HTTP Request
GET http://1.bp.blogspot.com/_BwuB6VysU4Y/SW8cPGaDMPI/AAAAAAAAANY/Utqulr1uWLY/s320/Mail+to.bmpHTTP Response
404 -
2.9kB 9.0kB 20 24
-
142.250.102.84:443https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=truetls, http2msedge.exe2.7kB 7.7kB 18 19
HTTP Request
GET https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7429458911528392134%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM2NjY2NjYiByM1NTg4YWEqByNmZmZmZmYyByNjYzY2MDA6ByM2NjY2NjZCByM1NTg4YWFKByM5OTk5OTlSByM1NTg4YWFaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://ayanojou.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en._ShUtMH1OvQ.O/am%253DAABA/d%253D1/rs%253DAHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/m%253D__features__%26bpli%3D1&go=true -
1.0kB 5.7kB 10 10
-
54.39.128.162:443https://s4.histats.com/stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@wtls, httpmsedge.exe3.7kB 3.9kB 11 9
HTTP Request
GET https://s4.histats.com/stats/1489404.php?1489404&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m2007%20~%20Ayanojou&@n0&@o1000&@q0&@r0&@s604&@ten-US&@u1280&@b1:-108607518&@b3:1725883456&@b4:js15.js&@b5:0&@a-_0.2.1&@vfile%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2Fd645be115c3f4d55390c25e1a882a915_JaffaCakes118.html&@wHTTP Response
200 -
260 B 5
-
1.7kB 8.3kB 15 16
HTTP Request
GET https://s10.histats.com/counters/cc_604.jsHTTP Response
200 -
988 B 1.0kB 8 6
-
142.250.200.33:80http://lh3.ggpht.com/_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpghttpmsedge.exe684 B 1.4kB 6 5
HTTP Request
GET http://lh3.ggpht.com/_beEpWOXwLJE/TIb57Lu4fwI/AAAAAAAABE0/q7niFVRbyNE/top-toolbar.jpgHTTP Response
404 -
639 B 1.1kB 6 6
HTTP Request
GET http://ayanojou.blogspot.com/favicon.icoHTTP Response
200
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
142.250.200.14
-
61 B 108 B 1 1
DNS Request
www.blogger.com
DNS Response
142.250.200.41
-
65 B 81 B 1 1
DNS Request
ajax.googleapis.com
DNS Response
142.250.200.42
-
62 B 78 B 1 1
DNS Request
www.google.co.id
DNS Response
172.217.169.35
-
7.9kB 13.0kB 25 29
-
126 B 124 B 2 1
DNS Request
1.bp.blogspot.com
DNS Request
1.bp.blogspot.com
DNS Response
142.250.200.33
-
63 B 124 B 1 1
DNS Request
4.bp.blogspot.com
DNS Response
142.250.200.33
-
68 B 115 B 1 1
DNS Request
resources.blogblog.com
DNS Response
142.250.200.41
-
7.4kB 157.8kB 63 127
-
66 B 139 B 1 1
DNS Request
agenprediksibola.net
-
67 B 99 B 1 1
DNS Request
icons.iconarchive.com
DNS Response
104.21.235.213104.21.235.214
-
63 B 124 B 1 1
DNS Request
3.bp.blogspot.com
DNS Response
142.250.200.33
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
68.32.126.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
16.43.107.13.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
42.200.250.142.in-addr.arpa
-
73 B 111 B 1 1
DNS Request
41.200.250.142.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
157.240.221.35
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.178.4
-
63 B 124 B 1 1
DNS Request
2.bp.blogspot.com
DNS Response
142.250.200.33
-
61 B 141 B 1 1
DNS Request
s10.histats.com
DNS Response
172.66.132.118172.66.132.114
-
73 B 111 B 1 1
DNS Request
35.169.217.172.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 111 B 1 1
DNS Request
33.200.250.142.in-addr.arpa
-
73 B 135 B 1 1
DNS Request
213.235.21.104.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
