Report - aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html

Report Overview

Submitted URL
aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html
IP
142.250.74.161
ASN
#15169 GOOGLE
Submitted
2022-11-18 02:43:31
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	54.148.17.90
d38psrni17bvxu.cloudfront.net	unknown	2022-09-22T18:48:38Z	2023-03-10T13:32:17Z	1.4 kB	21 kB	54.230.245.138
pagead2.googlesyndication.com	101	2021-02-20T16:52:05Z	2023-03-10T16:15:29Z	310 B	610 B	142.250.74.66
developers.google.com	12980	2012-06-04T14:32:46Z	2023-03-10T16:22:59Z	390 B	237 B	142.250.74.14
afs.googleusercontent.com	12123	2013-05-06T21:11:00Z	2023-03-10T11:12:37Z	885 B	2.3 kB	142.250.74.33
w.sharethis.com	19320	2012-05-21T01:12:44Z	2023-03-10T12:26:25Z	659 B	18 kB	54.230.111.56
go.padstm.com	445647	2015-08-20T18:26:12Z	2023-03-09T20:17:47Z	560 B	862 B	139.45.197.238
1.bp.blogspot.com	8403	2012-05-21T15:44:19Z	2023-03-10T12:57:15Z	1.1 kB	124 kB	142.250.74.161
ww62.clicksasia.com	unknown	2022-06-26T03:16:33Z	2023-03-09T01:32:32Z	2.1 kB	7.1 kB	76.223.26.96
partner.googleadservices.com	798	2012-10-03T03:04:21Z	2023-03-10T06:40:47Z	472 B	849 B	172.217.21.162
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.7 kB	4.4 kB	23.36.76.226
aans1.blogspot.com	unknown	2014-01-10T01:34:42Z	2023-03-09T16:19:49Z	1.2 kB	43 kB	142.250.74.161
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
www.blogger.com	8975	2012-05-22T09:35:03Z	2023-03-10T12:57:15Z	1.5 kB	73 kB	142.250.74.105
www.google.com	7	2015-05-10T13:11:19Z	2023-03-10T12:19:40Z	1.7 kB	115 kB	142.250.74.164
l.sharethis.com	4794	2012-05-21T23:59:04Z	2023-03-10T12:26:26Z	1.3 kB	378 B	52.28.72.230
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
apis.google.com	105	2013-05-06T22:20:21Z	2023-03-10T06:43:06Z	777 B	74 kB	142.250.74.174
4.bp.blogspot.com	11215	2012-05-21T15:44:19Z	2023-03-10T12:57:15Z	372 B	817 B	142.250.74.161
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T14:37:36Z	439 B	11 kB	216.58.207.195
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	2.7 kB	44 kB	34.120.237.76
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	315 B	832 B	142.250.74.10
www.clicksasia.com	unknown	2015-07-05T21:00:54Z	2023-03-09T01:32:31Z	303 B	159 B	185.38.110.121
ssl.gstatic.com	unknown	2012-05-23T08:57:57Z	2023-03-10T13:42:48Z	396 B	5.3 kB	142.250.74.99
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	5.8 kB	12 kB	142.250.74.35
go.padsdel.com	384861	2014-06-13T23:01:15Z	2023-03-09T20:17:48Z	562 B	320 B	139.45.197.239
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	1.0 kB	54.230.245.118
accounts.google.com	81	2016-03-20T13:44:49Z	2023-03-10T12:46:47Z	675 B	743 B	216.58.207.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-18	medium	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	Malware
2022-11-18	medium	go.padsdel.com/?id=292519	Malware
2022-11-18	medium	go.padsdel.com/?id=292517	Malware
2022-11-18	medium	www.clicksasia.com/openx/www/delivery/inline.js	Malware
2022-11-18	medium	ww62.clicksasia.com/	Malware
2022-11-18	medium	d38psrni17bvxu.cloudfront.net/scripts/maincaf.js	Malware
2022-11-18	medium	ww62.clicksasia.com/ls.php	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-18	medium	clicksasia.com	Sinkholed
2022-11-18	medium	clicksasia.com	Sinkholed
2022-11-18	medium	clicksasia.com	Sinkholed
2022-11-18	medium	clicksasia.com	Sinkholed
2022-11-18	medium	clicksasia.com	Sinkholed
2022-11-18	medium	clicksasia.com	Sinkholed

JavaScript (45)

	URL	Size	First Seen	Last Seen
	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	436 B	2023-03-07	2024-02-06
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-02-06 12:31:31 Times Seen23 Hash 6d25d51fde0ced0943e5ab053b61c34e a59685775efb305489a5172e875694b6ccd2df67 beff51821ac963fddea95009b1e40b356dae1d1da6954cd1bd3498e300253479 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	276 B	2023-03-07	2024-04-27
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:45 Last Seen2024-04-27 00:46:14 Times Seen1203 Hash 964a88133d1e4ed9a320c41af7da1091 c24f621fd6db3d4db5922c271f5ee01cb6485e50 274f2ba69eb1b2369d0bcc01969f290b644c7d22b84a99d4d13287f65bdc576a Loading...

	ww62.clicksasia.com/	968 B	2023-03-08	2024-04-26
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:24:08 Last Seen2024-04-26 23:55:48 Times Seen27739 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	ww62.clicksasia.com/	71 B	2023-03-08	2024-01-04
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:23:53 Last Seen2024-01-04 08:38:22 Times Seen25410 Hash 1a5a5e1b6a26f57b95e3dd42f60612f4 b62a27e55a59b49084e682bd3c1588f6a40881ab 4066da16910907c7962da8e7011bf0cd62b6f2dcddb1911e3ea2de03ce3e1dc7 Loading...

	www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=5461668739400679&num=0&output=afd_ads&domain_name=ww62.clicksasia.com&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1668739400681&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fww62.clicksasia.com%2F&referer=http%3A%2F%2Faans1.blogspot.com%2F&adbw=master-1%3A530	5.4 kB	2023-03-11	2023-03-11
Pretty URL www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=5461668739400679&num=0&output=afd_ads&domain_name=ww62.clicksasia.com&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1668739400681&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fww62.clicksasia.com%2F&referer=http%3A%2F%2Faans1.blogspot.com%2F&adbw=master-1%3A530 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash 4cb45769d7feeb68a304748cc2ee4f12 dca05abeeb630f820a2815f92f3cb13983850b1b 4758c6815d5e12356068b07d20d759e35d76e862a5e2345937d53e00e3007089 Loading...

	ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js	10 kB	2023-03-07	2023-03-17
Pretty URL ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-03-17 17:17:05 Times Seen1 Hash 69c93809ee794c3e963df5e9aa5fe99d 53e4fac1a579d5cb826100d4dbe9e890385649ec 0d173137e6d7fab67e8e696fea473731e28fed08d552de686256d0d9dfa21275 Loading...

	d38psrni17bvxu.cloudfront.net/scripts/maincaf.js	7.0 kB	2023-03-08	2023-03-17
Pretty URL d38psrni17bvxu.cloudfront.net/scripts/maincaf.js IP 54.230.245.138 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:52 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 3c7567521347bf95b105ffa7fdc7da86 08739adacbf1300c74d8ae1cf100d00d9fbd0e5f 0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	715 B	2023-03-07	2024-04-19
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-04-19 09:21:26 Times Seen137 Hash 9862e935cd631e7412405bda78d28326 4b551dfb62646e9619a03547622430dcc0bfda5d edb4d0c7d5c6ed9fca421d1da93e04fb636baeea38ee9cbd4217f4ed38da38b7 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	251 B	2023-03-07	2024-02-06
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-02-06 12:31:31 Times Seen23 Hash b2debfd009195196575a20a57bcae1ca f308edd29b0f529307b99481131b63376f5dcb54 54ce62602a4391daffb72e5c7af41117955647d8815fdde767be6e2c6354f5b0 Loading...

	go.padstm.com/?id=292517	8 B	2023-03-07	2024-04-26
Pretty URL go.padstm.com/?id=292517 IP 139.45.197.238 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-26 23:33:49 Times Seen2670 Hash 3bbbac058fc4ed9e8078f0318d31d9fa fb3f78865eac1bdd3406f00b9cae5c6cdf6211b8 3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs	149 kB	2023-03-08	2023-03-11
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:17 Last Seen2023-03-11 23:51:27 Times Seen1 Hash 3890ab0a78427be244a5919961d77449 8a3c4fca53c2c41d818ae09c075dceddf0127280 571d15e85825e4183d95663c917a6a7911346b2915ce796cff3ffba121474a58 Loading...

	www.clicksasia.com/openx/www/delivery/inline.js	47 B	2023-03-07	2023-04-07
Pretty URL www.clicksasia.com/openx/www/delivery/inline.js IP 185.38.110.121 ASN #60592 Gransy s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2023-04-07 11:05:28 Times Seen6 Hash 511b5d4a2aef166d9dc32d1c02c07ac9 0f1a044a15467fcd79f0eed930ef3089093724e4 8bc7dba4bd487ef7bf47ad5e54a2eb55618d75518d5f98c8eb83a9901ac05f38 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	52 B	2023-03-07	2024-04-27
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-27 00:51:42 Times Seen6582 Hash 6d48f89cb998f3bd2608a2249a390a16 9fac7a2a545c24358ed42ac6619918191ff01b95 012266fd23d78b3e873c75c6fa647fd6d9d5f494f3697fd3e252f7b82dc26080 Loading...

	ww62.clicksasia.com/	961 B	2023-03-11	2023-03-11
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash 90aa854d59cf5d64f9804172680cce7f dae698a4efd6ce88e4e7052f4ae37a41377b9950 b6dc7e5ec9b3f1f7fedf1a31d5b1ba11250b6ffd1d0a7bd31276b21dc6887dce Loading...

	ww62.clicksasia.com/	386 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:44:55 Last Seen2023-03-17 23:32:26 Times Seen1 Hash e0f461f5e786de00532cae23265f8fa7 00aeec0405f209f8e537dfce729fb7970d332c70 6cf19b1406d2f42b163e5a58b451e5e5f1c31f46e9bd30edd8a1b7ee643f987b Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 01:18:54 Times Seen37107321 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js	17 kB	2023-03-08	2023-03-26
Pretty URL www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js IP 142.250.74.105 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:26:24 Last Seen2023-03-26 03:01:41 Times Seen2 Hash f18def4ccec463cf908f91e7cba7f2c1 02d95f67edd84a44c82255ca7abcdbf7f4d0cee5 12b91cbf31131a10b1fc2aa05047c027caeac0d6e0ca5deadf418fff63d68082 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	20 B	2023-03-07	2024-04-26
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:20 Last Seen2024-04-26 16:19:05 Times Seen693 Hash b71836604ea3666ab39c3dbec00c7861 428747a3985b0d7ddae2140b06754b8a3de0bbbd fddb42c42ce14fb2b8f89bc7cfb426ecdceff3ab2a03b5ca023aef0688f254d7 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	68 B	2023-03-07	2024-04-13
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-04-13 15:20:39 Times Seen42 Hash d56a776572c5b72e6dfcd7cc79036317 da00ffcaf1fc2804591dfc84d31ecbf9ced4ea3b ec3a73ece43a30578339002f488ea899ce48a021a41f5dbea9fa8c85d1c314eb Loading...

	aans1.blogspot.com/feeds/posts/default/-/Kesihatan?alt=json-in-script&callback=related_results_labels&max-results=17	98 kB	2023-03-11	2023-03-11
Pretty URL aans1.blogspot.com/feeds/posts/default/-/Kesihatan?alt=json-in-script&callback=related_results_labels&max-results=17 IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash cd7846a5723d0ca7f38a77d30fb851df 7daf023bd82bbc1772286678f83c4ba78d2bbea5 f34bf271d0d964441416b3e35718ea34c08b80e22f89b6f2e0973d187a709476 Loading...

	www.google.com/adsense/domains/caf.js	147 kB	2023-03-11	2023-03-11
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:53:36 Last Seen2023-03-11 23:40:59 Times Seen1 Hash 971b6d9701862498989d53275cb4fbc9 1ec92ed7ae0db3fb853e2b53f54c20a07185d93b 9d8fae4879ceb5fa52d6d7711a8edde2f413c9f06ec4bbf68e48c3a119ce0d5c Loading...

	ww62.clicksasia.com/	1.2 kB	2023-03-11	2023-03-11
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash 182bc168c739be8e628008cc83378691 9f6379e466fa9304e2d217d46224320c66ca7ac1 886b9f60a26afd4571081db487f5eec739fc90c1bb85829b468d2c21aeb41759 Loading...

	ww62.clicksasia.com/	2.5 kB	2023-03-11	2023-03-11
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash b5ec0142a8def902170376c385ae1408 f13ed7ec3dca23a8ad078541339a7bb2921d46df 5452fb727a27780c9f0a30833c71480ac052c91c18a295ca7a60b2c3e1577db6 Loading...

	apis.google.com/js/plusone.js	55 kB	2023-03-08	2023-03-11
Pretty URL apis.google.com/js/plusone.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:17 Last Seen2023-03-11 23:53:02 Times Seen1 Hash a4bece00b52ca0d44160fe7a02cabddb b2ab847e582b5609e479a6d4c19577a2f664dfbd 4cc6846b69ba46bb297b9fdc8a711094d88a1a6b33f1a13297cbe154713d7c72 Loading...

	w.sharethis.com/button/buttons.js	61 kB	2023-03-08	2023-03-13
Pretty URL w.sharethis.com/button/buttons.js IP 54.230.111.56 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:34 Last Seen2023-03-13 14:19:22 Times Seen1 Hash 02a88cd6c94e2fbe81714b293f362b4a f3fb10d6b1121d29e40e9527dfe16c880f247ecc 049ba97efd5e51f8dcaaf2383aae4b00bfbab1eb715124666ac72e3a9408d234 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	429 B	2023-03-07	2024-02-06
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-02-06 12:31:31 Times Seen23 Hash e7ef9c34b05bf9800c491548406e3ac8 1206403ba73ace6f907fdbde2b888a3693a8e270 28a27fc2f17d18cbd245739e31d150b21663b7fde959a65b7191a91f7440085e Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	188 B	2023-03-07	2024-02-06
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-02-06 12:31:31 Times Seen23 Hash 42cad9a9b83095a01bfc05c53f708616 8e34f6615b728097f0df2a25a6283438a99dc819 9d2de16b74d562c174f2c407cbe9154a834688a7c02480fda0ecccb8f1ecea00 Loading...

	www.google.com/adsense/domains/caf.js	147 kB	2023-03-11	2023-03-17
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:32:13 Last Seen2023-03-17 22:46:33 Times Seen1 Hash 360875ee03667c27f98814fea9746638 12699d41ae2464e17a24054a2907442a89f949f4 9858c366dc5795d8e7561fb6c7961b2bd9fbe251464d9d1aa68a6528a701231c Loading...

	aans1.blogspot.com/js/cookienotice.js	6.5 kB	2023-03-07	2024-04-27
Pretty URL aans1.blogspot.com/js/cookienotice.js IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:24 Last Seen2024-04-27 00:51:48 Times Seen113888 Hash a705132a2174f88e196ec3610d68faa8 3bad57a48d973a678fec600d45933010f6edc659 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 Loading...

