URL User Request GET HTTP/2IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintE8:F4:4F:CE:D1:E0:7B:C8:CD:18:45:AA:90:5A:35:8B:D5:CF:66:6B ValidityMon, 18 Mar 2024 20:01:08 GMT - Mon, 10 Jun 2024 20:01:07 GMT
File typeHTML document, ASCII text Hash39cdb09fc07ec60d0f56f2c8873d6f0b ab0570a88e79fecb3fcacd1cac30c3dc6d2f92ef 7ac97f940a9dd424d89b486006ec781533a392a30eb702fa23ec3f3d881b00d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: kiu7d.blogspot.kr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://kiu7d.blogspot.com/
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Fri, 26 Apr 2024 06:27:52 GMT
expires: Fri, 26 Apr 2024 06:27:52 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 196
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
URL User Request GET HTTP/2IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintE8:F4:4F:CE:D1:E0:7B:C8:CD:18:45:AA:90:5A:35:8B:D5:CF:66:6B ValidityMon, 18 Mar 2024 20:01:08 GMT - Mon, 10 Jun 2024 20:01:07 GMT
File typeHTML document, ASCII text, with very long lines (7139) Hashe138c082adbc6cefde6ddad09bad7af0 918b9e8bb5041939707ced82d860df18d69a854a 2cd94d336e9eefd13359182f25ae057ee608c5b09669aaa7b7e3f3a9870434cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: kiu7d.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Fri, 26 Apr 2024 06:27:53 GMT
date: Fri, 26 Apr 2024 06:27:53 GMT
cache-control: private, max-age=0
last-modified: Wed, 13 Mar 2024 00:37:47 GMT
etag: W/"aaba744f3bada7d70a638b6ce237a78a9613d30aa9ace61270a2ed21b2cd3cbf"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 14982
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
IP162.255.119.48:0
File typeHTML document, ASCII text Hash14e108c0be0caeeb9f98f6e69e258461 9ccc30a81e383540ffad1d83b0f6861b5150488e 9b8f427e8b6382959ea2b3dfd75571b3ac4528d7984e639239f19e6d34973a43
Analyzer | Verdict | Alert | OpenPhish | phishing | Generic/Spear Phishing |
GET / HTTP/1.1
Host: candymtch.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 26 Apr 2024 06:27:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 75
Connection: keep-alive
Location: https://sites.google.com/view/gu7l6mkqc4wrdye3bejvap
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
|
| sites.google.com/view/gu7l6mkqc4wrdye3bejvap | 142.250.74.78 | | 8.0 kB |
URL sites.google.com/view/gu7l6mkqc4wrdye3bejvap IP142.250.74.78:0
File typegzip compressed data, max compression Hash57327285e5f2cf7237c7197052c592f1 66c62461220e021fdb89a1eaa16ecac6dbe4a543 a7088e300795b75961d2e63f3f8c72badbd17cb6bfe8ed27f01633d7a7865820
GET /view/gu7l6mkqc4wrdye3bejvap HTTP/1.1
Host: sites.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 06:27:57 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'nonce-FpHwWxUpP2QcGKEPw_1cBQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=513=P-hNg6o9UmQmKJj8CkvxtVnKM_PmzdUWLN0YIUtbvGo9ecjAwOAZEzV3PFd4FUANIdvisOTwv4-HbfJ48OkGKkODWhyHhghsPTq4LmwFk0GTWF3gfJA8xmYAoGK6QabN844EEy95Fu2jWkGRKJ9znOP9ZdyqFFhlYlcIs-6uJ7I; expires=Sat, 26-Oct-2024 06:27:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|