227.179.250.142.in-addr.arpa
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.250.102.84
-
60 B 268 B 1 1
DNS Request
s4.histats.com
DNS Response
54.39.128.162149.56.240.13054.39.156.32149.56.240.128149.56.240.131149.56.240.3154.39.128.117149.56.240.132142.4.219.198158.69.254.144149.56.240.129149.56.240.27149.56.240.127
-
73 B 126 B 1 1
DNS Request
35.221.240.157.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
4.178.250.142.in-addr.arpa
-
73 B 135 B 1 1
DNS Request
118.132.66.172.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
84.102.250.142.in-addr.arpa
-
72 B 111 B 1 1
DNS Request
162.128.39.54.in-addr.arpa
-
445 B 7
-
59 B 120 B 1 1
DNS Request
lh3.ggpht.com
DNS Response
142.250.200.33
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
67 B 126 B 1 1
DNS Request
ayanojou.blogspot.com
DNS Response
216.58.213.1
-
71 B 138 B 1 1
DNS Request
1.213.58.216.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
213 B 157 B 3 1
DNS Request
198.187.3.20.in-addr.arpa
DNS Request
198.187.3.20.in-addr.arpa
DNS Request
198.187.3.20.in-addr.arpa
-
69 B 131 B 1 1
DNS Request
92.12.20.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
23KB
MD533a83c16527e4531fbfca2631f653674
SHA187a63514c262ba4bffc52d2ceebb3ca14353507a
SHA2561156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3
-
Filesize
45KB
MD5aa6a698d1c7fc6d35265b10af5570e9c
SHA100da372ad4964a5d5b8afff7fe1b207ff284f232
SHA25602f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a
SHA512f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD518c4a6e2d586af484a0c0bbd5fdabd2a
SHA1b55c956c1d31e943f71df4fc355fde69782066a0
SHA256f6a293ff3f2234a9277c8f68dccdb1aae95de2d3124d7ad5acd59e65cbe0899c
SHA512bf96cfc9332a72783294163f6b00e1dfb014eb5daf344f967c005b2ca1fef0b82207808676545ed7cde75d77c9878c4c6ce81c99ed537dd61dbaca71cb45607c
-
Filesize
1KB
MD51c36bbe069099d72bbad12a21fbbd3d9
SHA1b6c27533fd16e9f414bc75b1d9c480fe82f1879b
SHA2564327db11266c2a3e3ca97fc173554e601d7ac635543f765b8a853657cebbb794
SHA5122b6c73faa584f7d77c7fcbe1096b6b741c584fb76d3d23782def935cbd540b91abdfbbd8d20fc6cc1e6f49c134ceba5e16ad0f75837b7b58d1e82f4ac8e23e27
-
Filesize
5KB
MD5cefe94a9b285d7293915859b053588d0
SHA13f0ea4b505954989323e46c295623c190a7c2a02
SHA2567a65151af141a7beafa933e6f5be1312bf00f8c26d994fa3f2e6455a9d618833
SHA5129031b2e07254fb25643f8e64f8aeb7d8a909af583ed5285c3e8388b4b11ac92dc9409fe374e1a04e585001efede13c4dcee24de78e0b6eb4837ff212151dfc54
-
Filesize
7KB
MD542e09e3b691d6d0404ec1d3daab05631
SHA1bd8f120c86f828d924fbd8029f6c21b379fcf095
SHA2560045e5a9d6e05ab95d26df4fbcb314f939cd718d9b05b84d5d5855230fb9df72
SHA512c48517bdc05074592efc581651c8ff80848888bfa4c74533e357d155886ed360402a959f17747736b2e4c5ccdb1dbda3ad01b41ef027ad92c4a0f5cbb3c52522
-
Filesize
7KB
MD56490958a8f73ab566048d1c7bc6291fd
SHA183c251dcb382feb47b1349013a3450848f8e407f
SHA2562d55af8f5bb52d7a39d03a7e4cd21db8826660be8d392b86ff41adb2d4538d09
SHA51237603670b8ae27a509988a9f9bccad43ace1df8355bf6633ec23c11b394dd4c45f1ba764f609aa93596a1f543a5cfe599ab6022c4b8f5910057aeba3233ed9ec
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c296db35e57a0715a2d91e150a4add1e
SHA1069ddab1771bdf04f363581a9cfadc9341e379d9
SHA25641e1db4468c50ce927bc9652810242e560ed47a77429341c5b88ccbd2ba671e3
SHA5122fd13e44a052e3bd729956ed651e23193cb0f2520b6a7733a455147081af4e24560cd678d76ced040f5d3afbd5dbe0b161c7ca871cf7614d2e2ff6cff2b25009