Report - mampirodisek.blogspot.com

Report Overview

Visited public
2023-11-24 04:44:38
Tags
URL
mampirodisek.blogspot.com
Finishing URL
mampirodisek.blogspot.com/
IP / ASN
142.250.74.1
#15169 GOOGLE
Title
mampirodisek

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.blogger.com	8975	1999-06-22	2012-05-22 09:35:03	2023-11-23 07:59:54	440 B	60 kB	216.58.207.233
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-23 07:52:36	456 B	5.0 kB	142.250.74.106
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-23 07:48:28	442 B	34 kB	142.250.74.138
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09 21:05:29	2023-11-23 05:10:55	676 B	2.4 kB	172.64.149.23
sterra.web.id	unknown	2022-02-27	2022-02-27 14:38:41	2023-09-29 09:01:54	449 B	8.8 kB	194.233.94.15
simplewebanalysis.com	unknown	2022-02-15	2022-02-25 05:06:25	2023-08-29 15:49:41	908 B	0 B	0.0.0.0
rawcdn.githack.com	72170	2013-10-12	2016-07-04 13:09:52	2023-11-23 10:51:38	488 B	4.8 kB	104.21.234.230
mampirodisek.blogspot.com	unknown	2000-07-31	2023-04-04 11:54:12	2023-04-08 12:42:16	1.4 kB	14 kB	142.250.74.1
edua29146y.com	unknown	2018-06-08	2018-06-19 09:08:24	2023-10-22 09:31:54	890 B	1.0 kB	192.243.59.13
www.descendedcelebrity.com	unknown	2023-05-12	2023-05-16 21:49:19	2023-08-03 09:46:00	1.3 kB	1.6 kB	192.243.59.13
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-23 05:09:19	474 B	6.6 kB	104.17.24.14
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-23 07:42:11	526 B	34 kB	216.58.207.227
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-11-23 07:16:24	461 B	26 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-24	medium	descendedcelebrity.com	Sinkholed
2023-11-24	medium	descendedcelebrity.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js	ScriptElement	94 kB	2023-03-07	2025-05-10
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-10 01:08 Times Seen7070 Hash ddb84c1587287b2df08966081ef063bf 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd Loading...

	rawcdn.githack.com/Jokiyo/safelink/f3e4732054387f65d1f514cf56308db057ba6361/New%20Text%20Document.js	ScriptElement	3.6 kB	2023-05-01	2024-08-20
Pretty URL rawcdn.githack.com/Jokiyo/safelink/f3e4732054387f65d1f514cf56308db057ba6361/New%20Text%20Document.js IP 104.21.234.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-01 06:10 Last Seen2024-08-20 18:05 Times Seen1 Hash 4d68c6a94083fa933a55917e1d0ec846 f4365cffe9bf270b166abe3ca2df7f24645534f5 863415562efcd2989b1e53ffc85ae8d4302165fb91890ea66574089257172d52 Loading...

	mampirodisek.blogspot.com/	ScriptElement	574 B	2023-03-13	2024-08-20
Pretty URL mampirodisek.blogspot.com/ IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 15:30 Last Seen2024-08-20 18:05 Times Seen1 Hash b96b2ef5fb2b49eea29851836e10f6db 271d3c8cc479d656ac6f23bfe5617224104fa872 423291a9f2cb41ead4bc9723099de4dafb8c9633f27115164dc55361a68a18c5 Loading...

	mampirodisek.blogspot.com/	ScriptElement	904 B	2023-05-01	2024-08-20
Pretty URL mampirodisek.blogspot.com/ IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-01 06:10 Last Seen2024-08-20 18:05 Times Seen1 Hash 874434a6cc71baa5708b9ef0e460e387 abdf441926f1122c6559a5cedcf3a81ef9426cda 18bda3e0fccbd032a3c17c498e0028eff5914be14d5c8a82081a6242061f7d1b Loading...

	www.blogger.com/static/v1/widgets/325989852-widgets.js	ScriptElement	165 kB	2023-11-23	2023-12-04
Pretty URL www.blogger.com/static/v1/widgets/325989852-widgets.js IP 216.58.207.233 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 06:43 Last Seen2023-12-04 01:06 Times Seen1747 Hash 2aaaea7286ee481cbc12cfd76e10c0cf 6e8576cb84ac125faa0bc0a5fe5508166cc4eed8 4bfa00cdbc7a40f5dad3dfc3a21dada224e61e358e78d7b262bab098bccbc580 Loading...

	mampirodisek.blogspot.com/js/cookienotice.js	ScriptElement	6.5 kB	2023-03-07	2025-05-10
Pretty URL mampirodisek.blogspot.com/js/cookienotice.js IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 10:33 Times Seen43847 Hash a705132a2174f88e196ec3610d68faa8 3bad57a48d973a678fec600d45933010f6edc659 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 Loading...

	mampirodisek.blogspot.com/	ScriptElement	139 B	2023-03-08	2024-08-20
Pretty URL mampirodisek.blogspot.com/ IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:29 Last Seen2024-08-20 18:05 Times Seen1 Hash 31594a3811843cf7b63d78d8ff0673be 9b5812c7d54abc265df6318916df6351ac34db83 24030ad64549fec49f59f8d4929d396e165b16e2f31078a44c9abd35ee3648d3 Loading...

	mampirodisek.blogspot.com/	ScriptElement	357 B	2023-05-01	2024-08-20
Pretty URL mampirodisek.blogspot.com/ IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-01 06:10 Last Seen2024-08-20 18:05 Times Seen1 Hash 7349fb180e7fd1eccd79ff13820c9007 caaeefd0f2800da514022b36283a6a16791b2fee 08dfb2b80d61fa9d6a55b8d916e3bd5bad6f405e0adbb228209b909002d51db4 Loading...

	mampirodisek.blogspot.com/	ScriptElement	789 B	2023-03-07	2024-08-21
Pretty URL mampirodisek.blogspot.com/ IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2024-08-21 09:44 Times Seen17283 Hash 0699fb3015610319b1639f47466451f0 5f4d8a4022f3a687921d7b3dce01cfc5bd62248f 2443e5c9c4ba5a75e030860f998bcf800907b0d4b3c4017999c2ed7ac84eeefa Loading...

	sterra.web.id/stera1/5a80e575d2cfb0e7340b71038a0236e6/invoke.js	ScriptElement	27 kB	2023-06-08	2023-11-24
Pretty URL sterra.web.id/stera1/5a80e575d2cfb0e7340b71038a0236e6/invoke.js IP 194.233.94.15 ASN #141995 Contabo Asia Private Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-08 08:53 Last Seen2023-11-24 05:44 Times Seen1 Hash 2f00f0505e17238efc8af63a4dccb266 58268033ea6bd2242ccf18517884bd67b9f7254d ee9b47f3fd1bea0b31b30921a443fe8fc4ccf2e49fd3107ad9c194c14a79365d Loading...

	mampirodisek.blogspot.com/	ScriptElement	4.6 kB	2024-08-20	2024-08-20
Pretty URL mampirodisek.blogspot.com/ IP 142.250.74.1 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:05 Last Seen2024-08-20 18:05 Times Seen1 Hash 3eb8118a1c19f7127b157095b70f7aa7 c667dff72a7ff69622beb04bed89fe08ca003bd9 11deb8c783382f28ffdf0d7f70188e06e9cbdf1a0e49126a8cabdaa2171dff77 Loading...

		Size	First Seen	Last Seen
	#1 Write - 22cba601d945d665029723ca1cc1e38f	118 B	2023-05-01 06:10	2024-08-20 18:05
Pretty Observations First Seen2023-05-01 06:10 Last Seen2024-08-20 18:05 Times Seen1 Hash 22cba601d945d665029723ca1cc1e38f f454a8566f089a7750cc10f02bc1dea42030e237 45cc3ae13471856476a93d6d3b8662392ffe24f652508f038426af11da0bf7cb Loading...

HTTP Transactions (19)

URL IP Response Size

mampirodisek.blogspot.com/

142.250.74.1

200 OK

9.4 kB

URL User Request GET HTTP/2
mampirodisek.blogspot.com/
IP
142.250.74.1:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3952)
Size
9.4 kB (9383 bytes)
Hash
5f2d0697350cb4c8da6c58a34967d03e
b49fa0bc9668408df28a6e229a4bd8ef845fcb0f
d9ef519995ef2076ac776d87ffdc634b65dc200368211bcf5bebc334850db7d3

HTTP Headers

GET / HTTP/1.1
Host: mampirodisek.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Fri, 24 Nov 2023 04:44:20 GMT
date: Fri, 24 Nov 2023 04:44:20 GMT
cache-control: private, max-age=0
last-modified: Sat, 07 Oct 2023 09:12:50 GMT
etag: W/"e32d1deb20a5813d7a685dc56f4ef3fa127f80a9c3062982cfa61371938a35b7"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9383
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mampirodisek.blogspot.com/js/cookienotice.js

142.250.74.1

200 OK

2.0 kB

URL GET HTTP/3
mampirodisek.blogspot.com/js/cookienotice.js
IP
142.250.74.1:443
ASN
#15169 GOOGLE

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: mampirodisek.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Fri, 24 Nov 2023 04:44:20 GMT
expires: Fri, 01 Dec 2023 04:44:20 GMT
cache-control: public, max-age=604800
last-modified: Fri, 24 Nov 2023 00:50:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

142.250.74.138

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
33 kB (33333 bytes)
Hash
ddb84c1587287b2df08966081ef063bf
9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

HTTP Headers

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33333
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:48:20 GMT
expires: Fri, 22 Nov 2024 04:48:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 86160
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/325989852-widgets.js

216.58.207.233

200 OK

59 kB

URL GET HTTP/2
www.blogger.com/static/v1/widgets/325989852-widgets.js
IP
216.58.207.233:443
ASN
#15169 GOOGLE

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint4A:89:9B:E5:F1:54:0E:2D:0A:8E:40:A8:27:DF:2E:6B:7F:74:51:90
ValidityMon, 23 Oct 2023 11:17:52 GMT - Mon, 15 Jan 2024 11:17:51 GMT

File type
ASCII text, with very long lines (2258)
Size
59 kB (59316 bytes)
Hash
2aaaea7286ee481cbc12cfd76e10c0cf
6e8576cb84ac125faa0bc0a5fe5508166cc4eed8
4bfa00cdbc7a40f5dad3dfc3a21dada224e61e358e78d7b262bab098bccbc580

HTTP Headers

GET /static/v1/widgets/325989852-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 01:57:56 GMT
expires: Fri, 22 Nov 2024 01:57:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 23 Nov 2023 00:54:48 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 96384
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 24 Nov 2023 04:44:20 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2343615
expires: Wed, 13 Nov 2024 04:44:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1dTFAfEabaeWlDEfhk0MzBcSn2R2J2ZWc1sLDzLSTIpTa16zOhxRrivX%2BgdnJmsNsFWjNfiXr2yN7uv3MtXoOzMpJm0xua7M8JrQn8DQqwLs0sM291TxL%2BuCvZKxUdxzP5Zrvz8H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82aeff04b83556c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/muli/v29/7Auwp_0qiz-afTLGLQ.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/muli/v29/7Auwp_0qiz-afTLGLQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 32796, version 1.0\012- data
Size
33 kB (32796 bytes)
Hash
b2a264e3e87b58b54b76483238805a40
169d6f17c82024fe0cfc2d19884a14dae2ec0bdb
f68d37d474952b1fbe30def1b69e63e79c46a70263433285783b69ac0107b929

HTTP Headers

GET /s/muli/v29/7Auwp_0qiz-afTLGLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mampirodisek.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 32796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 05:01:19 GMT
expires: Fri, 22 Nov 2024 05:01:19 GMT
cache-control: public, max-age=31536000
age: 85381
last-modified: Wed, 13 Sep 2023 22:41:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

edua29146y.com/9f/30/07/9f30070eb7edf4a0e5ff52774330ec13.js

192.243.59.13

403 Forbidden

0 B

URL GET HTTP/1.1
edua29146y.com/9f/30/07/9f30070eb7edf4a0e5ff52774330ec13.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerLet's Encrypt
Subjectedua29146y.com
FingerprintD9:E3:34:38:56:F5:25:47:86:2D:A5:AB:5D:DD:5A:C6:79:7D:17:38
ValiditySun, 22 Oct 2023 06:30:13 GMT - Sat, 20 Jan 2024 06:30:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9f/30/07/9f30070eb7edf4a0e5ff52774330ec13.js HTTP/1.1
Host: edua29146y.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Fri, 24 Nov 2023 04:44:21 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

zerossl.ocsp.sectigo.com/

172.64.149.23

727 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
d71c5158de9b1450e51d4d261744a8f2
2c4932b30249c54d2f6bca3a11ece87b174ac008
f883fd6523ea2fcdce35db727451438383f758c98fe78aa71dcd60694ce34795

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 24 Nov 2023 04:44:21 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 22 Nov 2023 20:12:03 GMT
Expires: Wed, 29 Nov 2023 20:12:02 GMT
Etag: "2c4932b30249c54d2f6bca3a11ece87b174ac008"
Cache-Control: max-age=487060,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82aeff099cae56a4-OSL

sterra.web.id/stera1/5a80e575d2cfb0e7340b71038a0236e6/invoke.js

194.233.94.15

200 OK

8.2 kB

URL GET HTTP/2
sterra.web.id/stera1/5a80e575d2cfb0e7340b71038a0236e6/invoke.js
IP
194.233.94.15:443
ASN
#141995 Contabo Asia Private Limited

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerZeroSSL
Subject*.sterra.web.id
Fingerprint2C:FA:A1:79:C4:54:A3:79:54:26:D4:66:84:77:35:15:52:6E:21:68
ValidityMon, 16 Oct 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (26961), with no line terminators
Size
8.2 kB (8202 bytes)
Hash
2f00f0505e17238efc8af63a4dccb266
58268033ea6bd2242ccf18517884bd67b9f7254d
ee9b47f3fd1bea0b31b30921a443fe8fc4ccf2e49fd3107ad9c194c14a79365d

HTTP Headers

GET /stera1/5a80e575d2cfb0e7340b71038a0236e6/invoke.js HTTP/1.1
Host: sterra.web.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 01 Dec 2023 04:44:21 GMT
etag: "6951-6462f434-2f62174;br"
last-modified: Tue, 16 May 2023 03:10:44 GMT
content-type: application/x-javascript
content-length: 8202
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Fri, 24 Nov 2023 04:44:21 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

edua29146y.com/9f/30/07/9f30070eb7edf4a0e5ff52774330ec13.js

192.243.59.13

403 Forbidden

0 B

URL GET HTTP/1.1
edua29146y.com/9f/30/07/9f30070eb7edf4a0e5ff52774330ec13.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerLet's Encrypt
Subjectedua29146y.com
FingerprintD9:E3:34:38:56:F5:25:47:86:2D:A5:AB:5D:DD:5A:C6:79:7D:17:38
ValiditySun, 22 Oct 2023 06:30:13 GMT - Sat, 20 Jan 2024 06:30:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9f/30/07/9f30070eb7edf4a0e5ff52774330ec13.js HTTP/1.1
Host: edua29146y.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Fri, 24 Nov 2023 04:44:21 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

mampirodisek.blogspot.com/favicon.ico

142.250.74.1

200 OK

412 B

URL GET HTTP/3
mampirodisek.blogspot.com/favicon.ico
IP
142.250.74.1:443
ASN
#15169 GOOGLE

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mampirodisek.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Fri, 24 Nov 2023 04:44:22 GMT
date: Fri, 24 Nov 2023 04:44:22 GMT
cache-control: private, max-age=86400
last-modified: Sat, 07 Oct 2023 09:12:50 GMT
etag: W/"e32d1deb20a5813d7a685dc56f4ef3fa127f80a9c3062982cfa61371938a35b7"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

zerossl.ocsp.sectigo.com/

104.18.38.233

727 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
d71c5158de9b1450e51d4d261744a8f2
2c4932b30249c54d2f6bca3a11ece87b174ac008
f883fd6523ea2fcdce35db727451438383f758c98fe78aa71dcd60694ce34795

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 24 Nov 2023 04:44:22 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 22 Nov 2023 20:12:03 GMT
Expires: Wed, 29 Nov 2023 20:12:02 GMT
Etag: "2c4932b30249c54d2f6bca3a11ece87b174ac008"
Cache-Control: max-age=487059,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82aeff0d5b8d56cc-OSL

maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

104.18.10.207

200 OK

25 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
25 kB (24899 bytes)
Hash
7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

HTTP Headers

GET /bootstrap/4.4.1/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 24 Nov 2023 04:44:20 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
cdn-cachedat: 08/03/2021 15:16:56
cdn-edgestorageid: 601
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-proxyver: 1.0
cdn-status: 200
cdn-requestid: 56c78c6fab4202e1d33cd4e5b8fa2829
cdn-cache: HIT
cf-cache-status: HIT
age: 1439845
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82aeff04ec9b712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.descendedcelebrity.com/watch.648233318637?key=5a80e575d2cfb0e7340b71038a0236e6&kw=%5B%5D&refer=https%3A%2F%2Fmampirodisek.blogspot.com%2F&tz=0&dev=e&res=12.2079&uuid=

192.243.59.13

200 OK

115 B

URL GET HTTP/1.1
www.descendedcelebrity.com/watch.648233318637?key=5a80e575d2cfb0e7340b71038a0236e6&kw=%5B%5D&refer=https%3A%2F%2Fmampirodisek.blogspot.com%2F&tz=0&dev=e&res=12.2079&uuid=
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerLet's Encrypt
Subjectdescendedcelebrity.com
Fingerprint7A:E1:B0:26:06:C8:C2:2A:99:06:7B:EF:AD:FA:53:77:E8:8F:65:8B
ValidityThu, 09 Nov 2023 06:30:40 GMT - Wed, 07 Feb 2024 06:30:39 GMT

File type
ASCII text, with no line terminators
Size
115 B (115 bytes)
Hash
16579cc322e9e105427ecfa57890ef69
8bb47ec30cf894ab49032d7271a45f0c778baa05
f28ce5befe08ed90a2e12b6b2a5e9fdafaa6ad173503079155260aa480c66590

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.648233318637?key=5a80e575d2cfb0e7340b71038a0236e6&kw=%5B%5D&refer=https%3A%2F%2Fmampirodisek.blogspot.com%2F&tz=0&dev=e&res=12.2079&uuid= HTTP/1.1
Host: www.descendedcelebrity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Cookie: u_pl=15002266
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 24 Nov 2023 04:44:22 GMT
Content-Type: text/html
Content-Length: 115
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3f0665bfa320930ab4c41692728f10bd
Strict-Transport-Security: max-age=0; includeSubdomains

simplewebanalysis.com/stats

0.0.0.0

0 B

URL GET
simplewebanalysis.com/stats
IP
0.0.0.0:0
ASN
#0

Requested by
https://mampirodisek.blogspot.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mampirodisek.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.descendedcelebrity.com/watch.648233318637.js?key=5a80e575d2cfb0e7340b71038a0236e6&kw=%5B%5D&refer=https%3A%2F%2Fmampirodisek.blogspot.com%2F&tz=0&dev=e&res=12.2079&uuid=

192.243.59.13

200 OK

115 B

URL GET HTTP/1.1
www.descendedcelebrity.com/watch.648233318637.js?key=5a80e575d2cfb0e7340b71038a0236e6&kw=%5B%5D&refer=https%3A%2F%2Fmampirodisek.blogspot.com%2F&tz=0&dev=e&res=12.2079&uuid=
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerLet's Encrypt
Subjectdescendedcelebrity.com
Fingerprint7A:E1:B0:26:06:C8:C2:2A:99:06:7B:EF:AD:FA:53:77:E8:8F:65:8B
ValidityThu, 09 Nov 2023 06:30:40 GMT - Wed, 07 Feb 2024 06:30:39 GMT

File type
ASCII text, with no line terminators
Size
115 B (115 bytes)
Hash
16579cc322e9e105427ecfa57890ef69
8bb47ec30cf894ab49032d7271a45f0c778baa05
f28ce5befe08ed90a2e12b6b2a5e9fdafaa6ad173503079155260aa480c66590

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.648233318637.js?key=5a80e575d2cfb0e7340b71038a0236e6&kw=%5B%5D&refer=https%3A%2F%2Fmampirodisek.blogspot.com%2F&tz=0&dev=e&res=12.2079&uuid= HTTP/1.1
Host: www.descendedcelebrity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mampirodisek.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 24 Nov 2023 04:44:22 GMT
Content-Type: text/html
Content-Length: 115
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=15002266; expires=Sat, 25 Nov 2023 04:44:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 44e2238457bd049b5cfe8d816566b624
Strict-Transport-Security: max-age=0; includeSubdomains

simplewebanalysis.com/stats

0.0.0.0

0 B

URL GET
simplewebanalysis.com/stats
IP
0.0.0.0:0
ASN
#0

Requested by
https://mampirodisek.blogspot.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mampirodisek.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.googleapis.com/css?family=Muli:400,400i,700,700i

142.250.74.106

200 OK

4.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Muli:400,400i,700,700i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (4424), with no line terminators
Size
4.3 kB (4328 bytes)
Hash
871ab07c927191da1ed1131c8862a477
e9642b790e0df6f551d50696837fe6b8420bf78f
99f187fe8f54eb7e319f6055c929e70814b2663d60d573659af39f5ceba5f70d

HTTP Headers

GET /css?family=Muli:400,400i,700,700i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 24 Nov 2023 04:44:20 GMT
date: Fri, 24 Nov 2023 04:44:20 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rawcdn.githack.com/Jokiyo/safelink/f3e4732054387f65d1f514cf56308db057ba6361/New%20Text%20Document.js

104.21.234.230

200 OK

3.6 kB

URL GET HTTP/2
rawcdn.githack.com/Jokiyo/safelink/f3e4732054387f65d1f514cf56308db057ba6361/New%20Text%20Document.js
IP
104.21.234.230:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mampirodisek.blogspot.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectgithack.com
FingerprintE0:4C:6A:3D:28:60:EF:AD:74:3C:0F:96:F0:1E:27:17:61:4F:F6:1E
ValiditySat, 04 Nov 2023 09:58:56 GMT - Fri, 02 Feb 2024 09:58:55 GMT

File type
ASCII text, with very long lines (3670), with no line terminators
Size
3.6 kB (3557 bytes)
Hash
5585425971a50fdfd197506047a98ef3
72651b9f911a5ffd394c84f20cfe4f3aa7905261
fb132f3cfa33fc14cb50895d7cdc776a78d2590e7fa2202ae7dc12668e5d6b27

HTTP Headers

GET /Jokiyo/safelink/f3e4732054387f65d1f514cf56308db057ba6361/New%20Text%20Document.js HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mampirodisek.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 24 Nov 2023 04:44:20 GMT
content-type: application/javascript; charset=utf-8
etag: W/"d4cb2f372cee288b2c98eb9ca7b3133782f74be3dd284c1cb614b72b32465847"
x-content-type-options: nosniff
x-github-request-id: AFF2:1178:1226851:1310E58:65507EB9
via: 1.1 varnish
x-served-by: cache-hel1410034-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1699774137.149611,VS0,VE198
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: d9d89849512f4dc77c155ec99874e42552a98e36
source-age: 0
expires: Mon, 11 Nov 2024 07:28:57 GMT
cache-control: max-age=31536000, public, immutable
x-robots-tag: none
access-control-allow-origin: *
x-githack-cache-status: MISS
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ftvZ%2FbI3vbXYC%2B3CuCS1uqm8xcPuidy4cGoVGLLxa1evhCtXq5YU5BCwVyG4I%2BizAAqx%2F6V%2BaTlCsFuVvVIdIo4%2Bdt0g1zVfTph2JNc76oHSO1VThXlW8Cu86ekWoHj5ju%2FQMsg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82aeff03db484c87-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by