	apis.google.com/js/rpc:shindig_random.js?onload=init	18 kB	2023-03-09	2023-03-12
Pretty URL apis.google.com/js/rpc:shindig_random.js?onload=init IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:06:49 Last Seen2023-03-12 08:07:36 Times Seen1 Hash 1a3f5ff3246963dcb031b8240d026b7c 3213dabb746b5244ada86c0cd319d04748c90bee 52c2be759f6ad87888eab50463512864f47c4a9db42c567acd106e45410bed80 Loading...

	ww62.clicksasia.com/	166 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:44:55 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 989c3090bdce93db83506dbbea3d636a 518f92aa83893b6c59e328112707e0023ac1fd0c d94b5f67f2517418f079ed4de6e5f09d6f64863f89648684aff4daa4edeb0ac5 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	120 B	2023-03-07	2024-04-13
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:39:56 Last Seen2024-04-13 15:20:38 Times Seen49 Hash c7ba02f2a70f3df61c3f11580dcf6769 d67aeef71b9a4cbf9b26108619f6811217151329 f99d92de1ce9e7d8f02cb0ba5d99fbfbabb9dc9692376db0c57b9bd72282bca0 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs	102 kB	2023-03-08	2023-03-11
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:17 Last Seen2023-03-11 23:48:44 Times Seen1 Hash ef2165fdf4f52f8c7c8735c0b57407f7 7ebad26ec2359faabd6f1bc5e9fa4dcc118aec05 541c10b550bb3bef95c6816ccc83fbfdd9a5a34c1be39aa8ff5412c8444b978d Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs	55 kB	2023-03-08	2023-03-11
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:17 Last Seen2023-03-11 23:53:02 Times Seen1 Hash c61ae987c0905d150f80bc6f3e7cc135 826a5f9142e58947410baa5df9b0126f0226ab97 32995e284ad49c05984d6dc2f96674229e731c01d030a38ba96e42c39a8082ae Loading...

	ww62.clicksasia.com/	523 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-03-17 12:55:53 Times Seen1 Hash 6dab32fd232194a2f271892f2e40ddcd 76af792c7ee2fb00ce569360e9765cc2e504a8ae 9477d438ccb69cf6d0002b99e1db174f3d495798db0deb80ec64549216178c42 Loading...

	ww62.clicksasia.com/	242 B	2023-03-11	2023-03-11
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash a86bfe4e383518b5271b3de4a5f22cb5 61d3b19329099e3760ac79749821303010bfc8d9 0b1d9ad447e9ee99fee9b3bb265160e075db8e2f9641b310ca0b3a45d5fbbe8d Loading...

	ww62.clicksasia.com/	61 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:03 Last Seen2023-03-17 10:33:30 Times Seen1 Hash ea6d1c46e832de3baec94cfd28c39293 0cb27f16868b53b5f8bb19e575fa718dfc2ff00e b28484b53a6ba63823338c879340697efeecf0ca02c409abc350c999b50cbfd8 Loading...

	ww62.clicksasia.com/	387 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 3e73c65a22bdd2d72118af9b51b80b40 f0c600cc278c9111e0164d3d6e20966a4bc8823f 3d7df9ca4013d27166a7de884bad461d25a47400a19b542f62258b2989c9e552 Loading...

	partner.googleadservices.com/gampad/cookie.js?domain=ww62.clicksasia.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie	191 B	2023-03-11	2023-03-11
Pretty URL partner.googleadservices.com/gampad/cookie.js?domain=ww62.clicksasia.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie IP 172.217.21.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:44:46 Last Seen2023-03-11 13:44:46 Times Seen1 Hash a222b1485bbbecfaf220d7d0a07d5a52 1d5425c2d241eb6d655daebb2a0824191133b20f 74659e6c01125f45b19ed49abff1c503e20f12e10b718414050edf40150cd6a4 Loading...

	aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html	81 B	2023-03-07	2024-04-25
Pretty URL aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:57 Last Seen2024-04-25 10:22:36 Times Seen1439 Hash e515dfb22af7b6d92638ef7150cf53e4 25ae1d7df4cecf96e02cb355e345b9bed2c612e3 141977f47d19e8aa005cf0e1d2c014d6d02f3c9c7d5120cd7e9ab32a02af96fe Loading...

	ww62.clicksasia.com/	27 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:06:24 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 720b2952fc220bbb17d6476ce04ec7fc b1209ee10c137b68502c6539492b922c4e43b606 e0ee6463779db16c9fe5457d0b899ccf233a692aca40e7bdbf7bf09354e43ece Loading...

	ww62.clicksasia.com/	103 B	2023-03-07	2023-03-17
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-03-17 23:32:26 Times Seen1 Hash eff198359d7830815fe4e33472820d4c d0675c7fc2fa176b9b912473f6f94a56d5e02821 a1ed7e13b07622a1293006c15579645d48e9c0cc0704dfc837a19d4c88461dda Loading...

	ww62.clicksasia.com/	40 B	2023-03-08	2023-05-23
Pretty URL ww62.clicksasia.com/ IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:24:08 Last Seen2023-05-23 17:14:04 Times Seen4695 Hash bbf1d9896eb3544c767d965a657e142c 5df55c7669b87f414501ffc91de02e4756141a83 f73cb6aef53ef853b780335ddf7d4cb319edcf02c8c050f270639a91226a09bc Loading...

		Size	First Seen	Last Seen
	#1 Write - 49b57c7bc39c6c296bf50a12dc9e7240	28 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:39:55 Last Seen2024-04-25 04:33:00 Times Seen275 Hash 49b57c7bc39c6c296bf50a12dc9e7240 6301375e4070ba00915235385cc38a487ead1e11 02a30378b586dc03985957f9e19c893c277976dd109c5deb1c14ce4efa3a970f Loading...

	#2 Write - bcfb5a06a8d071f9641c6fdf5346b497	28 B	2023-03-07	2024-03-04
Pretty Observations First Seen2023-03-07 01:39:55 Last Seen2024-03-04 08:31:08 Times Seen215 Hash bcfb5a06a8d071f9641c6fdf5346b497 9260e9a455f1d39269b291151fd1f24b59a0d7db a23d6073a514912248e913edf4dcf92514d264772a6cd09dd1b36640474b7128 Loading...

HTTP Transactions (77)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d27590a1d3cbe1e9632b8ae92aaae3f4
202b34e8a0c3b88c8826fd56c6227b34f2cd6f46
6bcfa518476658128c1fb4ea2435c4e58531454cf97138dce7ece9def589aead

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BCFA518476658128C1FB4EA2435C4E58531454CF97138DCE7ECE9DEF589AEAD"
Last-Modified: Wed, 16 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4289
Expires: Fri, 18 Nov 2022 03:54:48 GMT
Date: Fri, 18 Nov 2022 02:43:19 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
be1be806b5dca7facbb45a6c3db44652
7ae9380a2f3eca959fe6ff6b3832a17cffd12cf4
1f3338058f8e9cae5c9fdd733c74564312726b01c6efdcd628d851d0c99876b0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2261
Cache-Control: max-age=116745
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:19 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 11:09:04 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10569
Expires: Fri, 18 Nov 2022 05:39:28 GMT
Date: Fri, 18 Nov 2022 02:43:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 01:44:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3502
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: vMhMY3AMW1eF33gqH2X9rbOFjD0v8ksAE523AKTXIkMnDZgQ80Z7LvRfG3WTI5Ba+rggB9m5IdQ=
x-amz-request-id: 5RMXRH0AJHKS9Q6P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 01:52:42 GMT
age: 3037
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html

142.250.74.161

200 OK

16 kB

URL HTTP/1.1
aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (4970)
Size
16 kB (16225 bytes)
Hash
4bdabc0633e0d723af3730fdb9ef1329
121c5381eb1fc3d43e90fd7379b0743e72ca9b23
f3266446c88184a2b5e3c94b18f86760ca5e7c6b225ac8d3a5f49537ab83dd21

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /2015/01/punca-dilarang-letak-air-tin-dalam-peti.html HTTP/1.1
Host: aans1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Fri, 18 Nov 2022 02:43:19 GMT
Date: Fri, 18 Nov 2022 02:43:19 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 08 Nov 2022 12:38:23 GMT
ETag: W/"4c57bcac4cce86ac76b394e2f1ba43e0561322a0a88b0fcb8849eae868211e47"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 16225
Server: GSE

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 02:43:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

w.sharethis.com/button/buttons.js

54.230.111.56

301 Moved Permanently

167 B

URL HTTP/1.1
w.sharethis.com/button/buttons.js
IP
54.230.111.56:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 18 Nov 2022 02:43:19 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://w.sharethis.com/button/buttons.js
X-Cache: Redirect from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QvjQs5fmiPJKfaEp8GBLaepPaU1gWn2EZEVqzAl_W-NDrbxVTyJ1lg==

fonts.googleapis.com/css?family=Josefin+Slab

142.250.74.10

200 OK

295 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Josefin+Slab
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
295 B (295 bytes)
Hash
8d74fecd94bb3a255c2603538ea257a1
7021cec753ddbcfbd2ba682610c769dd30e837b4
aa1d0524faaaa495bc15a6c3b66679288e1243f4ca5e34294631fb5ed5502ba0

HTTP Headers

GET /css?family=Josefin+Slab HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 18 Nov 2022 02:43:19 GMT
Date: Fri, 18 Nov 2022 02:43:19 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

apis.google.com/js/plusone.js

142.250.74.174

200 OK

21 kB

URL HTTP/1.1
apis.google.com/js/plusone.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1279)
Size
21 kB (20984 bytes)
Hash
327d33b72373a953dc7ddef0c6463b48
2fd9b26cb459ff01c3a1dd3507f1c7484cce6ce4
1f9becca80520826519f7908eff9bc2cdf551f9afc5d2a276f9d3c4a55a0e79c

HTTP Headers

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Content-Length: 20984
Date: Fri, 18 Nov 2022 02:43:19 GMT
Expires: Fri, 18 Nov 2022 02:43:19 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "ee4e8f4fc1d1ae5d"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0

aans1.blogspot.com/js/cookienotice.js

142.250.74.161

200 OK

2.0 kB

URL HTTP/1.1
aans1.blogspot.com/js/cookienotice.js
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: aans1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 18 Nov 2022 01:09:42 GMT
Expires: Fri, 25 Nov 2022 01:09:42 GMT
Cache-Control: public, max-age=604800
Last-Modified: Thu, 17 Nov 2022 21:57:45 GMT
Content-Type: text/javascript
Age: 5617

go.padstm.com/?id=292517

139.45.197.238

302 Moved Temporarily

138 B

URL HTTP/1.1
go.padstm.com/?id=292517
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /?id=292517 HTTP/1.1
Host: go.padstm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.padsdel.com/?id=292517
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *

go.padstm.com/?id=292519

139.45.197.238

302 Moved Temporarily

138 B

URL HTTP/1.1
go.padstm.com/?id=292519
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /?id=292519 HTTP/1.1
Host: go.padstm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.padsdel.com/?id=292519
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *

w.sharethis.com/button/buttons.js

54.230.111.56

200 OK

17 kB

URL HTTP/2
w.sharethis.com/button/buttons.js
IP
54.230.111.56:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (60851), with no line terminators
Size
17 kB (16989 bytes)
Hash
6df1e6fb302d1bcb35d898105f0327de
2336688fde43d37fc38dbd842b76f728d7423034
3acec848060440ee2c01f063023d2cc0122ad46f1de910ca0738e6715a6c2e67

HTTP Headers

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://aans1.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 16989
content-encoding: gzip
server: nginx/1.20.1
x-robots-tag: noindex, nofollow
cache-control: max-age=259200
date: Wed, 16 Nov 2022 21:20:00 GMT
expires: Sat, 19 Nov 2022 21:20:00 GMT
etag: W/"634f1855-edb3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WiVt6s5PTuFmfiNwUWllEKx1BpG2xl28S8SBY6b-r4B9ZYlRa4OXfQ==
age: 105800
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26d70ef0f0dab461c42c64bd8ff424f3
f26524275311572e0a183e99a373914502665ba4
b874528c7ee51622b1d83120f70def2cc5da9699be730491f962dc18c477c577

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26d70ef0f0dab461c42c64bd8ff424f3
f26524275311572e0a183e99a373914502665ba4
b874528c7ee51622b1d83120f70def2cc5da9699be730491f962dc18c477c577

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26d70ef0f0dab461c42c64bd8ff424f3
f26524275311572e0a183e99a373914502665ba4
b874528c7ee51622b1d83120f70def2cc5da9699be730491f962dc18c477c577

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.blogger.com/static/v1/widgets/2342155703-widgets.js

142.250.74.105

200 OK

57 kB

URL HTTP/2
www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP
142.250.74.105:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2221)
Size
57 kB (56726 bytes)
Hash
1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b

HTTP Headers

GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 02:09:09 GMT
expires: Thu, 16 Nov 2023 02:09:09 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Nov 2022 04:53:02 GMT
content-type: text/javascript
age: 174851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js

142.250.74.105

200 OK

6.6 kB

URL HTTP/2
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP
142.250.74.105:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1441)
Size
6.6 kB (6573 bytes)
Hash
f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde

HTTP Headers

GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 08:05:29 GMT
expires: Thu, 16 Nov 2023 08:05:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Nov 2022 07:51:19 GMT
content-type: text/javascript
age: 153471
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css

142.250.74.105

200 OK

6.6 kB

URL HTTP/2
www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
IP
142.250.74.105:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (30596)
Size
6.6 kB (6620 bytes)
Hash
6f46e6f68353c7911fe34f31faa1518f
ea4dbfa2f87c18e9c51c59a32dfa9afb9c2c3472
0be7e26374fcff6f423b88e5f2a05d1cfdcb56abb4a78fa125e391989782ae0f

HTTP Headers

GET /static/v1/widgets/55013136-widget_css_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 12 Nov 2022 20:36:31 GMT
expires: Sun, 12 Nov 2023 20:36:31 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 12 Nov 2022 15:50:54 GMT
content-type: text/css
age: 454009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.blogger.com/img/icon18_edit_allbkg.gif

142.250.74.105

200 OK

162 B

URL HTTP/1.1
www.blogger.com/img/icon18_edit_allbkg.gif
IP
142.250.74.105:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 18 x 18\012- data
Size
162 B (162 bytes)
Hash
c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b

HTTP Headers

GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 15 Nov 2022 14:39:46 GMT
Expires: Tue, 22 Nov 2022 14:39:46 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 15 Nov 2022 13:54:38 GMT
Content-Type: image/gif
Age: 216214

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26d70ef0f0dab461c42c64bd8ff424f3
f26524275311572e0a183e99a373914502665ba4
b874528c7ee51622b1d83120f70def2cc5da9699be730491f962dc18c477c577

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1.bp.blogspot.com/-ho1JUe_TJ-8/Vdb8kU0l1dI/AAAAAAAAKNI/JB0-WlsU-eM/s1600/12.jpg

142.250.74.161

200 OK

122 kB

URL HTTP/1.1
1.bp.blogspot.com/-ho1JUe_TJ-8/Vdb8kU0l1dI/AAAAAAAAKNI/JB0-WlsU-eM/s1600/12.jpg
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 851x315, components 3\012- data
Size
122 kB (121948 bytes)
Hash
fdb16fd9d11da34115a3d36756ec2cd8
88f5eff84192079db87a49713aadc38e498e080c
b24bc09a6345b5ff13f8ed35497ae71ecb464dbde6470fdb6ff9a409d7cdd59a

HTTP Headers

GET /-ho1JUe_TJ-8/Vdb8kU0l1dI/AAAAAAAAKNI/JB0-WlsU-eM/s1600/12.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="12.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 121948
X-XSS-Protection: 0
Date: Fri, 18 Nov 2022 01:09:43 GMT
Expires: Sat, 12 Nov 2022 03:27:26 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 5617
ETag: "v28d3"
Content-Type: image/jpeg

go.padsdel.com/?id=292519

139.45.197.239

200 OK

8 B

URL HTTP/1.1
go.padsdel.com/?id=292519
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
8 B (8 bytes)
Hash
3bbbac058fc4ed9e8078f0318d31d9fa
fb3f78865eac1bdd3406f00b9cae5c6cdf6211b8
3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?id=292519 HTTP/1.1
Host: go.padsdel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://aans1.blogspot.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: application/octet-stream
Content-Length: 8
Connection: keep-alive

go.padsdel.com/?id=292517

139.45.197.239

200 OK

8 B

URL HTTP/1.1
go.padsdel.com/?id=292517
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
8 B (8 bytes)
Hash
3bbbac058fc4ed9e8078f0318d31d9fa
fb3f78865eac1bdd3406f00b9cae5c6cdf6211b8
3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?id=292517 HTTP/1.1
Host: go.padsdel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://aans1.blogspot.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: application/octet-stream
Content-Length: 8
Connection: keep-alive

www.clicksasia.com/openx/www/delivery/inline.js

185.38.110.121

200 OK

47 B

URL HTTP/1.1
www.clicksasia.com/openx/www/delivery/inline.js
IP
185.38.110.121:0
ASN
#60592 Gransy s.r.o.

File type
ASCII text
Size
47 B (47 bytes)
Hash
511b5d4a2aef166d9dc32d1c02c07ac9
0f1a044a15467fcd79f0eed930ef3089093724e4
8bc7dba4bd487ef7bf47ad5e54a2eb55618d75518d5f98c8eb83a9901ac05f38

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /openx/www/delivery/inline.js HTTP/1.1
Host: www.clicksasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Length: 47

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
08af5da5cda2c890667e08b6b9ba8fcb
54d48e3ab97d85d40cf0efffda42a7393de1d883
3ae3fb9eaf603e46547258cf1d00e66a3ab53653dd93eb8245ba1de13cae5a9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs

142.250.74.174

200 OK

51 kB

URL HTTP/2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (580)
Size
51 kB (51072 bytes)
Hash
a5aeb8dce52dc81116cc434ff43d3f63
c74721ddc9b87ba5a9deb2a361f44c9293f928b7
333fbf33d55990f58551357644398b7b571c25cd56bc25ad3ea7270571f96118

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 51072
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 23:40:28 GMT
expires: Thu, 16 Nov 2023 23:40:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 97372
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

aans1.blogspot.com/feeds/posts/default/-/Kesihatan?alt=json-in-script&callback=related_results_labels&max-results=17

142.250.74.161

200 OK

23 kB

URL HTTP/1.1
aans1.blogspot.com/feeds/posts/default/-/Kesihatan?alt=json-in-script&callback=related_results_labels&max-results=17
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (65494)
Size
23 kB (23035 bytes)
Hash
e037e0a7f8efc0524ccdcf1f74d65bcd
e495cda8ee8f135818eb2fb7b46c2ca46ef2edee
1dbb61be7af6c68239403a067edc813b8efd61441b3514cb74b480d18f1f285f

HTTP Headers

GET /feeds/posts/default/-/Kesihatan?alt=json-in-script&callback=related_results_labels&max-results=17 HTTP/1.1
Host: aans1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/2015/01/punca-dilarang-letak-air-tin-dalam-peti.html

HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"3fae87f3083484d530b03c3b99c8d497a685d485c2e4be37d7eaf6c7fb168c04"
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Fri, 18 Nov 2022 02:43:21 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 12:38:23 GMT
Content-Encoding: gzip
Content-Length: 23035
X-Frame-Options: SAMEORIGIN

4.bp.blogspot.com/-Cjrjhse6Exc/T_YQ7dMaIpI/AAAAAAAACxg/3RqA3xoGSj0/s1600/subcribe%2Bthesis.gif

142.250.74.161

200 OK

354 B

URL HTTP/1.1
4.bp.blogspot.com/-Cjrjhse6Exc/T_YQ7dMaIpI/AAAAAAAACxg/3RqA3xoGSj0/s1600/subcribe%2Bthesis.gif
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 12 x 12\012- data
Size
354 B (354 bytes)
Hash
63518cf04cae6c58308feb72ea17aeb4
899fbaf9f628bc09483dbca246f580596beb8378
c33b76e5a92e675fbef817c95a1414f9b9a661d46f6e66b9eb58b05679d69fd5

HTTP Headers

GET /-Cjrjhse6Exc/T_YQ7dMaIpI/AAAAAAAACxg/3RqA3xoGSj0/s1600/subcribe%2Bthesis.gif HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="subcribe thesis.gif"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 354
X-XSS-Protection: 0
Date: Fri, 18 Nov 2022 01:09:42 GMT
Expires: Sat, 19 Nov 2022 01:09:42 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v248c"
Content-Type: image/gif
Age: 5618

fonts.gstatic.com/s/josefinslab/v20/lW-swjwOK3Ps5GSJlNNkMalNpiZe_ldbOR4W71msR349Kg.woff2

216.58.207.195

200 OK

10 kB

URL HTTP/1.1
fonts.gstatic.com/s/josefinslab/v20/lW-swjwOK3Ps5GSJlNNkMalNpiZe_ldbOR4W71msR349Kg.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10024, version 1.0\012- data
Size
10 kB (10024 bytes)
Hash
29db13120ec478925e9486c2fb8aa79a
59af3d7d251693ee0ef2f14566d3bd165028bb0f
f48b859d4f27ad5d59d75e405c3c4a847effd7b56308c1315e5d8f9dbac89bd0

HTTP Headers

GET /s/josefinslab/v20/lW-swjwOK3Ps5GSJlNNkMalNpiZe_ldbOR4W71msR349Kg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://aans1.blogspot.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 10024
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 18 Nov 2022 01:05:53 GMT
Expires: Sat, 18 Nov 2023 01:05:53 GMT
Cache-Control: public, max-age=31536000
Age: 5847
Last-Modified: Mon, 11 Jul 2022 20:59:21 GMT
Content-Type: font/woff2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4867bbb88730b6b7c4ce63d01131b13d
13205cb9c213ebb2915cedc56c64c65dccd3b8c4
f6df6058ca9dd6ce5e9034a5996d6e22ddbc9e5be85a245c55efb2bfbccbf99a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 01:44:49 GMT
cache-control: public,max-age=3600
age: 3511
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

1.bp.blogspot.com/-zt1heJ3mBLg/T7zVmDb7EII/AAAAAAAAA-Q/hpQivcNMPP4/s1600/bullet.gif

142.250.74.161

200 OK

311 B

URL HTTP/1.1
1.bp.blogspot.com/-zt1heJ3mBLg/T7zVmDb7EII/AAAAAAAAA-Q/hpQivcNMPP4/s1600/bullet.gif
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 13 x 11\012- data
Size
311 B (311 bytes)
Hash
028bcf92cf62e42de0acfa130f3d351e
68e32de8443766f9ed1ddc91c4f6436cc2facf4a
a9ded55ec2249c5d0fc740e775d521dc79e6b38bb8f28f80fdd8348975ca11d4

HTTP Headers

GET /-zt1heJ3mBLg/T7zVmDb7EII/AAAAAAAAA-Q/hpQivcNMPP4/s1600/bullet.gif HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="bullet.gif"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 311
X-XSS-Protection: 0
Date: Fri, 18 Nov 2022 01:09:43 GMT
Expires: Wed, 16 Nov 2022 03:47:33 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 5617
ETag: "v4ca"
Content-Type: image/gif

