Report - extpaypalupdatenonqs.blogspot.tw/

Report Overview

Visited public
2025-04-05 11:30:01
Tags
URL
extpaypalupdatenonqs.blogspot.tw/
Finishing URL
extpaypalupdatenonqs.blogspot.com/
IP / ASN
142.250.178.65
#15169 GOOGLE
Title
PayPal

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-02	1.1 kB	82 kB	142.250.74.35
www.blogger.com	8975	1999-06-22	2012-05-22	2025-04-03	909 B	150 kB	142.250.178.73
extpaypalupdatenonqs.blogspot.com	unknown	2000-07-31	2024-05-01	2024-12-30	1.9 kB	107 kB	142.250.178.33
extpaypalupdatenonqs.blogspot.tw	unknown	2011-02-09	2024-10-15	2024-12-30	489 B	88 kB	142.250.74.161
resources.blogblog.com	13274	2000-09-15	2017-01-30	2025-04-03	463 B	141 kB	172.217.21.169
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-04-02	454 B	12 kB	142.250.74.99
themes.googleusercontent.com	9661	2008-11-17	2012-05-24	2025-04-05	543 B	229 kB	142.250.178.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-04	medium	extpaypalupdatenonqs.blogspot.com/	PayPal Inc.
2025-04-04	medium	extpaypalupdatenonqs.blogspot.tw/	PayPal Inc.
2025-04-04	medium	extpaypalupdatenonqs.blogspot.com/	PayPal Inc.
2025-04-04	medium	extpaypalupdatenonqs.blogspot.com/	PayPal Inc.
2025-04-04	medium	extpaypalupdatenonqs.blogspot.com/	PayPal Inc.

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	extpaypalupdatenonqs.blogspot.com/	ScriptElement	275 B	2023-03-07	2025-05-10
Pretty URL extpaypalupdatenonqs.blogspot.com/ IP 142.250.178.33 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 06:01 Times Seen37702 Hash 38ee2f6ddbe8a478e5795030e72ba35d d332319b04b273e3b9a93ffa22ba9036d59b8e99 97d98978d5864e77cd83bd79a0d31ced40631a6134a154e8f049bcc20f49a319 Loading...

	extpaypalupdatenonqs.blogspot.com/	ScriptElement	798 B	2024-02-05	2025-05-10
Pretty URL extpaypalupdatenonqs.blogspot.com/ IP 142.250.178.33 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-05 14:31 Last Seen2025-05-10 06:01 Times Seen17951 Hash f488687f23b8b2ad6f1d05c2d07b2735 9fc276898b78f841cb27d76da4f17dbe8c77aefe 9153ade8a8e5db45d8092225fe85f04f6af83889149e2f735d1815268a1003c9 Loading...

	www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js	ScriptElement	12 kB	2023-04-05	2025-05-10
Pretty URL www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 03:08 Last Seen2025-05-10 01:14 Times Seen8101 Hash a1a2e5bd3af1cf7d730f15dd7e308a1b 6ab91a37884d5f70808157c5cb6ed7345d8f537a d5ecc1fcccdbc32c37aa7e46793befad6d98ff1a85d1760d732d710faf49a08e Loading...

	resources.blogblog.com/blogblog/data/res/2972702912-indie_compiled.js	ScriptElement	140 kB	2025-04-01	2025-04-07
Pretty URL resources.blogblog.com/blogblog/data/res/2972702912-indie_compiled.js IP 172.217.21.169 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-01 11:47 Last Seen2025-04-07 11:19 Times Seen39 Hash 55f18ae22400e0d965af0401ea413bb9 19972e7034d144142619e6e9615e5cca58a75ef9 90caacd3cbb6027fd379e46681bd4e20a4bc8b63410f53a36a4bae20f43fe507 Loading...

	www.blogger.com/static/v1/widgets/2806328968-widgets.js	ScriptElement	146 kB	2025-04-02	2025-04-08
Pretty URL www.blogger.com/static/v1/widgets/2806328968-widgets.js IP 142.250.178.73 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-02 09:16 Last Seen2025-04-08 11:36 Times Seen185 Hash 1f6bb90276fe485f7adedfab4c1bef30 67cc30dd51882f997bb883c392dbc1ee2059bbd3 77380e8e21962e27a5f94b678ec3924338f5bca6f4345335ff112d71fcf43fb8 Loading...

	extpaypalupdatenonqs.blogspot.com/	ScriptElement	7.8 kB	2025-04-05	2025-04-05
Pretty URL extpaypalupdatenonqs.blogspot.com/ IP 142.250.178.33 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-05 11:30 Last Seen2025-04-05 11:30 Times Seen1 Hash a172e25b3866e662a3575c4a53c18148 61e634eeac9bcf981a0ec6381e78a19c6e990da7 e913695e6964a781613159e68e333d53508036119364ee400c38c7f15a31d29c Loading...

	extpaypalupdatenonqs.blogspot.com/js/cookienotice.js	ScriptElement	6.5 kB	2023-03-07	2025-05-10
Pretty URL extpaypalupdatenonqs.blogspot.com/js/cookienotice.js IP 142.250.178.33 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 06:01 Times Seen43844 Hash a705132a2174f88e196ec3610d68faa8 3bad57a48d973a678fec600d45933010f6edc659 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 Loading...

HTTP Transactions (12)

URL IP Response Size

themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600

142.250.178.33

200 OK

228 kB

URL GET
themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint85:BF:6A:5F:09:9C:AA:F5:8D:3B:2E:65:D1:16:4F:7F:03:2D:A8:DD
ValidityThu, 20 Mar 2025 11:19:41 GMT - Thu, 12 Jun 2025 11:19:40 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, description=Sunset afterglow and twlight dunes in White Sands National Monument, software=Picasa], baseline, precision 8, 1600x1067, components 3
Size
228 kB (228521 bytes)
Hash
e66ef1f4c654be20558150214aa2b85a
ad1dfbefad9a21e48aeeac1bae9f8a5b8ea1ef3c
6a5482e0dc4e77a6be20281b13d7ef4d8b67521e73b66bc633ea4e4242934be9

HTTP Headers

GET /image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600 HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v1"
expires: Sun, 06 Apr 2025 11:29:39 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Sat, 05 Apr 2025 11:29:39 GMT
server: fife
content-length: 228521
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://extpaypalupdatenonqs.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 10:03:46 GMT
expires: Fri, 03 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 177953
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/img/blogger_logo_round_35.png

142.250.178.73

200 OK

2.5 kB

URL GET
www.blogger.com/img/blogger_logo_round_35.png
IP
142.250.178.73:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint75:81:08:06:F2:E8:44:58:B6:62:59:16:53:40:E8:D8:6E:3C:DB:EB
ValidityThu, 20 Mar 2025 11:18:25 GMT - Thu, 12 Jun 2025 11:18:24 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
2.5 kB (2531 bytes)
Hash
838622483cbfed35380b4705f19d7cca
7de684136affc969a24d61927afc18905cf2fc36
183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a

HTTP Headers

GET /img/blogger_logo_round_35.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2531
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 18:17:22 GMT
expires: Thu, 10 Apr 2025 18:17:22 GMT
cache-control: public, max-age=604800
last-modified: Thu, 03 Apr 2025 13:52:11 GMT
content-type: image/png
age: 148338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

extpaypalupdatenonqs.blogspot.com/favicon.ico

142.250.178.33

200 OK

3.6 kB

URL GET
extpaypalupdatenonqs.blogspot.com/favicon.ico
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
3.6 kB (3638 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: extpaypalupdatenonqs.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Sat, 05 Apr 2025 11:29:41 GMT
date: Sat, 05 Apr 2025 11:29:41 GMT
cache-control: private, max-age=86400
last-modified: Fri, 30 Aug 2024 12:29:19 GMT
etag: W/"5b599d2c8977aee06f5571576c89d0b7d3977c71e66d8dbe938d68e0e9e4816c"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

extpaypalupdatenonqs.blogspot.tw/

142.250.74.161

302 Found

87 kB

URL User Request GET
extpaypalupdatenonqs.blogspot.tw/
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type

Size
87 kB (87051 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET / HTTP/1.1
Host: extpaypalupdatenonqs.blogspot.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://extpaypalupdatenonqs.blogspot.com/
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Sat, 05 Apr 2025 11:29:37 GMT
expires: Sat, 05 Apr 2025 11:29:37 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 205
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

resources.blogblog.com/blogblog/data/res/2972702912-indie_compiled.js

172.217.21.169

200 OK

140 kB

URL GET
resources.blogblog.com/blogblog/data/res/2972702912-indie_compiled.js
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint75:81:08:06:F2:E8:44:58:B6:62:59:16:53:40:E8:D8:6E:3C:DB:EB
ValidityThu, 20 Mar 2025 11:18:25 GMT - Thu, 12 Jun 2025 11:18:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2044)
Size
140 kB (140252 bytes)
Hash
55f18ae22400e0d965af0401ea413bb9
19972e7034d144142619e6e9615e5cca58a75ef9
90caacd3cbb6027fd379e46681bd4e20a4bc8b63410f53a36a4bae20f43fe507

HTTP Headers

GET /blogblog/data/res/2972702912-indie_compiled.js HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 48045
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 31 Mar 2025 02:13:32 GMT
expires: Mon, 07 Apr 2025 02:13:32 GMT
cache-control: public, max-age=604800
last-modified: Mon, 31 Mar 2025 00:56:43 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 465367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://extpaypalupdatenonqs.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 10:03:46 GMT
expires: Fri, 03 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 177953
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

extpaypalupdatenonqs.blogspot.com/js/cookienotice.js

142.250.178.33

200 OK

6.5 kB

URL GET
extpaypalupdatenonqs.blogspot.com/js/cookienotice.js
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type
JavaScript source, ASCII text, with very long lines (6697), with no line terminators
Size
6.5 kB (6513 bytes)
Hash
58fae8c90b64305d219093c844ee9dea
f47708279a9fd6051380766656d03b4dbf450262
8e6cc498f85167b53b3e1b0937d0764b7c2753214e2365570481b750638a6f64

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: extpaypalupdatenonqs.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Sat, 05 Apr 2025 11:29:39 GMT
expires: Sat, 12 Apr 2025 11:29:39 GMT
cache-control: public, max-age=604800
last-modified: Fri, 04 Apr 2025 16:58:42 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.blogger.com/static/v1/widgets/2806328968-widgets.js

142.250.178.73

200 OK

146 kB

URL GET
www.blogger.com/static/v1/widgets/2806328968-widgets.js
IP
142.250.178.73:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint75:81:08:06:F2:E8:44:58:B6:62:59:16:53:40:E8:D8:6E:3C:DB:EB
ValidityThu, 20 Mar 2025 11:18:25 GMT - Thu, 12 Jun 2025 11:18:24 GMT

File type
JavaScript source, ASCII text, with very long lines (4033)
Size
146 kB (146309 bytes)
Hash
1f6bb90276fe485f7adedfab4c1bef30
67cc30dd51882f997bb883c392dbc1ee2059bbd3
77380e8e21962e27a5f94b678ec3924338f5bca6f4345335ff112d71fcf43fb8

HTTP Headers

GET /static/v1/widgets/2806328968-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 51699
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Apr 2025 03:05:12 GMT
expires: Thu, 02 Apr 2026 03:05:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 02 Apr 2025 01:18:39 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 289467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

extpaypalupdatenonqs.blogspot.com/responsive/sprite_v1_6.css.svg

142.250.178.33

200 OK

7.7 kB

URL GET
extpaypalupdatenonqs.blogspot.com/responsive/sprite_v1_6.css.svg
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type
SVG Scalable Vector Graphics image
Size
7.7 kB (7658 bytes)
Hash
6de671c002461719a7543c84101a5463
23dbdcea3459e88d3078673869b6959c28682c2f
fa25711af4e70cfd7fad88aeb7adfdf06b98ecd856831660f3379262a9f456b4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /responsive/sprite_v1_6.css.svg HTTP/1.1
Host: extpaypalupdatenonqs.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: image/svg+xml
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2244
date: Sat, 05 Apr 2025 11:29:39 GMT
expires: Sat, 12 Apr 2025 11:29:39 GMT
cache-control: public, max-age=604800
last-modified: Fri, 04 Apr 2025 22:53:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

extpaypalupdatenonqs.blogspot.com/

142.250.178.33

200 OK

87 kB

URL User Request GET
extpaypalupdatenonqs.blogspot.com/
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type

Size
87 kB (87051 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET / HTTP/1.1
Host: extpaypalupdatenonqs.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 05 Apr 2025 11:29:38 GMT
date: Sat, 05 Apr 2025 11:29:38 GMT
cache-control: private, max-age=0
last-modified: Fri, 30 Aug 2024 12:29:19 GMT
etag: W/"5b599d2c8977aee06f5571576c89d0b7d3977c71e66d8dbe938d68e0e9e4816c"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 17144
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js

142.250.74.99

200 OK

12 kB

URL GET
www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://extpaypalupdatenonqs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type

Size
12 kB (11802 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /external_hosted/clipboardjs/clipboard.min.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://extpaypalupdatenonqs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3475
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Apr 2025 11:29:39 GMT
expires: Sat, 05 Apr 2025 11:29:39 GMT
cache-control: public, max-age=0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers