URL User Request GET HTTP/2IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintA4:03:49:6F:80:6E:27:69:C4:CF:7F:94:FC:BC:3C:1F:D5:28:AE:B5 ValidityMon, 04 Mar 2024 06:55:13 GMT - Mon, 27 May 2024 06:55:12 GMT
File typeHTML document, ASCII text Hash95390609dd8bc1007d57e082d605bcee fe2b6b3791f526ae122d3aee319ded39c8b6da2a 858af1e0f1577b10392e2a0d968b931361251f441cfe7274edcdf2bed26475b4
GET / HTTP/1.1
Host: bsw3q.blogspot.cz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://bsw3q.blogspot.com/
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Thu, 18 Apr 2024 12:05:23 GMT
expires: Thu, 18 Apr 2024 12:05:23 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 196
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
URL User Request GET HTTP/2IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintA4:03:49:6F:80:6E:27:69:C4:CF:7F:94:FC:BC:3C:1F:D5:28:AE:B5 ValidityMon, 04 Mar 2024 06:55:13 GMT - Mon, 27 May 2024 06:55:12 GMT
File typeHTML document, ASCII text, with very long lines (5244) Hashe6ed9df440e04a734efa2dac095882f1 8bd6291283570c3ac4170bd03917190ff83834da 6cf0653cbb1f47ad22e74a75d2676ce6bb5b8ec58280daaad4e39c60cb02c1d7
GET / HTTP/1.1
Host: bsw3q.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 18 Apr 2024 12:05:24 GMT
date: Thu, 18 Apr 2024 12:05:24 GMT
cache-control: private, max-age=0
last-modified: Wed, 13 Mar 2024 01:49:14 GMT
etag: W/"0dc134b9902551f805e62dcebae014b57c994a6f3390f848f98ae47f761ad361"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 14399
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
IP162.255.119.48:0
File typeHTML document, ASCII text Hashcbbedd5bf3dd3b92b5884d9994bdc2d3 6536bd804c044899c59397e0895eb6a665d749a9 e3504a9e1623017430a67478d180af39cc5a293d13e9b4bb134932fde6accc2b
Analyzer | Verdict | Alert | OpenPhish | phishing | Generic/Spear Phishing |
NIDS | Severity | Alert | suricata | low | ET INFO Namecheap URL Forward |
GET / HTTP/1.1
Host: candymtch.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 18 Apr 2024 12:05:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 73
Connection: keep-alive
Location: https://sites.google.com/view/rkhm4rdpyb5pshsked7f
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
|
| sites.google.com/view/rkhm4rdpyb5pshsked7f | 142.250.74.78 | | 9.0 kB |
URL sites.google.com/view/rkhm4rdpyb5pshsked7f IP142.250.74.78:0
File typegzip compressed data, max compression Hasha0634713e1e8be6654842e2586d916aa eca78f251ab43b625c15c46c9a22e0563fba5def ebc5755ea5389c0f2f1b3fb0925dadbf9d9a2ea50dc95114f1601d61cb45e762
GET /view/rkhm4rdpyb5pshsked7f HTTP/1.1
Host: sites.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 12:05:29 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-opener-policy: unsafe-none
content-security-policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'nonce-S4QCnWuSfwVRDLeVgq1Wow' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=513=oKIAKVPzdwf_rLDJSRUv8s8dhs02ks0RAGbP_2zWAaAdYEvSxfNFs8bsNrNzCNrBYMetSBcTKOZkCOTAb92NiH9MB975xMaCTYII1UFurfyb8aTEwZsez4UrKv7lIku5VtzUJ7wt_aw54g0qa_9kfH8Tvit27lf_hwi4KjG7vlY; expires=Fri, 18-Oct-2024 12:05:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|