Report - egkkfs.blogspot.al/

Report Overview

Visited public
2025-04-04 03:01:50
Tags
URL
egkkfs.blogspot.al/
Finishing URL
jmp1.ru/20219/link188/source/campaign-ads/
IP / ASN
142.250.178.65
#15169 GOOGLE
Title
Kra39.cc - Даркнет: Заказ наркотиков через Kraken | Актуальные зеркала и ссылки

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
egkkfs.blogspot.com	unknown	2000-07-31	2025-04-04	2025-04-04	919 B	37 kB	142.250.178.97
apis.google.com	105	1997-09-15	2013-05-06	2025-04-02	422 B	65 kB	142.250.74.110
jmp1.ru	unknown	2023-01-17	2017-02-02	2025-04-04	4.0 kB	426 kB	188.114.96.1
egkkfs.blogspot.al	unknown	unknown	2025-04-04	2025-04-04	487 B	30 kB	142.250.178.97
www.blogger.com	8975	1999-06-22	2012-05-22	2025-04-03	915 B	184 kB	172.217.21.169

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-04	medium	egkkfs.blogspot.al	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	egkkfs.blogspot.com/	ScriptElement	67 B	2025-04-04	2025-04-04
Pretty URL egkkfs.blogspot.com/ IP 142.250.178.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-04 03:00 Last Seen2025-04-04 03:01 Times Seen2 Hash 3456a416a9bef4f49ab7a6b76e53391d c48a85bab3e6e8e8fea4d12b08e160877ac1872f f79c0af1f5de11c58dca9675bea56c8bb84594c16f7358c6ac8b8edaf21f8e82 Loading...

	jmp1.ru/20219/link188/source/campaign-ads/	ScriptElement	1.1 kB	2025-04-04	2025-04-04
Pretty URL jmp1.ru/20219/link188/source/campaign-ads/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-04 02:34 Last Seen2025-04-04 03:01 Times Seen7 Hash bc25ffe2c08aecc5b0af720cc1f377e6 a482a0de677585dd1f8b89c18fc670ece1866ec2 ffa11eb48e520b5aedc549703942d79333464f990515cdccae482c9fe95f21a3 Loading...

HTTP Transactions (14)

URL IP Response Size

jmp1.ru/templates/KRAKEN_CAP/img/logo.webp

188.114.96.1

200 OK

23 kB

URL GET
jmp1.ru/templates/KRAKEN_CAP/img/logo.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
RIFF (little-endian) data
Size
23 kB (22799 bytes)
Hash
3c4e14a24b5172887fd98e17e0e41b18
fc922734973ffb0d2ceee9ce85dfa41ac2cd11fc
6fe4a0478641418f475589f6d5245a12e4c65af4313d2c391111333bbdd19bac

HTTP Headers

GET /templates/KRAKEN_CAP/img/logo.webp HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/20219/link188/source/campaign-ads/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: text/html; charset=utf-8
server: cloudflare
age: 1659
cache-control: max-age=14400
cf-cache-status: HIT
last-modified: Fri, 04 Apr 2025 02:33:51 GMT
priority: u=4,i=?0
content-encoding: br
cf-ray: 92ad8fc84a3d5689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

jmp1.ru/templates/KRAKEN_CAP/img/favicon.ico

188.114.96.1

200 OK

1.2 kB

URL GET
jmp1.ru/templates/KRAKEN_CAP/img/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
8b49caf1ff0717a2b01e3da803e2ef2a
90b0e92c2251150d6b5d1038842208f9ceeb407f
2c195444f7cb1c9023cf1ca7c0d52cb6d116d22b4c96453b12ca356daf77cb65

HTTP Headers

GET /templates/KRAKEN_CAP/img/favicon.ico HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/20219/link188/source/campaign-ads/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:32 GMT
content-type: image/x-icon
server: cloudflare
etag: W/1534745331
cache-control: max-age=14400
cf-cache-status: HIT
age: 1660
priority: u=6,i=?0
content-encoding: br
cf-ray: 92ad8fcb3b915689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

egkkfs.blogspot.al/

142.250.178.97

302 Found

30 kB

URL User Request GET
egkkfs.blogspot.al/
IP
142.250.178.97:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintEE:A5:D6:A7:7C:19:95:69:19:BA:C1:C3:58:8B:D0:60:33:9E:21:A8
ValidityMon, 10 Mar 2025 08:36:41 GMT - Mon, 02 Jun 2025 08:36:40 GMT

File type

Size
30 kB (29452 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: egkkfs.blogspot.al
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://egkkfs.blogspot.com/
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Fri, 04 Apr 2025 03:01:27 GMT
expires: Fri, 04 Apr 2025 03:01:27 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 195
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/2806328968-widgets.js

172.217.21.169

200 OK

146 kB

URL GET
www.blogger.com/static/v1/widgets/2806328968-widgets.js
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://egkkfs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
JavaScript source, ASCII text, with very long lines (4033)
Size
146 kB (146309 bytes)
Hash
1f6bb90276fe485f7adedfab4c1bef30
67cc30dd51882f997bb883c392dbc1ee2059bbd3
77380e8e21962e27a5f94b678ec3924338f5bca6f4345335ff112d71fcf43fb8

HTTP Headers

GET /static/v1/widgets/2806328968-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://egkkfs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 51699
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Apr 2025 02:37:11 GMT
expires: Thu, 02 Apr 2026 02:37:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 02 Apr 2025 01:18:39 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 174259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jmp1.ru/templates/KRAKEN_CAP/styles/style.css

188.114.96.1

200 OK

7.4 kB

URL GET
jmp1.ru/templates/KRAKEN_CAP/styles/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
ASCII text, with very long lines (8298), with no line terminators
Size
7.4 kB (7386 bytes)
Hash
1fca4003f9defeff2ca215124b645f8b
87afd5efbd068eb6761d15f19e25f9b6ef9df77a
8a171762d964654389dff63d3bfce0b493edbe8b39efd6610d6d1360e7a1e432

HTTP Headers

GET /templates/KRAKEN_CAP/styles/style.css HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/20219/link188/source/campaign-ads/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: text/css; charset=utf-8
server: cloudflare
etag: W/1982591531
cache-control: max-age=14400
cf-cache-status: HIT
age: 1660
priority: u=2,i=?0
content-encoding: br
cf-ray: 92ad8fc82a285689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

jmp1.ru/PARSE/DATA/IMAGES/24861064801_kraken-onion-vojti.jpg

188.114.96.1

200 OK

41 kB

URL GET
jmp1.ru/PARSE/DATA/IMAGES/24861064801_kraken-onion-vojti.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85", baseline, precision 8, 600x400, components 3
Size
41 kB (41126 bytes)
Hash
c543368fff96a963dcfe8c28626ee505
0232a3ac90369b23c051d97d90ee8c50ed049669
88a8aa383a411524daaf2f6fe74547ec20cc5e1f0748a861cc6425b39852000c

HTTP Headers

GET /PARSE/DATA/IMAGES/24861064801_kraken-onion-vojti.jpg HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/20219/link188/source/campaign-ads/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: image/jpeg
server: cloudflare
etag: W/2290576290
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
cf-ray: 92ad8fc83a305689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

jmp1.ru/PARSE/DATA/IMAGES/19748162551_kak-polzovatsja-sajtom-gidra.jpg

188.114.96.1

200 OK

31 kB

URL GET
jmp1.ru/PARSE/DATA/IMAGES/19748162551_kak-polzovatsja-sajtom-gidra.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85", baseline, precision 8, 600x400, components 3
Size
31 kB (30968 bytes)
Hash
4502e6a35caafd5762e3b5d045eeb9fe
7f92b95daeff6c283167fb857839ed742a93687e
162e6452fb8bfa9fb0b0c8dc193d20ab18d053b31a1d26743e22ab7e0c991a30

HTTP Headers

GET /PARSE/DATA/IMAGES/19748162551_kak-polzovatsja-sajtom-gidra.jpg HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/20219/link188/source/campaign-ads/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: image/jpeg
etag: W/310571695
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gfWVga%2FooSsZ9Wgsybbqnmqcmf0JCHOC9dQ6k2fm%2FZKEZrJaHLk4jzvQY22D5xP0gQZzEt%2FdFsoFNgXbihXvwF5SSS1crlkxfXLCjV%2F45dSjTsSXpoe3mDJi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92ad8fc84a3a5689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4484&min_rtt=918&rtt_var=4560&sent=154&recv=21&lost=0&retrans=0&sent_bytes=158858&recv_bytes=3251&delivery_rate=6742524&cwnd=90000&unsent_bytes=0&cid=6aa56b2919bf10ea&ts=689&x=1", cfExtPri, cfHdrFlush;dur=0

egkkfs.blogspot.com/js/cookienotice.js

142.250.178.97

200 OK

6.5 kB

URL GET
egkkfs.blogspot.com/js/cookienotice.js
IP
142.250.178.97:443
ASN
#15169 GOOGLE

Requested by
https://egkkfs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintEE:A5:D6:A7:7C:19:95:69:19:BA:C1:C3:58:8B:D0:60:33:9E:21:A8
ValidityMon, 10 Mar 2025 08:36:41 GMT - Mon, 02 Jun 2025 08:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (6697), with no line terminators
Size
6.5 kB (6513 bytes)
Hash
58fae8c90b64305d219093c844ee9dea
f47708279a9fd6051380766656d03b4dbf450262
8e6cc498f85167b53b3e1b0937d0764b7c2753214e2365570481b750638a6f64

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: egkkfs.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://egkkfs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Apr 2025 03:00:31 GMT
expires: Fri, 11 Apr 2025 03:00:31 GMT
cache-control: public, max-age=604800
last-modified: Thu, 03 Apr 2025 10:56:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 59
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

jmp1.ru/templates/KRAKEN_CAP/fonts/Montserrat-Regular.ttf

188.114.96.1

200 OK

198 kB

URL GET
jmp1.ru/templates/KRAKEN_CAP/fonts/Montserrat-Regular.ttf
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", name offset 0x5200016d
Size
198 kB (197976 bytes)
Hash
5f72a800c0699be01bf0359713a8b2da
fbbda4cd9c07481c558ae9683c927b455892afc9
630f8ae712b7b6328e6ddeeddfc6e024a813091840f2021c40b4792fe0595fd4

HTTP Headers

GET /templates/KRAKEN_CAP/fonts/Montserrat-Regular.ttf HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/templates/KRAKEN_CAP/styles/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-cache-status: HIT
age: 1659
last-modified: Fri, 04 Apr 2025 02:33:52 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q2h6zXw3x2oJzdWDDyO1jiKr%2BYvNmkrmLlMWTpu3aFHStbMB5kCksSj2%2F8PVPIOa3aSHblPFD%2F5joLboc%2BqQdsOJzccGor6bAW1YCMDbr19NLHFxxC5WkiKO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92ad8fc99aeb5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6150&min_rtt=918&rtt_var=5068&sent=55&recv=16&lost=0&retrans=0&sent_bytes=44109&recv_bytes=3024&delivery_rate=1727845&cwnd=24000&unsent_bytes=0&cid=6aa56b2919bf10ea&ts=508&x=1", cfExtPri, cfHdrFlush;dur=3

egkkfs.blogspot.com/

142.250.178.97

200 OK

30 kB

URL User Request GET
egkkfs.blogspot.com/
IP
142.250.178.97:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintEE:A5:D6:A7:7C:19:95:69:19:BA:C1:C3:58:8B:D0:60:33:9E:21:A8
ValidityMon, 10 Mar 2025 08:36:41 GMT - Mon, 02 Jun 2025 08:36:40 GMT

File type

Size
30 kB (29452 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: egkkfs.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Fri, 04 Apr 2025 03:01:29 GMT
date: Fri, 04 Apr 2025 03:01:29 GMT
cache-control: private, max-age=0
last-modified: Wed, 11 Sep 2024 14:37:28 GMT
etag: W/"27ad9e7e894f4a3e6c1b44d5a32c2f835197cfa83a3968bb6bf1e18b196aea8e"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 7747
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

172.217.21.169

200 OK

36 kB

URL GET
www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://egkkfs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
ASCII text, with very long lines (35959)
Size
36 kB (35960 bytes)
Hash
1e32420a7b6ddbdcb7def8b3141c4d1e
a1be54d42ff1f95244c9653539f90318f5bc0580
a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2

HTTP Headers

GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://egkkfs.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Apr 2025 17:55:45 GMT
expires: Fri, 03 Apr 2026 17:55:45 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 03 Apr 2025 15:54:58 GMT
content-type: text/css
vary: Accept-Encoding
age: 32745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/js/platform.js

142.250.74.110

200 OK

64 kB

URL GET
apis.google.com/js/platform.js
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://egkkfs.blogspot.com/
Certificate
IssuerGoogle Trust Services
Subject*.apis.google.com
Fingerprint0F:74:56:17:68:7A:52:CA:F8:05:9C:EC:1E:6E:4C:12:3A:9A:6C:A9
ValidityMon, 10 Mar 2025 08:37:51 GMT - Mon, 02 Jun 2025 08:37:50 GMT

File type
JavaScript source, ASCII text, with very long lines (1863)
Size
64 kB (64240 bytes)
Hash
a10d5d12a3e433e8e5f7babdf44869d0
24fcca2e68f5484023728989d7b09bfa10bff9e1
31caaf7eba748feb06dfcf722f5e4a466bb3522ee596443b8ba6a63d2876e25f

HTTP Headers

GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://egkkfs.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 24165
date: Fri, 04 Apr 2025 03:01:30 GMT
expires: Fri, 04 Apr 2025 03:01:30 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "43cfb061bc5ea6c2"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jmp1.ru/20219/link188/source/campaign-ads/

188.114.96.1

200 OK

43 kB

URL User Request GET
jmp1.ru/20219/link188/source/campaign-ads/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type

Size
43 kB (42975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /20219/link188/source/campaign-ads/ HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: text/html; charset=utf-8
server: cloudflare
vary: accept-encoding
referer: 
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 92ad8fc29ca8b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

jmp1.ru/templates/KRAKEN_CAP/fonts/Goldman-Regular.ttf

188.114.96.1

200 OK

77 kB

URL GET
jmp1.ru/templates/KRAKEN_CAP/fonts/Goldman-Regular.ttf
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jmp1.ru/20219/link188/source/campaign-ads/
Certificate
IssuerGoogle Trust Services
Subjectjmp1.ru
Fingerprint42:09:DF:AB:57:C8:1A:B4:55:D5:39:29:4C:C5:12:FF:44:55:72:E1
ValidityFri, 28 Feb 2025 08:25:55 GMT - Thu, 29 May 2025 09:24:45 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", name offset 0xa9000005
Size
77 kB (77276 bytes)
Hash
a46de11151df704939107617999a4d7f
a54569b16f2f9ba2fcf23c42810860483c22c5c9
69307446f5aaa5e84bb5c07156e4244d65dc64bffde8877a470e8ae446f3c9f0

HTTP Headers

GET /templates/KRAKEN_CAP/fonts/Goldman-Regular.ttf HTTP/1.1
Host: jmp1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmp1.ru/templates/KRAKEN_CAP/styles/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 04 Apr 2025 03:01:31 GMT
content-type: text/html; charset=utf-8
age: 1659
cache-control: max-age=14400
cf-cache-status: HIT
last-modified: Fri, 04 Apr 2025 02:33:52 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0yg4jwCjVw%2B3rl9EJtLLWWBDfonPQ7UrwZcmmSBE2wkv7e5qKr9UDtClZZ6QbcaCS1ZZOUxtFnllMSmW38grPWVzao3v9Mr2abBSx6K0pEHpH0gvxuDDoDtV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92ad8fc98ade5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6150&min_rtt=918&rtt_var=5068&sent=34&recv=15&lost=0&retrans=0&sent_bytes=20083&recv_bytes=2673&delivery_rate=1727845&cwnd=24000&unsent_bytes=0&cid=6aa56b2919bf10ea&ts=492&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash