URL User Request GET HTTP/2IP 142.250.74.65:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeHTML document, ASCII text Hashe5f4b27a220e792722ba754c78f98587 c085a5b375461b20d6e3a877539748ee508c8d17 72516afa851376c6877f3086a30fd21eb9052cbc3d6ae10a27599740b9d9cf7b
GET / HTTP/1.1
Host: ay47b.blogspot.hk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://ay47b.blogspot.com/
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Sat, 04 May 2024 13:10:58 GMT
expires: Sat, 04 May 2024 13:10:58 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 197
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
URL User Request GET HTTP/2IP142.250.74.65:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeHTML document, ASCII text, with very long lines (7139) Hash9d0533621b0bf7945afe29ea7fbf489a f8e854fec9fdcc2a0cae2e0a69e229d1677c0138 68bdbacd37f312ca89ca04bae872023c453bcd893c60f9000b6f7c2c37c85402
GET / HTTP/1.1
Host: ay47b.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 04 May 2024 13:10:59 GMT
date: Sat, 04 May 2024 13:10:59 GMT
cache-control: private, max-age=0
last-modified: Fri, 08 Mar 2024 15:01:40 GMT
etag: W/"20376d144a5f2b49e3e6545298f9a36ddd63aed739aa1d9d751b9e2df8a1e867"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 14978
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
IP162.255.119.48:0
File typeHTML document, ASCII text Hash22f4767689b6d2de8a97aea195657be7 bef69b48e7a67ea1a97bb1fe8ea4cefa5ca11b83 20e43ae968d7b458469bb6ee5e8c08056055ef0bcdc5ae6ac2ea7bf04b4957d2
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Generic/Spear Phishing | | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: candymtch.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 04 May 2024 13:11:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 74
Connection: keep-alive
Location: https://sites.google.com/view/cukdkfjaqz4matrenmvze
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
|
| www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js |  0.0.0.0 | | 0 B |
URL GET www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js IP0.0.0.0:0
Requested byhttps://ay47b.blogspot.com/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /external_hosted/clipboardjs/clipboard.min.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ay47b.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
| resources.blogblog.com/blogblog/data/res/2809677405-indie_compiled.js | 0.0.0.0 | | 0 B |
URL GET resources.blogblog.com/blogblog/data/res/2809677405-indie_compiled.js IP0.0.0.0:0
Requested byhttps://ay47b.blogspot.com/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /blogblog/data/res/2809677405-indie_compiled.js HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ay47b.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
| ay47b.blogspot.com/js/cookienotice.js | 0.0.0.0 | | 0 B |
URL GET ay47b.blogspot.com/js/cookienotice.js IP0.0.0.0:0
Requested byhttps://ay47b.blogspot.com/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/cookienotice.js HTTP/1.1
Host: ay47b.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ay47b.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|