Report - ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/

Report Overview

Visited public
2023-12-05 11:45:37
Tags
URL
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Finishing URL
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
IP / ASN
47.88.48.79
#45102 Alibaba US Technology Co., Ltd.
Title
Portfolio Immanuel Mark

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.drv.tw	unknown	2017-12-20	2018-01-19 15:16:46	2023-11-22 15:26:14	447 B	96 kB	20.50.153.39
doc-00-c0-docs.googleusercontent.com	366737	unknown	No data	No data	667 B	982 kB	142.250.74.97
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-05 06:24:59	1.4 kB	427 kB	142.250.74.168
drive.google.com	321	1997-09-15	2012-10-03 09:10:02	2023-12-05 04:27:00	2.4 kB	8.3 kB	142.250.74.142
doc-0k-c0-docs.googleusercontent.com	349371	2008-11-17	2013-11-08 15:40:03	2023-07-21 22:13:57	653 B	671 kB	142.250.74.97
doc-08-c0-docs.googleusercontent.com	395126	2008-11-17	2014-11-12 06:41:57	2023-05-15 10:57:19	667 B	224 kB	142.250.74.97
doc-0g-c0-docs.googleusercontent.com	328343	2008-11-17	2015-01-18 23:07:48	2023-12-04 03:51:25	667 B	84 kB	142.250.74.97
source.unsplash.com	74985	2013-05-29	2017-01-30 07:51:41	2023-12-05 02:35:45	1.4 kB	5.2 kB	3.220.57.224
images.unsplash.com	4519	2013-05-29	2015-08-06 08:03:25	2023-12-04 09:13:46	2.1 kB	34 kB	151.101.246.208
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw	unknown	unknown	No data	No data	7.1 kB	1.6 MB	47.88.48.79
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-12-05 05:55:22	597 B	578 B	142.250.74.163
doc-10-c0-docs.googleusercontent.com	353431	2008-11-17	2015-01-16 09:41:48	2023-07-21 22:13:57	667 B	317 kB	142.250.74.97
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-12-05 05:10:23	797 B	465 B	216.239.32.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed
2023-12-05	medium	drv.tw	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 21:22 Times Seen341206 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-LHL0SH0Z7S&l=dataLayer&cx=c	ScriptElement	292 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-LHL0SH0Z7S&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 12:45 Last Seen2023-12-05 12:45 Times Seen1 Hash 11e9744a954f6ae2aa1e220e1fb4ec64 ebe661230ce60c1d11b18339eab28f80279dfa2c 10317030e575c3c143c5c46b158eebc141c24cc026e215fed87b75db7173da0b Loading...

	www.drv.tw/inc/wd.js?s=ho9q3sgh6ztgzrapvsrvzg	ScriptElement	690 B	2023-03-07	2025-04-21
Pretty URL www.drv.tw/inc/wd.js?s=ho9q3sgh6ztgzrapvsrvzg IP 20.50.153.39 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12 Last Seen2025-04-21 11:12 Times Seen80 Hash f057198986863ece3157c91696b93e74 3f2de7cdc5cd16df803ba1cf6c6902d10ad15166 4f33b00ff60ba75c03cfd1a1a5d0be37fb7bba6718ef54bf9898a53e1c72f87f Loading...

	www.googletagmanager.com/gtag/js?id=UA-85417367-1	ScriptElement	135 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85417367-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 12:45 Last Seen2023-12-05 12:45 Times Seen1 Hash b47cff0334d7a4c804c010dd11a5a9dc 2cab0886fe2a14a7da95a1a8d048ff4f20192c6a 976d59e3fa3621b60cf575552ad4a27e604d488b1d1c865f398b2b74cf64da60 Loading...

	ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 21:22 Times Seen342008 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=G-NBGQJBJMEG&l=dataLayer&cx=c	ScriptElement	223 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-NBGQJBJMEG&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 12:45 Last Seen2023-12-05 12:45 Times Seen1 Hash 7d6be9a5721ebb2885261106119cd16b 1c68417d11e93b96e3092db5a4aba142828d95a6 37884868025d37ff86f0337a5312b0ac56d124ff3cb4699f3aa1171cf25bac32 Loading...

	ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/	ScriptElement	279 B	2024-08-20	2024-08-20
Pretty URL ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/ IP 47.88.48.79 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash 9e61924e46235ae72e0bc757644ccb70 141adc29b6680ac91ad62acbaeea0c36eac4cd08 e827d7e26a97948c84d88226cae95e40abfb5d3774a7c5c5367b45236bd1b2c4 Loading...

	ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/js/script.js	ScriptElement	1.6 kB	2023-12-05	2023-12-05
Pretty URL ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/js/script.js IP 47.88.48.79 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 12:45 Last Seen2023-12-05 12:45 Times Seen1 Hash 0744fd0b502673e53bb2231210159266 7f6988a40b6c157a4d7a470a23f2706675c714d3 f84813b8638151b3f9dba0e37b32622edbcc65ba6ca35adc1c64b6791090bebe Loading...

HTTP Transactions (35)

URL IP Response Size

source.unsplash.com/360x200?programming

3.220.57.224

302 Found

380 B

URL GET HTTP/1.1
source.unsplash.com/360x200?programming
IP
3.220.57.224:443
ASN
#14618 AMAZON-AES

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectsource.unsplash.com
FingerprintE0:08:2A:72:34:1D:1D:9D:18:F8:88:A9:07:05:6A:91:15:F2:B9:73
ValidityThu, 23 Nov 2023 02:51:17 GMT - Wed, 21 Feb 2024 02:51:16 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (380), with no line terminators
Size
380 B (380 bytes)
Hash
16ec821c5cc48a401cf48046acde230b
79753d57752933557bb2d042fd5db0c69e32e70c
c330b8b50991539e565d80ae9d0bb0d01b5126bb247a658a3f06437052c81d13

HTTP Headers

GET /360x200?programming HTTP/1.1
Host: source.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Cowboy
Date: Tue, 05 Dec 2023 11:45:21 GMT
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701776721&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=OmSTo6rN%2FNTOeR8hV7E4bzlKgsHoFnBroQ19hUA2lAM%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701776721&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=OmSTo6rN%2FNTOeR8hV7E4bzlKgsHoFnBroQ19hUA2lAM%3D
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://images.unsplash.com/photo-1593720213428-28a5b9e94613?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8cHJvZ3JhbW1pbmd8fHx8fHwxNzAxNzc2NzIx&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
X-Request-Id: aa8b8428-aa4d-4354-b3e8-d3aa6af71a34
X-Runtime: 0.078518
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Transfer-Encoding: chunked
Via: 1.1 vegur

source.unsplash.com/360x200?coffee

3.220.57.224

302 Found

374 B

URL GET HTTP/1.1
source.unsplash.com/360x200?coffee
IP
3.220.57.224:443
ASN
#14618 AMAZON-AES

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectsource.unsplash.com
FingerprintE0:08:2A:72:34:1D:1D:9D:18:F8:88:A9:07:05:6A:91:15:F2:B9:73
ValidityThu, 23 Nov 2023 02:51:17 GMT - Wed, 21 Feb 2024 02:51:16 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (374), with no line terminators
Size
374 B (374 bytes)
Hash
dd51c851b77c0f62c4622204061ede2f
b62af9b2932333b14f3ffeb369b4439878f875af
740f221e6dd1d46cdd854c809c245c193db01c4216f20f30df81092c7630facd

HTTP Headers

GET /360x200?coffee HTTP/1.1
Host: source.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Cowboy
Date: Tue, 05 Dec 2023 11:45:20 GMT
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701776721&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=OmSTo6rN%2FNTOeR8hV7E4bzlKgsHoFnBroQ19hUA2lAM%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701776721&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=OmSTo6rN%2FNTOeR8hV7E4bzlKgsHoFnBroQ19hUA2lAM%3D
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://images.unsplash.com/photo-1493606278519-11aa9f86e40a?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8Y29mZmVlfHx8fHx8MTcwMTc3NjcyMQ&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
X-Request-Id: d551abbb-33b3-439f-9f48-dab97ef1eded
X-Runtime: 0.075789
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Transfer-Encoding: chunked
Via: 1.1 vegur

source.unsplash.com/360x200?mechanical+keyboard

3.220.57.224

302 Found

388 B

URL GET HTTP/1.1
source.unsplash.com/360x200?mechanical+keyboard
IP
3.220.57.224:443
ASN
#14618 AMAZON-AES

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectsource.unsplash.com
FingerprintE0:08:2A:72:34:1D:1D:9D:18:F8:88:A9:07:05:6A:91:15:F2:B9:73
ValidityThu, 23 Nov 2023 02:51:17 GMT - Wed, 21 Feb 2024 02:51:16 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (388), with no line terminators
Size
388 B (388 bytes)
Hash
402c62a50d09d41d1311572fd5edea71
3055c2bb78442b203776d62c15efced28b2d51a1
426bfb8611cff64517ba8e274951a4b9a18891e370b22b4c2aa42c42f66bc89a

HTTP Headers

GET /360x200?mechanical+keyboard HTTP/1.1
Host: source.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Cowboy
Date: Tue, 05 Dec 2023 11:45:21 GMT
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701776721&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=OmSTo6rN%2FNTOeR8hV7E4bzlKgsHoFnBroQ19hUA2lAM%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701776721&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=OmSTo6rN%2FNTOeR8hV7E4bzlKgsHoFnBroQ19hUA2lAM%3D
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://images.unsplash.com/photo-1560317620-1ba88ae56e7b?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8bWVjaGFuaWNhbCBrZXlib2FyZHx8fHx8fDE3MDE3NzY3MjE&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
X-Request-Id: 60bea393-0808-4d65-a1a3-3c2173cfcef9
X-Runtime: 0.127508
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Transfer-Encoding: chunked
Via: 1.1 vegur

images.unsplash.com/photo-1493606278519-11aa9f86e40a?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8Y29mZmVlfHx8fHx8MTcwMTc3NjcyMQ&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360

151.101.246.208

200 OK

3.4 kB

URL GET HTTP/2
images.unsplash.com/photo-1493606278519-11aa9f86e40a?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8Y29mZmVlfHx8fHx8MTcwMTc3NjcyMQ&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerCertainly
Subjectimages.unsplash.com
Fingerprint14:A0:40:5E:90:BD:D5:64:B3:93:21:82:89:6E:37:8B:0B:54:33:D6
ValidityWed, 29 Nov 2023 19:49:40 GMT - Fri, 29 Dec 2023 19:49:39 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x200, components 3\012- data
Size
3.4 kB (3356 bytes)
Hash
d8d1dd3b2ec63deb6d85445f245a75ea
d36ea83cbd79784066085cad4b70e47cc814e73b
5f7074ac2d6b3780a11096d38abb8ce0eb3d0b5e7eadba76a4dc13ebb557fa68

HTTP Headers

GET /photo-1493606278519-11aa9f86e40a?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8Y29mZmVlfHx8fHx8MTcwMTc3NjcyMQ&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 19 Nov 2023 03:56:28 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 9aaeaec1e22f1bb30b92c0fc3d61ed6852a0070e
x-imgix-render-farm: 01.140328
date: Tue, 05 Dec 2023 11:45:21 GMT
age: 1410533
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10040-SJC, cache-hel1410020-HEL
x-cache: HIT, MISS
content-length: 3356
X-Firefox-Spdy: h2

images.unsplash.com/photo-1560317620-1ba88ae56e7b?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8bWVjaGFuaWNhbCBrZXlib2FyZHx8fHx8fDE3MDE3NzY3MjE&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360

151.101.246.208

200 OK

16 kB

URL GET HTTP/2
images.unsplash.com/photo-1560317620-1ba88ae56e7b?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8bWVjaGFuaWNhbCBrZXlib2FyZHx8fHx8fDE3MDE3NzY3MjE&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerCertainly
Subjectimages.unsplash.com
Fingerprint14:A0:40:5E:90:BD:D5:64:B3:93:21:82:89:6E:37:8B:0B:54:33:D6
ValidityWed, 29 Nov 2023 19:49:40 GMT - Fri, 29 Dec 2023 19:49:39 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x200, components 3\012- data
Size
16 kB (16474 bytes)
Hash
678a2355bf98abf0dbd3f07db5efc69e
f25af375e57089abab38dc4b5738a3952ad590a7
ebc620678bc3629ac3d94b0762413b540d99427750785dcd7cffce4fe1b07405

HTTP Headers

GET /photo-1560317620-1ba88ae56e7b?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8bWVjaGFuaWNhbCBrZXlib2FyZHx8fHx8fDE3MDE3NzY3MjE&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sat, 04 Nov 2023 17:41:43 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: e7a6b5f8fb2f491c91cdaea463e904f33d55c7fe
x-imgix-render-farm: 01.140328
date: Tue, 05 Dec 2023 11:45:22 GMT
age: 2657019
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000089-SJC, cache-hel1410020-HEL
x-cache: HIT, MISS
content-length: 16474
X-Firefox-Spdy: h2

images.unsplash.com/photo-1593720213428-28a5b9e94613?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8cHJvZ3JhbW1pbmd8fHx8fHwxNzAxNzc2NzIx&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360

151.101.246.208

200 OK

13 kB

URL GET HTTP/2
images.unsplash.com/photo-1593720213428-28a5b9e94613?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8cHJvZ3JhbW1pbmd8fHx8fHwxNzAxNzc2NzIx&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360
IP
151.101.246.208:443
ASN
#54113 FASTLY

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerCertainly
Subjectimages.unsplash.com
Fingerprint14:A0:40:5E:90:BD:D5:64:B3:93:21:82:89:6E:37:8B:0B:54:33:D6
ValidityWed, 29 Nov 2023 19:49:40 GMT - Fri, 29 Dec 2023 19:49:39 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x200, components 3\012- data
Size
13 kB (12772 bytes)
Hash
1735af392668aafe1417e3f9350760d2
6387413ecc0deacf4eec6aee3ccdb962cb6b3a9b
94a9b27a09fb079878a25fa2fcc7b175882a5dff88eb65d018d68d7b06767af2

HTTP Headers

GET /photo-1593720213428-28a5b9e94613?crop=entropy&cs=tinysrgb&fit=crop&fm=jpg&h=200&ixid=MnwxfDB8MXxyYW5kb218MHx8cHJvZ3JhbW1pbmd8fHx8fHwxNzAxNzc2NzIx&ixlib=rb-4.0.3&q=80&utm_campaign=api-credit&utm_medium=referral&utm_source=unsplash_source&w=360 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 11:45:22 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 99009bc9467614ded3ffeda9efcafa0949e7c997
x-imgix-render-farm: 01.140328
date: Tue, 05 Dec 2023 11:45:22 GMT
age: 0
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc1000128-SJC, cache-hel1410020-HEL
x-cache: MISS, MISS
content-length: 12772
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/gojek.svg

47.88.48.79

200 OK

1.8 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/gojek.svg
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1110)
Size
1.8 kB (1804 bytes)
Hash
3db886240e8df02047fc8435853f3793
5a6156679a1dddf8bb42e527c7ed812a37afab45
bc796a4af006b68d0c46039af1ba0f4a1836cfe1f2477f4185175eac2554739f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/clients/gojek.svg HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:23 GMT
content-type: image/svg+xml
content-length: 1804
etag: 0BxTibChUREPgc24vd0U2TXc1Y0MwdmQ3bnBYbUVoTTdsdlNvPQ
last-modified: Fri, 08 Apr 2022 10:41:57 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
x-cache: BYPASS
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/google.svg

47.88.48.79

200 OK

1.9 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/google.svg
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1850)
Size
1.9 kB (1906 bytes)
Hash
e99543bb86794e15928d03e9b41bb3c8
66938eaaa4ff7c21ee6b7c3c5fefbc004ee6d7c9
a33a47a20c0ec6b0c13af43ae681bf73023e4a35f792cb055700e94d467f236d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/clients/google.svg HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:23 GMT
content-type: image/svg+xml
content-length: 1906
etag: 0BxTibChUREPgRmRSS2hrWktsMC9WbmN4RVFHZGZjZFUwRmtZPQ
last-modified: Fri, 08 Apr 2022 10:41:57 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
x-cache: BYPASS
X-Firefox-Spdy: h2

drive.google.com/uc?id=1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26

142.250.74.142

303 See Other

0 B

URL GET HTTP/2
drive.google.com/uc?id=1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uc?id=1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26 HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 11:45:26 GMT
location: https://doc-0k-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/kv9o20hg8fv09n43jqrsq0jt3skn148o/1701776700000/15757536139446839734/*/1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26?uuid=629aebc1-8604-4e9d-a2c3-66e8031ac2ad
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'nonce-frb9k-0RMzu7uxd5ZKRR8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

drive.google.com/uc?id=1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR

142.250.74.142

303 See Other

0 B

URL GET HTTP/2
drive.google.com/uc?id=1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uc?id=1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 11:45:26 GMT
location: https://doc-10-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/f8uud6a9mkaul66i0gkvh12boi4r417j/1701776700000/15757536139446839734/*/1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR?uuid=9791a19e-65a2-4b32-9a15-8e40ea587c2f
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'nonce-lBVLmxssRKox6FP5ix_yNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

drive.google.com/uc?id=1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP

142.250.74.142

303 See Other

0 B

URL GET HTTP/2
drive.google.com/uc?id=1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uc?id=1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 11:45:26 GMT
location: https://doc-08-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p8t338i9kdo762g66k9ld7nolt92ut34/1701776700000/15757536139446839734/*/1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP?uuid=f8c9514c-c53c-4477-ae7e-e09c256c3d66
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'nonce-7LQEFX2JLRiQYnaiHDN5vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

drive.google.com/uc?id=1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C

142.250.74.142

303 See Other

0 B

URL GET HTTP/2
drive.google.com/uc?id=1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uc?id=1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 11:45:26 GMT
location: https://doc-00-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lodjepgrl0vpl15bqtivuofha95fm17t/1701776700000/15757536139446839734/*/1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C?uuid=fda7cf89-be63-4f19-9728-f00c96c2660b
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'nonce-N48mla8armS_juoNYPTkKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

doc-0k-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/kv9o20hg8fv09n43jqrsq0jt3skn148o/1701776700000/15757536139446839734/*/1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26?uuid=629aebc1-8604-4e9d-a2c3-66e8031ac2ad

142.250.74.97

200 OK

667 kB

URL GET HTTP/2
doc-0k-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/kv9o20hg8fv09n43jqrsq0jt3skn148o/1701776700000/15757536139446839734/*/1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26?uuid=629aebc1-8604-4e9d-a2c3-66e8031ac2ad
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 2046 x 901, 8-bit/color RGBA, non-interlaced\012- data
Size
667 kB (666564 bytes)
Hash
fd12c2dd70b542f809f1a962cf00ae30
87da0d5055fb06d68e26b4c90b4656457a3f9361
b2252f2f64ef1486619d8789d2ee45cc4566bcb5a086303058076096adefd477

HTTP Headers

GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/kv9o20hg8fv09n43jqrsq0jt3skn148o/1701776700000/15757536139446839734/*/1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26?uuid=629aebc1-8604-4e9d-a2c3-66e8031ac2ad HTTP/1.1
Host: doc-0k-c0-docs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPq22jNj3z4x4fB3__vi9Cx_dasZIEqEARwgi59bd12vKFcvoBXplmXaOK0ut9k2C2JAMugM1Oyd2h15VbCXKp8Dxw
x-content-type-options: nosniff
content-type: image/png
content-disposition: inline; filename="websitenoel.png"; filename*=UTF-8''websitenoel.png
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
content-length: 666564
last-modified: Tue, 05 Dec 2023 08:28:39 GMT
date: Tue, 05 Dec 2023 11:45:26 GMT
expires: Tue, 05 Dec 2023 11:45:26 GMT
cache-control: private, max-age=0
x-goog-hash: crc32c=ozpMkQ==
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

doc-08-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p8t338i9kdo762g66k9ld7nolt92ut34/1701776700000/15757536139446839734/*/1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP?uuid=f8c9514c-c53c-4477-ae7e-e09c256c3d66

142.250.74.97

200 OK

219 kB

URL GET HTTP/2
doc-08-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p8t338i9kdo762g66k9ld7nolt92ut34/1701776700000/15757536139446839734/*/1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP?uuid=f8c9514c-c53c-4477-ae7e-e09c256c3d66
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1901 x 903, 8-bit/color RGBA, non-interlaced\012- data
Size
219 kB (219141 bytes)
Hash
51e415e52d26a3e728ca225f71093fd9
5dfdf40a4102ac153de5afcf6490b6d5aa6144da
a2e231a4938c762971b7477e9abaac774e3d0ff29c749836a34c2899e4d284d4

HTTP Headers

GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p8t338i9kdo762g66k9ld7nolt92ut34/1701776700000/15757536139446839734/*/1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP?uuid=f8c9514c-c53c-4477-ae7e-e09c256c3d66 HTTP/1.1
Host: doc-08-c0-docs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPoY--oRZFJX-InS4CCerbwlaponXdRGoUky6XdDyqOfxTfDtQvunQBW0tD2sMlJBVGc8BY
x-content-type-options: nosniff
content-type: image/png
content-disposition: inline; filename="marketplace.png"; filename*=UTF-8''marketplace.png
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
content-length: 219141
last-modified: Tue, 05 Dec 2023 08:28:39 GMT
date: Tue, 05 Dec 2023 11:45:27 GMT
expires: Tue, 05 Dec 2023 11:45:27 GMT
cache-control: private, max-age=0
x-goog-hash: crc32c=Mue34g==
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

doc-10-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/f8uud6a9mkaul66i0gkvh12boi4r417j/1701776700000/15757536139446839734/*/1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR?uuid=9791a19e-65a2-4b32-9a15-8e40ea587c2f

142.250.74.97

200 OK

312 kB

URL GET HTTP/2
doc-10-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/f8uud6a9mkaul66i0gkvh12boi4r417j/1701776700000/15757536139446839734/*/1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR?uuid=9791a19e-65a2-4b32-9a15-8e40ea587c2f
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1012 x 569, 8-bit/color RGBA, non-interlaced\012- data
Size
312 kB (312392 bytes)
Hash
a4dda308ee2208a5170b7898e82113e0
6c9e9f9c359d637c4f94694a30b77ae51595c829
2eb76a60e41feb4c62c87a22ee72ea74512d1a6679e29633f65642a8199fb754

HTTP Headers

GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/f8uud6a9mkaul66i0gkvh12boi4r417j/1701776700000/15757536139446839734/*/1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR?uuid=9791a19e-65a2-4b32-9a15-8e40ea587c2f HTTP/1.1
Host: doc-10-c0-docs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPqIORIzjgFGCemSi46FeQMChKUzwr5BicY501UgFKAp0jy_xYXyBH0X7Nhy9LqLXcxKzT8
x-content-type-options: nosniff
content-type: image/png
content-disposition: inline; filename="cafe.png"; filename*=UTF-8''cafe.png
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
content-length: 312392
last-modified: Tue, 05 Dec 2023 08:28:39 GMT
date: Tue, 05 Dec 2023 11:45:27 GMT
expires: Tue, 05 Dec 2023 11:45:27 GMT
cache-control: private, max-age=0
x-goog-hash: crc32c=5ZImlw==
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

doc-00-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lodjepgrl0vpl15bqtivuofha95fm17t/1701776700000/15757536139446839734/*/1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C?uuid=fda7cf89-be63-4f19-9728-f00c96c2660b

142.250.74.97

200 OK

978 kB

URL GET HTTP/2
doc-00-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lodjepgrl0vpl15bqtivuofha95fm17t/1701776700000/15757536139446839734/*/1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C?uuid=fda7cf89-be63-4f19-9728-f00c96c2660b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1810 x 842, 8-bit/color RGBA, non-interlaced\012- data
Size
978 kB (977616 bytes)
Hash
f689e0b61c13c7914845a7f327913b84
5715acc6c84398976a8c0e30a659a44a38e81779
5aa63a12300a416a91c992059287d5de5a56902689b028c3bbd5f5e587cb3227

HTTP Headers

GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lodjepgrl0vpl15bqtivuofha95fm17t/1701776700000/15757536139446839734/*/1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C?uuid=fda7cf89-be63-4f19-9728-f00c96c2660b HTTP/1.1
Host: doc-00-c0-docs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-guploader-uploadid: ABPtcProgj6ErT5CNobRxvjTwmL6pWwkAuENxFbeg2iVoMF5U0l8t22KKgUOwpnTkcFaEKl0s4c
x-content-type-options: nosniff
content-type: image/png
content-disposition: inline; filename="company.png"; filename*=UTF-8''company.png
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
content-length: 977616
last-modified: Tue, 05 Dec 2023 08:28:37 GMT
date: Tue, 05 Dec 2023 11:45:27 GMT
expires: Tue, 05 Dec 2023 11:45:27 GMT
cache-control: private, max-age=0
x-goog-hash: crc32c=G2ccOw==
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/js/script.js

47.88.48.79

200 OK

1.6 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/js/script.js
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
ASCII text
Size
1.6 kB (1563 bytes)
Hash
0744fd0b502673e53bb2231210159266
7f6988a40b6c157a4d7a470a23f2706675c714d3
f84813b8638151b3f9dba0e37b32622edbcc65ba6ca35adc1c64b6791090bebe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/js/script.js HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:30 GMT
content-type: text/javascript
content-length: 1563
etag: 0BxTibChUREPgR1h0YmsvTGxZVEdLYTdZQk9ybWx2NWt5SEZvPQ
last-modified: Fri, 08 Apr 2022 10:41:57 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
x-cache: BYPASS
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-85417367-1

142.250.74.168

200 OK

52 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85417367-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51688 bytes)
Hash
b47cff0334d7a4c804c010dd11a5a9dc
2cab0886fe2a14a7da95a1a8d048ff4f20192c6a
976d59e3fa3621b60cf575552ad4a27e604d488b1d1c865f398b2b74cf64da60

HTTP Headers

GET /gtag/js?id=UA-85417367-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 11:45:30 GMT
expires: Tue, 05 Dec 2023 11:45:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51688
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-NBGQJBJMEG&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-NBGQJBJMEG&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (3120)
Size
81 kB (81448 bytes)
Hash
7d6be9a5721ebb2885261106119cd16b
1c68417d11e93b96e3092db5a4aba142828d95a6
37884868025d37ff86f0337a5312b0ac56d124ff3cb4699f3aa1171cf25bac32

HTTP Headers

GET /gtag/js?id=G-NBGQJBJMEG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 11:45:30 GMT
expires: Tue, 05 Dec 2023 11:45:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81448
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.drv.tw/inc/wd.js?s=ho9q3sgh6ztgzrapvsrvzg

20.50.153.39

200 OK

96 kB

URL GET HTTP/2
www.drv.tw/inc/wd.js?s=ho9q3sgh6ztgzrapvsrvzg
IP
20.50.153.39:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerDigiCert, Inc.
Subjectwww.drv.tw
FingerprintCA:04:59:4A:C7:19:12:12:2B:87:D0:87:4F:3C:38:78:8E:BA:3D:C5
ValidityMon, 31 Jul 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (690), with no line terminators
Size
96 kB (95910 bytes)
Hash
f057198986863ece3157c91696b93e74
3f2de7cdc5cd16df803ba1cf6c6902d10ad15166
4f33b00ff60ba75c03cfd1a1a5d0be37fb7bba6718ef54bf9898a53e1c72f87f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /inc/wd.js?s=ho9q3sgh6ztgzrapvsrvzg HTTP/1.1
Host: www.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
date: Tue, 05 Dec 2023 11:45:21 GMT
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=30
content-encoding: br
etag: "55789111"
last-modified: Sun, 29 May 2022 11:24:13 GMT
vary: Accept-Encoding
strict-transport-security: max-age=10886400; includeSubDomains; preload
referrer-policy: same-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-dns-prefetch-control: off
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/websitenoel.png

47.88.48.79

302 Found

472 B

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/websitenoel.png
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
data
Size
472 B (472 bytes)
Hash
20d2916ba81f344ccac8595c12b3bf83
b4457bfdc8a5dd7050e78a8b9718db0c21878cd9
3dc7054bbcbea3019e82df4468bc3bf141d155e0f8d5057b1fd62e3a0502ce0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/portfolio/websitenoel.png HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:22 GMT
content-type: text/html
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih
etag: 0BxTibChUREPgVG54U0thTkxPMDJ0ZnJZK3FVNDdlZkVrTTBRPQ
last-modified: Tue, 11 Jul 2023 08:24:07 GMT
location: https://drive.google.com/uc?id=1jJ-n6PiwNntC_HDhUciPNSaeqNbTfK26
cache-control: public, s-maxage=604800, max-age=604800
x-d2w-target-length: 666564
x-cache: BYPASS
X-Firefox-Spdy: h2

drive.google.com/uc?id=1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp

142.250.74.142

303 See Other

0 B

URL GET HTTP/3
drive.google.com/uc?id=1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uc?id=1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 303 See Other
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 11:45:31 GMT
location: https://doc-0g-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/63em0t3cjgcs328coqvvf1v2odcica5n/1701776700000/15757536139446839734/*/1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp?uuid=4ecbb6b0-aa7e-4fe0-b059-71871d25fa5b
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'nonce-HkJYIThrdzvBhLsX2lW08g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LHL0SH0Z7S&cid=1818588275.1701776737&gtm=45je3bt0v898224655&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=641447282

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LHL0SH0Z7S&cid=1818588275.1701776737&gtm=45je3bt0v898224655&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=641447282
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LHL0SH0Z7S&cid=1818588275.1701776737&gtm=45je3bt0v898224655&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=641447282 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 11:45:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

doc-0g-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/63em0t3cjgcs328coqvvf1v2odcica5n/1701776700000/15757536139446839734/*/1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp?uuid=4ecbb6b0-aa7e-4fe0-b059-71871d25fa5b

142.250.74.97

200 OK

80 kB

URL GET HTTP/3
doc-0g-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/63em0t3cjgcs328coqvvf1v2odcica5n/1701776700000/15757536139446839734/*/1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp?uuid=4ecbb6b0-aa7e-4fe0-b059-71871d25fa5b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x1200, components 3\012- data
Size
80 kB (79800 bytes)
Hash
6836cf425427ae10adbb76594e26298c
5eef7f38eab0bd5ee2c8f1172722995730dc64f7
0ae44fbf71fbdaae541b36bfff4360827fbe33582852fda5c02c9bb3a1144ac4

HTTP Headers

GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/63em0t3cjgcs328coqvvf1v2odcica5n/1701776700000/15757536139446839734/*/1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp?uuid=4ecbb6b0-aa7e-4fe0-b059-71871d25fa5b HTTP/1.1
Host: doc-0g-c0-docs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-guploader-uploadid: ABPtcPrQxYUkmLrSR9nA0QCbXt9xUzaVAsoVFCSnbTviVTPvGqcC763cUuwo42SKoklW_d5Q05foQw34oIALrx3Vwk3PHQ
x-content-type-options: nosniff
content-type: image/jpeg
content-disposition: inline; filename="marks.jpg"; filename*=UTF-8''marks.jpg
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
content-length: 79800
last-modified: Tue, 05 Dec 2023 08:28:33 GMT
date: Tue, 05 Dec 2023 11:45:31 GMT
expires: Tue, 05 Dec 2023 11:45:31 GMT
cache-control: private, max-age=0
x-goog-hash: crc32c=CFXgmg==
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/

47.88.48.79

200 OK

7.4 kB

URL User Request GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1719)
Size
7.4 kB (7408 bytes)
Hash
5847dd801bac57e9add6d192e27c1731
1ae75fe342909e2e9043819b02714d760bf3848c
5c88739add1fcde59c750d9f81441fa0f0ddbffe214d355519df84762aef8d21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/ HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:20 GMT
content-type: text/html
last-modified: Wed, 12 Jul 2023 23:25:14 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
content-encoding: gzip
x-cache: BYPASS
set-cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==; path=/
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/traveloka.svg

47.88.48.79

200 OK

7.4 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/traveloka.svg
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (7460), with no line terminators
Size
7.4 kB (7383 bytes)
Hash
2122927274206ba24b44798df12c61d0
bd619156a754ef48cbdfa5fe34d2b5d32ebb79e4
f8be0e306b65add487c5aab618d130be4dd727e0e54e89a14cb8495487a184ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/clients/traveloka.svg HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:23 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:41:57 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
x-cache: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-LHL0SH0Z7S&gtm=45je3bt0v898224655&_p=1701776736395&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1818588275.1701776737&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1701776736&sct=1&seg=0&dl=https%3A%2F%2Fho9q3sgh6ztgzrapvsrvzg.on.drv.tw%2Fwww.mark.blog%2F&dt=Portfolio%20Immanuel%20Mark&en=page_view&_fv=1&_ss=1&tfd=11914

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-LHL0SH0Z7S&gtm=45je3bt0v898224655&_p=1701776736395&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1818588275.1701776737&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1701776736&sct=1&seg=0&dl=https%3A%2F%2Fho9q3sgh6ztgzrapvsrvzg.on.drv.tw%2Fwww.mark.blog%2F&dt=Portfolio%20Immanuel%20Mark&en=page_view&_fv=1&_ss=1&tfd=11914
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-LHL0SH0Z7S&gtm=45je3bt0v898224655&_p=1701776736395&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1818588275.1701776737&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1701776736&sct=1&seg=0&dl=https%3A%2F%2Fho9q3sgh6ztgzrapvsrvzg.on.drv.tw%2Fwww.mark.blog%2F&dt=Portfolio%20Immanuel%20Mark&en=page_view&_fv=1&_ss=1&tfd=11914 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
date: Tue, 05 Dec 2023 11:45:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/company.png

47.88.48.79

302 Found

978 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/company.png
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type

Size
978 kB (977616 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/portfolio/company.png HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:22 GMT
content-type: text/html
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih
etag: 0BxTibChUREPgOHlFdFUzMVpsMS80MWQra2kxNEpYR29jTVA0PQ
last-modified: Tue, 11 Jul 2023 08:29:26 GMT
location: https://drive.google.com/uc?id=1z6pZN1UsVTS6GsF-CoMxi2di8iY3pO9C
cache-control: public, s-maxage=604800, max-age=604800
x-d2w-target-length: 977616
x-cache: BYPASS
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/marks.jpg

47.88.48.79

302 Found

80 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/marks.jpg
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type

Size
80 kB (79800 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/marks.jpg HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:29 GMT
content-type: text/html
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih
etag: 0BxTibChUREPgSUJDbFNRRVlHbGZVdHpzSEtZR1hlK3BvcVRvPQ
last-modified: Tue, 11 Jul 2023 09:41:09 GMT
location: https://drive.google.com/uc?id=1bXB93Q9O6e79AoTubhcCz4VrgDGvQ7Qp
cache-control: public, s-maxage=604800, max-age=604800
x-d2w-target-length: 79800
x-cache: BYPASS
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/tokopedia.svg

47.88.48.79

200 OK

3.6 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/clients/tokopedia.svg
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
3.6 kB (3628 bytes)
Hash
485d17c55a249c4cac3fb504dbf27724
e66f6a6063092a60b8709588c6d4f471996362c3
b62dfc37715f501b6fdc979088ec4324e3bbb151923fcf4d90c57e34d60b444c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/clients/tokopedia.svg HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:23 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:41:57 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
x-cache: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/favicon.ico

47.88.48.79

404 Not Found

2.0 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/favicon.ico
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2097), with no line terminators
Size
2.0 kB (2009 bytes)
Hash
f3182bd57e4486d29f5ab12035c8b6f3
260616db75d8d8ecabdef1fd6dc75446585d529a
a6b3a43224127ad6a916cb3ae92d8a69f82e264721a390e6b1c56c97b4372cb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:31 GMT
content-type: text/html
cache-control: public, s-maxage=604800, max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-LHL0SH0Z7S&l=dataLayer&cx=c

142.250.74.168

200 OK

292 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-LHL0SH0Z7S&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (7711)
Size
292 kB (292260 bytes)
Hash
11e9744a954f6ae2aa1e220e1fb4ec64
ebe661230ce60c1d11b18339eab28f80279dfa2c
10317030e575c3c143c5c46b158eebc141c24cc026e215fed87b75db7173da0b

HTTP Headers

GET /gtag/js?id=G-LHL0SH0Z7S&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 11:45:30 GMT
expires: Tue, 05 Dec 2023 11:45:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 95485
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/cafe.png

47.88.48.79

302 Found

312 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/cafe.png
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type

Size
312 kB (312392 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/portfolio/cafe.png HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:22 GMT
content-type: text/html
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih
etag: 0BxTibChUREPgZW44MnAxUW8wamR3YTR2eUJLaVcxdkR0SnBJPQ
last-modified: Tue, 11 Jul 2023 08:36:11 GMT
location: https://drive.google.com/uc?id=1sYQUiauKHa_76ZnsA8QTFilVUB_JfNOR
cache-control: public, s-maxage=604800, max-age=604800
x-d2w-target-length: 312392
x-cache: BYPASS
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/css/final.css

47.88.48.79

200 OK

16 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/css/final.css
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type
ASCII text, with very long lines (16049), with no line terminators
Size
16 kB (16049 bytes)
Hash
4d315c8baa85a9dd2882404f4fef7127
4f3b1b0ba5dfc0b8bbd4ad3d9421e1dcad2fede7
3c539fc47d11996f6fbc0b6e6b090251a60083b9c46cf685db6bbb08134ecf32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/css/final.css HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:30 GMT
content-type: text/css
last-modified: Fri, 08 Apr 2022 10:41:57 GMT
cache-control: public, s-maxage=43200, max-age=43200
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih, Accept-Encoding
x-cache: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2

ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/marketplace.png

47.88.48.79

302 Found

219 kB

URL GET HTTP/2
ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/dist/img/portfolio/marketplace.png
IP
47.88.48.79:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Certificate
IssuerLet's Encrypt
Subjectdrv.tw
Fingerprint5D:96:AE:62:81:B4:A2:5E:AF:7D:3B:11:78:91:A4:9E:A6:4C:84:40
ValidityThu, 02 Nov 2023 15:35:06 GMT - Wed, 31 Jan 2024 15:35:05 GMT

File type

Size
219 kB (219141 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www.mark.blog/dist/img/portfolio/marketplace.png HTTP/1.1
Host: ho9q3sgh6ztgzrapvsrvzg.on.drv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ho9q3sgh6ztgzrapvsrvzg.on.drv.tw/www.mark.blog/
Cookie: uid=rBSZwGVvDVBm3mCKBxPEAg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
date: Tue, 05 Dec 2023 11:45:22 GMT
content-type: text/html
vary: Origin, Sec-Fetch-Mode, X-Requested-Wtih
etag: 0BxTibChUREPgZjFNSmpLaC9hNTVIdnRLRTgyZURBbStxcTlZPQ
last-modified: Tue, 11 Jul 2023 08:57:49 GMT
location: https://drive.google.com/uc?id=1l5c6kWsY-aP4-c0c_I2E6xrm5XcUsHWP
cache-control: public, s-maxage=604800, max-age=604800
x-d2w-target-length: 219141
x-cache: BYPASS
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1