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c10055ce87434f700ff8b20e3be1f919
477b3c9f1da0c464282bb54572737e76b6e346da
4d78eb296876122e5ff40fcd7667adf1bf8a4b1ee4c8203c88a63ce8d7910a57

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5525
Cache-Control: max-age=114940
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 10:39:00 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8fbee92ce32930ff97be00616e89f726
0a472ebf60eb094f8c90b9132c4db41cf82132eb
f88662f1203d68f0eb4d2699c7240099af2c2cc924f83abb206625a39de5bec8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eeab7cac05db82df44ba5530370a7b0c
ba9f2b0bbfd4f12b923106c29369a94d9fc617f1
097d22b35eebb9dff6ca54f1f8550c5ee5e6b99c726d6ac388acf7c5a1356d31

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

developers.google.com/

142.250.74.14

301 Moved Permanently

0 B

URL HTTP/1.1
developers.google.com/
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://aans1.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Location: https://developers.google.com/
X-Cloud-Trace-Context: 36f96daab0228a12b1f6bf6708a9b5f7
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
48c4ce804ccc97540c1b396dc02c30a9
829146a5d661d3a9b07d77e9dc02ad4125100c8e
fb32735a37bb4c1cbd32600d92a2acd09ed1d717672451e51063794e1e88dfd6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww62.clicksasia.com/

76.223.26.96

200 OK

4.5 kB

URL HTTP/1.1
ww62.clicksasia.com/
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2482)
Size
4.5 kB (4500 bytes)
Hash
8a020ccecb8bff77817945e031c0f70a
7ba4537150137c52f0ef163aa7393644c1e28a80
543610b217ed19ced2d6f8b2b62669f7ca343964c22bb9b6d70dc3316162c97f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww62.clicksasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 02:43:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Ue2QSzd35QEQtTK6x1YLQaf0D2dWoHK7bmHfcZIGI/CAXG4Ia6DnnC8NDz024FxnCIyOUYSYMWBOGoKSnD/fqw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip

ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js

142.250.74.99

200 OK

4.3 kB

URL HTTP/2
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2267)
Size
4.3 kB (4294 bytes)
Hash
3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282

HTTP Headers

GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 18:48:12 GMT
expires: Thu, 16 Nov 2023 18:48:12 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 12 Nov 2022 01:08:55 GMT
content-type: text/javascript
age: 114908
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ab3dba755433b7134af264b381ef4c89
72dc38c8c164afc9e503df2164601a59ebf35f94
42ca04c832dd92ed269bd38caa872372563b155d2172ab026143a7b4afa4951c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=148333
Date: Fri, 18 Nov 2022 02:43:20 GMT
Etag: "637679af-1d7"
Expires: Sat, 19 Nov 2022 19:55:33 GMT
Last-Modified: Thu, 17 Nov 2022 18:13:03 GMT
Server: ECS (nyb/1D0F)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Vbhgfwszc8EN-T8-dUZWY1kShR7FCxxDMhisr8h7AFohuqt6WFbcRQ==
Age: 6151

push.services.mozilla.com/

54.148.17.90

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.17.90:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: q9fnH+vQAse/UL88wrPLYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ROSbDB2crGBVDvwuG9VzqFb2J20=

l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1668739398764.85738&hostname=aans1.blogspot.com&location=%2F2015%2F01%2Fpunca-dilarang-letak-air-tin-dalam-peti.html&product=widget&fcmp=false&fcmpv2=false&publisher=ur.00000000-0000-0000-0000-000000000000&url=http%3A%2F%2Faans1.blogspot.com%2F2015%2F01%2Fpunca-dilarang-letak-air-tin-dalam-peti.html&title=Punca%20Dilarang%20Letak%20Air%20Tin%20Dalam%20Peti%20Ais%20Tempat%20Beku%20Terjawap&sop=false&description=%20%20%20%20Tolong%20ingatkan%20adik-adik%20kita%2C%20bukan%20setakat%20memanaskan%20air%20tin%20tetapi%20membekukannya%20pun%20tidak%20boleh.Di%20daerah%20Jiading%2C%20Shanghai%2C%20seora...&description=%20%20%20%20Tolong%20ingatkan%20adik-adik%20kita%2C%20bukan%20setakat%20memanaskan%20air%20tin%20tetapi%20membekukannya%20pun%20tidak%20boleh.Di%20daerah%20Jiading%2C%20Shanghai%2C%20seora...&img_pview=true

52.28.72.230

204 No Content

0 B

URL HTTP/1.1
l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1668739398764.85738&hostname=aans1.blogspot.com&location=%2F2015%2F01%2Fpunca-dilarang-letak-air-tin-dalam-peti.html&product=widget&fcmp=false&fcmpv2=false&publisher=ur.00000000-0000-0000-0000-000000000000&url=http%3A%2F%2Faans1.blogspot.com%2F2015%2F01%2Fpunca-dilarang-letak-air-tin-dalam-peti.html&title=Punca%20Dilarang%20Letak%20Air%20Tin%20Dalam%20Peti%20Ais%20Tempat%20Beku%20Terjawap&sop=false&description=%20%20%20%20Tolong%20ingatkan%20adik-adik%20kita%2C%20bukan%20setakat%20memanaskan%20air%20tin%20tetapi%20membekukannya%20pun%20tidak%20boleh.Di%20daerah%20Jiading%2C%20Shanghai%2C%20seora...&description=%20%20%20%20Tolong%20ingatkan%20adik-adik%20kita%2C%20bukan%20setakat%20memanaskan%20air%20tin%20tetapi%20membekukannya%20pun%20tidak%20boleh.Di%20daerah%20Jiading%2C%20Shanghai%2C%20seora...&img_pview=true
IP
52.28.72.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pview?event=pview&version=buttons.js&lang=en&sessionID=1668739398764.85738&hostname=aans1.blogspot.com&location=%2F2015%2F01%2Fpunca-dilarang-letak-air-tin-dalam-peti.html&product=widget&fcmp=false&fcmpv2=false&publisher=ur.00000000-0000-0000-0000-000000000000&url=http%3A%2F%2Faans1.blogspot.com%2F2015%2F01%2Fpunca-dilarang-letak-air-tin-dalam-peti.html&title=Punca%20Dilarang%20Letak%20Air%20Tin%20Dalam%20Peti%20Ais%20Tempat%20Beku%20Terjawap&sop=false&description=%20%20%20%20Tolong%20ingatkan%20adik-adik%20kita%2C%20bukan%20setakat%20memanaskan%20air%20tin%20tetapi%20membekukannya%20pun%20tidak%20boleh.Di%20daerah%20Jiading%2C%20Shanghai%2C%20seora...&description=%20%20%20%20Tolong%20ingatkan%20adik-adik%20kita%2C%20bukan%20setakat%20memanaskan%20air%20tin%20tetapi%20membekukannya%20pun%20tidak%20boleh.Di%20daerah%20Jiading%2C%20Shanghai%2C%20seora...&img_pview=true HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Fri, 18 Nov 2022 02:43:20 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c15be7bf1c6987951ddd348d6f6b4db1
9faac1fb81abc8fce6d4ae81777c76b8bc11e9b0
7f1d01e3fc0b69e331fd30326ea8fd9b1e3e06a0a93ae4768e7addd03a121025

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
48c4ce804ccc97540c1b396dc02c30a9
829146a5d661d3a9b07d77e9dc02ad4125100c8e
fb32735a37bb4c1cbd32600d92a2acd09ed1d717672451e51063794e1e88dfd6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d38psrni17bvxu.cloudfront.net/themes/assets/style.css

54.230.245.138

200 OK

343 B

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/assets/style.css
IP
54.230.245.138:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
343 B (343 bytes)
Hash
03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7

HTTP Headers

GET /themes/assets/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 18 Nov 2022 00:33:15 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JKBjyqcf4ZMyv5CIGsloC14CfLfefOftlBs6qCeTvd0t-ftZPET7ww==
Age: 7806

d38psrni17bvxu.cloudfront.net/scripts/maincaf.js

54.230.245.138

200 OK

7.0 kB

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP
54.230.245.138:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (316)
Size
7.0 kB (7006 bytes)
Hash
3c7567521347bf95b105ffa7fdc7da86
08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 15:10:44 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kjkLVvd0jhEnryBXEymlqEeUOvoJnnuE_Xmnh4FWDCwP8gpubwDCxw==
Age: 41557

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css

54.230.245.138

200 OK

648 B

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
IP
54.230.245.138:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
648 B (648 bytes)
Hash
706f944f821bc64dff4240a04251ff36
efcf7c46310be1b252baae8e2f4b5e9edfee9fe3
dc365466c780c2d5e58a10925db88facb0cae18cb5a077790c54561e8590b63b

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 03:12:38 GMT
Last-Modified: Fri, 21 Oct 2022 11:27:37 GMT
Content-Encoding: gzip
ETag: W/"63528229-63e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CItC0mLzh_qiIPKWhymkF-u9L8pkhSwp82aasmfHhFvgl6k3g-Ihng==
Age: 84643

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54 kB

URL HTTP/1.1
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1885)
Size
54 kB (53468 bytes)
Hash
a44ef3c4a7a9931f20e9683f32059b23
acb52c922f371a4a9ce2388815da2e5b7a9254ea
69091ab962a7a39bed19fd1a106dca60a6dfbc2162d6d0af5234949186777b40

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Fri, 18 Nov 2022 02:43:21 GMT
Expires: Fri, 18 Nov 2022 02:43:21 GMT
Cache-Control: private, max-age=3600
ETag: "5691164722343775337"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

54.230.245.138

200 OK

11 kB

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
54.230.245.138:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11375 bytes)
Hash
0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Fri, 18 Nov 2022 02:14:13 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3amcyK3GY_1DpHiKln-ChxEEcB9VSjho3qOiLqkHY-fcqDDcawiQ1Q==
Age: 1749

ww62.clicksasia.com/favicon.ico

76.223.26.96

200 OK

0 B

URL HTTP/1.1
ww62.clicksasia.com/favicon.ico
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww62.clicksasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 02:43:22 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

ww62.clicksasia.com/track.php?domain=clicksasia.com&toggle=browserjs&uid=MTY2ODczOTQwMC44NTA1OjdjZThmMDI1NmY1YTMwZDE5Yzk5MTdmODkxYTNkZTc5NmVlOGZmODliZTMxOWM2YWRhMzk2ODljZWYzNTRiODI6NjM3NmYxNDhjZmEyYw%3D%3D

76.223.26.96

200 OK

20 B

URL HTTP/1.1
ww62.clicksasia.com/track.php?domain=clicksasia.com&toggle=browserjs&uid=MTY2ODczOTQwMC44NTA1OjdjZThmMDI1NmY1YTMwZDE5Yzk5MTdmODkxYTNkZTc5NmVlOGZmODliZTMxOWM2YWRhMzk2ODljZWYzNTRiODI6NjM3NmYxNDhjZmEyYw%3D%3D
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track.php?domain=clicksasia.com&toggle=browserjs&uid=MTY2ODczOTQwMC44NTA1OjdjZThmMDI1NmY1YTMwZDE5Yzk5MTdmODkxYTNkZTc5NmVlOGZmODliZTMxOWM2YWRhMzk2ODljZWYzNTRiODI6NjM3NmYxNDhjZmEyYw%3D%3D HTTP/1.1
Host: ww62.clicksasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 02:43:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
05bf67082a248863ee104c4f16e7ae7a
51bc71674f0e51788118bd4826dec7896d6bd03e
3664a7f4bc06fcb7bab2f6b270e74570536d947f8d3fa2fe586dd0de713844e8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww62.clicksasia.com/ls.php

76.223.26.96

201 Created

0 B

URL HTTP/1.1
ww62.clicksasia.com/ls.php
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

POST /ls.php HTTP/1.1
Host: ww62.clicksasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2206
Origin: http://ww62.clicksasia.com
Connection: keep-alive
Referer: http://ww62.clicksasia.com/

HTTP/1.1 201 Created
Date: Fri, 18 Nov 2022 02:43:22 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 6376f14ac5761f55a872f02b
Charset: utf-8
Access-Control-Allow-Origin: http://ww62.clicksasia.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_k4z/jTmnrJY8WxvSGqI8q3nU8GMq4pUBF+4n7MWQbngmj0MgPw9PKB05YB3Wx6mLAuHhN8ot5075PvWp7hZqSw==

www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=5461668739400679&num=0&output=afd_ads&domain_name=ww62.clicksasia.com&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1668739400681&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fww62.clicksasia.com%2F&referer=http%3A%2F%2Faans1.blogspot.com%2F&adbw=master-1%3A530

142.250.74.164

200 OK

2.0 kB

URL HTTP/2
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=5461668739400679&num=0&output=afd_ads&domain_name=ww62.clicksasia.com&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1668739400681&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fww62.clicksasia.com%2F&referer=http%3A%2F%2Faans1.blogspot.com%2F&adbw=master-1%3A530
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5302)
Size
2.0 kB (1994 bytes)
Hash
089891e91a8f8ba3a5a58fd8cd915853
d7ef14ece96d38de6ab9316464261c19203acccc
bf62ae59d06efe0cd6a6bc2035b406f59fd631ed9c2fdb09ae6ee80056f91509

HTTP Headers

GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=5461668739400679&num=0&output=afd_ads&domain_name=ww62.clicksasia.com&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1668739400681&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fww62.clicksasia.com%2F&referer=http%3A%2F%2Faans1.blogspot.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww62.clicksasia.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 18 Nov 2022 02:43:22 GMT
expires: Fri, 18 Nov 2022 02:43:22 GMT
cache-control: private, max-age=3600
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 1994
x-xss-protection: 0
set-cookie: NID=511=TN0FMwOXq6kZxguKkd1ztXkPpeB9-wz-NaIuGh67vhpUKgaft-_digVxee4hSKKfV2rqqZ-V_Yht_e5Sl4l4VjvzdGirbY6p8DN_LC-DFMLRft2m3gjoanM8zueuwcn-c255TYeqzn1ldrIvhwsYOdtE844EZHNiLdXe5C9MM5s; expires=Sat, 20-May-2023 02:43:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+457; expires=Sun, 17-Nov-2024 02:43:22 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f597aa17a4d26018bf1ad1591cda3a8c
6da511661cc1b274d9003c70b1f3a02d4c892a9e
fec0b5daf3e144d99f60100ce28b3e607a8908742002eeab5af289d512d5e3f5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

partner.googleadservices.com/gampad/cookie.js?domain=ww62.clicksasia.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie

172.217.21.162

200 OK

186 B

URL HTTP/2
partner.googleadservices.com/gampad/cookie.js?domain=ww62.clicksasia.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
186 B (186 bytes)
Hash
b30422a105be51e9dac48014ffc08ded
de6b76fec7dfed600ae5d1492bfdc321e42eeefd
1ba91a13fdaec54531836208e5ad77f16b69fe7ffe781fd8506e618bfa6f400c

HTTP Headers

GET /gampad/cookie.js?domain=ww62.clicksasia.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww62.clicksasia.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 18 Nov 2022 02:43:22 GMT
server: cafe
cache-control: private
content-length: 186
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3491
Expires: Fri, 18 Nov 2022 03:41:33 GMT
Date: Fri, 18 Nov 2022 02:43:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3491
Expires: Fri, 18 Nov 2022 03:41:33 GMT
Date: Fri, 18 Nov 2022 02:43:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3491
Expires: Fri, 18 Nov 2022 03:41:33 GMT
Date: Fri, 18 Nov 2022 02:43:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg

34.120.237.76

200 OK

3.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.8 kB (3759 bytes)
Hash
5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 17553
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84053cb2-edec-465e-8700-6af61bae8236.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8155 bytes)
Hash
676b1603008690786aa36dc3113b7581
cbdc425467a5d41aba5e8e5c54354b4f03cd194a
7e5e7bf695ff31df6c97e502a44f4fa9197c6579b0c7a7c590457ea067d1cf1e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84053cb2-edec-465e-8700-6af61bae8236.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8155
x-amzn-requestid: 5650af50-eb93-47d9-8322-8a2e263e12ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7vFU5IAMFYGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7e-759bbd5b5a22e07c1c181c0a;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VikBDm5_Bqbs0gLFkhbT6H3i6t57bnC0Xq-gkiJBILQ8Ynw_7RqWNA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:43 GMT
etag: "cbdc425467a5d41aba5e8e5c54354b4f03cd194a"
content-type: image/jpeg
age: 17259
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d9d6315-de31-43b3-8c19-dc3528c7eefe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5917 bytes)
Hash
158a07cdb0174c0cf0c2473cb069a459
46753b0476f8a272a047b07070db272a0fd3b42e
40bacc15755d920085e52af0bc9f6e8eac0379a31765f6ba72cf53546e296a2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d9d6315-de31-43b3-8c19-dc3528c7eefe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5917
x-amzn-requestid: 47ec37aa-10ef-4e35-a76c-301d34e4a102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw9VaHt9oAMFpIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376a8ef-6eb9776b4df9facd0f19c974;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:34:39 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qReov2_mDTOantzcbI8dBALwKBsq58MGL2yHuJwk0DxNL7um6T_M1g==
via: 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:57 GMT
age: 17245
etag: "46753b0476f8a272a047b07070db272a0fd3b42e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

57 kB

URL HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
data
Size
57 kB (56923 bytes)
Hash
42a8df80f026d3849e27209eba428221
388f45deb0c342c7b674d6eb645fae1ec449e3f5
93b9ff8368e89612a353bf62a93ba3dda81c408e80cb5dd6e8ff1aed45d7f0ab

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 18 Nov 2022 02:43:22 GMT
expires: Fri, 18 Nov 2022 02:43:22 GMT
cache-control: private, max-age=3600
etag: "15908545092942818404"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3a5d24e-84d5-4c9f-9fda-c8fafaeef64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9345 bytes)
Hash
6c07ca17dc4187cb964dcf51c7d4c803
3ab61331361e2755fa8339ac3131eceff4f535c1
5f9262f80a49bf673803568d17a290277d1235efbe7462fea0e6f0d5c1edaf5a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3a5d24e-84d5-4c9f-9fda-c8fafaeef64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9345
x-amzn-requestid: 986b938b-2dfa-4777-80c6-819a29b65e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw_FsFSsoAMFmEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376abbd-5dc3705f3a14a60d7bd11c35;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:46:37 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: u40g9pH7-OUaPF52MPmWuColzfcBybhSdCFY_YxQLnvfW0GzqMd50Q==
via: 1.1 332ef4544bd8b531e8f11abaa4197c08.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:52:40 GMT
age: 17442
etag: "3ab61331361e2755fa8339ac3131eceff4f535c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11667 bytes)
Hash
032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 02:49:36 GMT
age: 86026
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f597aa17a4d26018bf1ad1591cda3a8c
6da511661cc1b274d9003c70b1f3a02d4c892a9e
fec0b5daf3e144d99f60100ce28b3e607a8908742002eeab5af289d512d5e3f5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3ef4fa6e63334c1a8d02c8f042fd66c
44b43e90a0f6876bc26f86b17f0b11fe45762951
d94585dfe48324d5e394a1e88f450048d1eac21acdbb72948ef0528e46e8b899

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3ef4fa6e63334c1a8d02c8f042fd66c
44b43e90a0f6876bc26f86b17f0b11fe45762951
d94585dfe48324d5e394a1e88f450048d1eac21acdbb72948ef0528e46e8b899

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

142.250.74.33

200 OK

270 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size
270 B (270 bytes)
Hash
5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 01:18:40 GMT
expires: Sat, 19 Nov 2022 00:18:40 GMT
cache-control: public, max-age=82800
age: 5082
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.33

200 OK

174 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 23:02:48 GMT
expires: Fri, 18 Nov 2022 22:02:48 GMT
cache-control: public, max-age=82800
age: 13234
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3ef4fa6e63334c1a8d02c8f042fd66c
44b43e90a0f6876bc26f86b17f0b11fe45762951
d94585dfe48324d5e394a1e88f450048d1eac21acdbb72948ef0528e46e8b899

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 02:43:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww62.clicksasia.com/track.php?domain=clicksasia.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODczOTQwMC44NTA1OjdjZThmMDI1NmY1YTMwZDE5Yzk5MTdmODkxYTNkZTc5NmVlOGZmODliZTMxOWM2YWRhMzk2ODljZWYzNTRiODI6NjM3NmYxNDhjZmEyYw%3D%3D

76.223.26.96

200 OK

20 B

URL HTTP/1.1
ww62.clicksasia.com/track.php?domain=clicksasia.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODczOTQwMC44NTA1OjdjZThmMDI1NmY1YTMwZDE5Yzk5MTdmODkxYTNkZTc5NmVlOGZmODliZTMxOWM2YWRhMzk2ODljZWYzNTRiODI6NjM3NmYxNDhjZmEyYw%3D%3D
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track.php?domain=clicksasia.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODczOTQwMC44NTA1OjdjZThmMDI1NmY1YTMwZDE5Yzk5MTdmODkxYTNkZTc5NmVlOGZmODliZTMxOWM2YWRhMzk2ODljZWYzNTRiODI6NjM3NmYxNDhjZmEyYw%3D%3D HTTP/1.1
Host: ww62.clicksasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.clicksasia.com/
Cookie: __gsas=ID=b93a8597ba7c978e:T=1668739402:S=ALNI_Mb_SPCjdxnRN8lg2ZYmJYZA1iy9cg

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 02:43:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

1.bp.blogspot.com/-uzF0oVy_F7U/VgPjgVVKEuI/AAAAAAAAKag/UsyXtm5xJmA/s1600/FotorCreated.jpg

142.250.74.161

200 OK

0 B

URL HTTP/1.1
1.bp.blogspot.com/-uzF0oVy_F7U/VgPjgVVKEuI/AAAAAAAAKag/UsyXtm5xJmA/s1600/FotorCreated.jpg
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /-uzF0oVy_F7U/VgPjgVVKEuI/AAAAAAAAKag/UsyXtm5xJmA/s1600/FotorCreated.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="FotorCreated.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 194499
X-XSS-Protection: 0
Date: Fri, 18 Nov 2022 01:09:43 GMT
Expires: Sat, 12 Nov 2022 03:27:26 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 5617
ETag: "v29a9"
Content-Type: image/jpeg

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.66

200 OK

0 B

URL HTTP/1.1
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aans1.blogspot.com/

HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Fri, 18 Nov 2022 02:43:20 GMT
Expires: Fri, 18 Nov 2022 02:43:20 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 15909774431707264922
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 51714
X-XSS-Protection: 0

accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Faans1.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__

216.58.207.237

200 OK

0 B

URL HTTP/2
accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Faans1.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /o/oauth2/postmessageRelay?parent=http%3A%2F%2Faans1.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aans1.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 18 Nov 2022 02:43:20 GMT
content-security-policy: script-src 'nonce-OPYM92gnqLMlRrwJ9uUbxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (45)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations