Report - www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html

Report Overview

Visited public
2023-12-05 14:16:50
Tags
URL
www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
Finishing URL
www.exploit-monday.com/
IP / ASN
172.67.200.89
#13335 CLOUDFLARENET
Title
Exploit Monday

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.exploit-monday.com	unknown	2011-06-19	2012-05-23 05:07:14	2023-10-25 01:34:36	1.8 kB	79 kB	172.67.200.89
img1.blogblog.com	65460	2000-09-15	2012-05-22 09:35:04	2023-12-04 11:19:43	379 B	1.1 kB	216.58.207.233
2.bp.blogspot.com	11071	2000-07-31	2012-05-21 15:44:19	2023-12-05 06:53:04	416 B	12 kB	216.58.207.225
i.creativecommons.org	22938	2001-01-15	2015-05-29 22:08:10	2023-12-04 23:38:00	373 B	591 B	104.20.150.16
licensebuttons.net	21459	2014-11-18	2014-11-24 13:19:31	2023-12-04 05:10:13	464 B	959 B	172.67.7.63
3.bp.blogspot.com	11048	2000-07-31	2012-05-21 18:26:21	2023-12-05 06:53:04	422 B	22 kB	142.250.74.161
1.bp.blogspot.com	8403	2000-07-31	2012-05-21 15:44:19	2023-12-05 06:53:04	414 B	26 kB	142.250.74.161
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-05 06:14:20	494 B	30 kB	216.58.207.227
www.blogger.com	8975	1999-06-22	2012-05-22 09:35:03	2023-12-04 10:00:08	2.5 kB	195 kB	216.58.207.233
4.bp.blogspot.com	11215	2000-07-31	2012-05-21 15:44:19	2023-12-05 06:53:04	841 B	45 kB	216.58.207.225
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-05 08:15:49	361 B	6.3 kB	172.217.21.170
themes.googleusercontent.com	9661	2008-11-17	2012-05-24 09:24:02	2023-12-05 06:53:58	412 B	830 B	142.250.74.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 14:16:39	high	172.67.200.89	Client IP	ETPRO MALWARE Observed Decmial Encoded Executable Inbound
2023-12-05 14:16:39	high	172.67.200.89	Client IP	ET WEB_CLIENT Blatantly Evil JS Function

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	www.exploit-monday.com/	ScriptElement	708 B	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash fff8520765f3f44a22fe26c9fc0ab23b 94b5ff7c77d877b5153aa462a4e1c43ca06abc31 665b7d48bafa3aacaf55ed632599ff63be327fc6b774031d6acdf118ed5823de Loading...

	www.exploit-monday.com/	ScriptElement	807 B	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash bd8d04287b98648a3b8d070cf4f6e347 1c3bb7307a1d8dc280b518eeda84e9a64978c9c5 a22710085cd5cabb1b78fea39cea676a9eb1bb9fd04a54646eebf7ed74cac96a Loading...

	www.exploit-monday.com/	ScriptElement	377 B	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash e36a6e32e7bbc5a17b96b16aad03ce9d 54e17ff0addfa346addf19292924b0f503c8e649 f977020695ed3c0d0658c948101b83803729b9f1666ff71e0355b2222be5e6e6 Loading...

	www.exploit-monday.com/	ScriptElement	64 B	2023-03-10	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 16:22 Last Seen2024-12-24 04:53 Times Seen5 Hash 292d76ead83fb9877cca2061f10e1156 cfd106fe58900e49e88ed62a24548b6c3eb1b046 37600f4dcabf709f1856f94a104155d6bf1a2988b2eb83f7f05157e6fe3f0c1d Loading...

	www.exploit-monday.com/	ScriptElement	183 B	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash 97ae731b263393077f588e0fb6d86942 fc9efe72d7db8d0450bfb667a1394a22975c0fea 6c541910081d0ba50d098f6a49ca7b4478f1bceb668ebec31ded60a31db8df11 Loading...

	www.exploit-monday.com/	ScriptElement	182 B	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash d9c104a3368abbadc0631a832cd18a16 901d535fa15b8f54299d1d415a1ec2ccff415c1c 728b8cb827c6091c6f12399ee57909fb299e8249520e2208d4a2ca5ebf234048 Loading...

	www.exploit-monday.com/	ScriptElement	7.5 kB	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash a9b4dae585ad740a8e2d650d92fe30c9 76fa3eafcf569e9a897415b328e064e7345356df 61be471d3163fba3bb34731f915aa3e10e9eae37b0bfd7358819b76dd60e0e3b Loading...

	www.exploit-monday.com/	ScriptElement	183 B	2023-10-22	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash e4f1abee592d9424b47a6e651736377c ed67908d90d39d6fc873ca0f8a1c4558c8c99ed6 221a2d25cfc5fc713f94bdfde1a1e13de9fbe0c5b08de937ff4ffbbe3c4c94a7 Loading...

	ajax.googleapis.com/ajax/libs/webfont/1/webfont.js	ScriptElement	13 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/webfont/1/webfont.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 04:35 Times Seen17502 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	www.exploit-monday.com/	ScriptElement	134 B	2023-03-07	2025-05-09
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 05:32 Times Seen7867 Hash 7e2a455be32f5870991d61ec53c7dc39 5b4ae6802be8b8b8033c315ae65a16eeaf7682aa 8f0eb730a7427cc79a611009ff5de0a3d74e5249ea9a9db98d1954e2b933d91d Loading...

	www.exploit-monday.com/	ScriptElement	73 B	2023-03-10	2024-12-24
Pretty URL www.exploit-monday.com/ IP 172.67.200.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 16:22 Last Seen2024-12-24 04:53 Times Seen5 Hash 83611d22907336bd46e8e9c07949e04c ca3404d72ad68b25b095771b104c96935e3973e3 929ef23b34cba9bf4888b5c203dbdc5065f491cf987c97abd635c30ad8cd6638 Loading...

	www.blogger.com/static/v1/widgets/1609106493-widgets.js	ScriptElement	106 kB	2023-10-22	2024-12-24
Pretty URL www.blogger.com/static/v1/widgets/1609106493-widgets.js IP 216.58.207.233 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash b0ee407c5cb349d136928c3ff79254e5 71c28b11dccb6eb57dd3937aa2ff42674113ce8d 8867b7cdd98533c7fcd236dcb2d57930115c833627331e03974636c9da09c592 Loading...

	www.blogger.com/static/v1/jsbin/2444540184-lbx.js	ScriptElement	405 kB	2023-10-22	2024-12-24
Pretty URL www.blogger.com/static/v1/jsbin/2444540184-lbx.js IP 216.58.207.233 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-22 19:26 Last Seen2024-12-24 04:53 Times Seen5 Hash 8a045dd5b16c0d1d970aa3583cd6d794 f0c9151bb048be8060ace0bd32ac65e09f0ca63f 61e72e1c7d3242f8b63994264816d52ea7da58b649387b063ae543a0f01278d7 Loading...

HTTP Transactions (21)

URL IP Response Size

www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html

172.67.200.89

301 Moved Permanently

707 B

URL User Request GET HTTP/1.1
www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
IP
172.67.200.89:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /2017/08/exploiting-powershell-code-injection.html HTTP/1.1
Host: www.exploit-monday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 05 Dec 2023 14:16:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: http://www.exploit-monday.com/
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LBtUtqUQST8LpOdZwu%2BfkCUoLHI0fgDRaqagLS0bVJJhltxjXpPoDvC9A4FwsUg6Bgz7nVYdECukAvr89zJnPNBs753EcGqjy%2FnfTHVBaNjslv3NviTUJqTSYVPOb7IUTirUtRwSl2MG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 830ce85629ab7128-OSL

www.exploit-monday.com/

172.67.200.89

200 OK

18 kB

URL User Request GET HTTP/1.1
www.exploit-monday.com/
IP
172.67.200.89:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1048), with CRLF line terminators
Size
18 kB (18390 bytes)
Hash
ab4148df89b2a613c7a9ee0a03b4f542
ba7da83f498357a0fa545a0d8c8115a095d5a77e
c2553b5bd2456e57dec975bed137cd7fa0895f50d2360e875b7a775c36df9584

Detections

NIDS	Severity	Alert
suricata	high	ETPRO MALWARE Observed Decmial Encoded Executable Inbound
suricata	high	ET WEB_CLIENT Blatantly Evil JS Function

HTTP Headers

GET / HTTP/1.1
Host: www.exploit-monday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 14:16:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/8.0.30
last-modified: Fri, 14 Oct 2011 23:19:41 23OctGMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j9F2f7hECq31pzT6HF3LELUoWZ5gHX5VCq48FS697mGcfHc5SAYNxu4Tb1aOHhfRvb49dDXGkAkCKU9HrI21NRQMr1dXUHV37V1ZezhS8hJf%2Fn8B6pTf3hzNlYdS%2BYwtJbKkDP1Zczcb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 830ce8589c587128-OSL
Content-Encoding: gzip

www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html

104.21.21.210

301 Moved Permanently

1.8 kB

URL User Request GET HTTP/1.1
www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
IP
104.21.21.210:80
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.8 kB (1757 bytes)
Hash
9efc148bd8845c1547c326c6957f92ea
9ca09ade4afe7e49fa849ef50bc690d9668d164b
d7c35c1488674c374a905612553ed9dc0e3c44e6991dbcb55351feffc7c0a054

HTTP Headers

GET /2017/08/exploiting-powershell-code-injection.html HTTP/1.1
Host: www.exploit-monday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 14:16:32 GMT
location: http://www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
cache-control: max-age=3600
expires: Tue, 05 Dec 2023 15:16:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ODlR8MytsLalB4B3I92Ov%2Bz0RGrOYPpMa70IrpvnpF%2BCsOx3lJoNA2r8BsfEhOvsMbiRbqmuhsPkTTE%2BdKXnN9rYxbzeWd51LazeSofDKyoHV258CZIKqNbQIHH7%2FMBgp9FnWOWDMfEm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ce855dca60b06-OSL
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/2502316928-widget_css_2_bundle.css

216.58.207.233

200 OK

5.2 kB

URL GET HTTP/1.1
www.blogger.com/static/v1/widgets/2502316928-widget_css_2_bundle.css
IP
216.58.207.233:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
ASCII text, with very long lines (21478), with no line terminators
Size
5.2 kB (5193 bytes)
Hash
aea424c6bbdb50aded70a73338a880c1
6f997d987eeffca5878b97d4a0c1ead21e2b4151
29060f0f8c6443cca9adf2100f1b96942953b8eace8536d0a93d077e04da3bd7

HTTP Headers

GET /static/v1/widgets/2502316928-widget_css_2_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Date: Tue, 05 Dec 2023 14:16:33 GMT
Expires: Wed, 04 Dec 2024 14:16:33 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 27 Oct 2011 04:49:31 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Transfer-Encoding: chunked

www.blogger.com/static/v1/widgets/1609106493-widgets.js

216.58.207.233

200 OK

43 kB

URL GET HTTP/1.1
www.blogger.com/static/v1/widgets/1609106493-widgets.js
IP
216.58.207.233:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
ASCII text, with very long lines (2523)
Size
43 kB (43017 bytes)
Hash
b0ee407c5cb349d136928c3ff79254e5
71c28b11dccb6eb57dd3937aa2ff42674113ce8d
8867b7cdd98533c7fcd236dcb2d57930115c833627331e03974636c9da09c592

HTTP Headers

GET /static/v1/widgets/1609106493-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Date: Tue, 05 Dec 2023 14:16:33 GMT
Expires: Wed, 04 Dec 2024 14:16:33 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sat, 15 Oct 2011 01:41:17 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Transfer-Encoding: chunked

www.blogger.com/dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4

216.58.207.233

200 OK

260 B

URL GET HTTP/2
www.blogger.com/dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4
IP
216.58.207.233:443
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint4A:89:9B:E5:F1:54:0E:2D:0A:8E:40:A8:27:DF:2E:6B:7F:74:51:90
ValidityMon, 23 Oct 2023 11:17:52 GMT - Mon, 15 Jan 2024 11:17:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
260 B (260 bytes)
Hash
75b2ab8350f135fba959d1aef293b039
c678be5b61d139cad39c890ba1e61a1622a87b7b
9e6629ab53de40ce316011adb5a256179f4ab359dcaf065891108ed0f675cae4

HTTP Headers

GET /dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Location: https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Tue, 05 Dec 2023 14:16:34 GMT
Expires: Tue, 05 Dec 2023 14:16:34 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 260
Server: GSE

img1.blogblog.com/img/icon18_wrench_allbkg.png

216.58.207.233

200 OK

475 B

URL GET HTTP/1.1
img1.blogblog.com/img/icon18_wrench_allbkg.png
IP
216.58.207.233:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
PNG image data, 18 x 18, 8-bit colormap, non-interlaced\012- data
Size
475 B (475 bytes)
Hash
f617effe6d96c15acfea8b2e8aae551f
6d676af11ad2e84b620cce4d5992b657cb2d8ab6
d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b

HTTP Headers

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Host: img1.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 05 Dec 2023 09:19:50 GMT
Expires: Tue, 12 Dec 2023 09:19:50 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 05 Dec 2023 07:56:37 GMT
Content-Type: image/png
Age: 17804

2.bp.blogspot.com/-LaMChda7vBY/TniQY4VVpDI/AAAAAAAAACA/wk5at9vKSd4/s1600/smiley.png

216.58.207.225

200 OK

12 kB

URL GET HTTP/1.1
2.bp.blogspot.com/-LaMChda7vBY/TniQY4VVpDI/AAAAAAAAACA/wk5at9vKSd4/s1600/smiley.png
IP
216.58.207.225:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
PNG image data, 506 x 297, 8-bit/color RGB, non-interlaced\012- data
Size
12 kB (11823 bytes)
Hash
b069f3a3c69e9c8618ae9df00e60da67
c590d37870b392dad4456f2b20b1b653ac31c241
5f003b6d5746c680b483019951687c01f2cce74818282fbaa15504009a4a087d

HTTP Headers

GET /-LaMChda7vBY/TniQY4VVpDI/AAAAAAAAACA/wk5at9vKSd4/s1600/smiley.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v20"
Expires: Wed, 06 Dec 2023 14:16:34 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="smiley.png"
X-Content-Type-Options: nosniff
Date: Tue, 05 Dec 2023 14:16:34 GMT
Server: fife
Content-Length: 11823
X-XSS-Protection: 0

i.creativecommons.org/l/by/3.0/80x15.png

104.20.150.16

301 Moved Permanently

155 B

URL GET HTTP/1.1
i.creativecommons.org/l/by/3.0/80x15.png
IP
104.20.150.16:80
ASN
#13335 CLOUDFLARENET

Requested by
http://www.exploit-monday.com/

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
155 B (155 bytes)
Hash
42c394b8f0152b372537ace9acc3f7bb
1219c55c4e3ea109c473aab65deb81f09a0fe0a6
6aaad3365c30c4f8d2504e569527e588d33eeae66dd7045bcfeef7413820db2a

HTTP Headers

GET /l/by/3.0/80x15.png HTTP/1.1
Host: i.creativecommons.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 05 Dec 2023 14:16:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://licensebuttons.net/l/by/3.0/80x15.png
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 830ce85d29e3568a-OSL

4.bp.blogspot.com/-kUsjHsswmv8/TniRGrpItcI/AAAAAAAAACE/cAI5JY7nh04/s400/hiddenADS.png

216.58.207.225

200 OK

25 kB

URL GET HTTP/1.1
4.bp.blogspot.com/-kUsjHsswmv8/TniRGrpItcI/AAAAAAAAACE/cAI5JY7nh04/s400/hiddenADS.png
IP
216.58.207.225:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
PNG image data, 400 x 172, 8-bit/color RGB, non-interlaced\012- data
Size
25 kB (25346 bytes)
Hash
8d6c1a921337417f004d412f7c52106f
10d52b2fd88fa20cb688defd09c4ab154b037ce0
9875bb33fc8e5686b3cea34c0039b400b2da58662ed142040e0685d521d63bd5

HTTP Headers

GET /-kUsjHsswmv8/TniRGrpItcI/AAAAAAAAACE/cAI5JY7nh04/s400/hiddenADS.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v21"
Expires: Wed, 06 Dec 2023 14:16:34 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="hiddenADS.png"
X-Content-Type-Options: nosniff
Date: Tue, 05 Dec 2023 14:16:34 GMT
Server: fife
Content-Length: 25346
X-XSS-Protection: 0

4.bp.blogspot.com/-xM3evabUguA/TlulZu6npaI/AAAAAAAAAB0/afhXWHrFcd0/s1600/spray_diagram.png

216.58.207.225

200 OK

18 kB

URL GET HTTP/1.1
4.bp.blogspot.com/-xM3evabUguA/TlulZu6npaI/AAAAAAAAAB0/afhXWHrFcd0/s1600/spray_diagram.png
IP
216.58.207.225:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
PNG image data, 490 x 467, 8-bit/color RGB, non-interlaced\012- data
Size
18 kB (18484 bytes)
Hash
49f1c16c1073bd4ba94de61be898ca6d
67b48cc5e673c259b59648a7396a8baae99f61c7
2640770ebc6c92975a2f01028e9ba378caab669902c138cf2595d9b882726f8f

HTTP Headers

GET /-xM3evabUguA/TlulZu6npaI/AAAAAAAAAB0/afhXWHrFcd0/s1600/spray_diagram.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1d"
Expires: Wed, 06 Dec 2023 14:16:34 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="spray_diagram.png"
X-Content-Type-Options: nosniff
Date: Tue, 05 Dec 2023 14:16:34 GMT
Server: fife
Content-Length: 18484
X-XSS-Protection: 0

licensebuttons.net/l/by/3.0/80x15.png

172.67.7.63

200 OK

430 B

URL GET HTTP/2
licensebuttons.net/l/by/3.0/80x15.png
IP
172.67.7.63:443
ASN
#13335 CLOUDFLARENET

Requested by
http://www.exploit-monday.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintE7:15:01:B2:BB:7D:98:1C:47:28:FC:3B:B9:94:B0:17:66:9F:D9:8D
ValiditySun, 05 Feb 2023 00:00:00 GMT - Mon, 05 Feb 2024 23:59:59 GMT

File type
PNG image data, 80 x 15, 8-bit colormap, non-interlaced\012- data
Size
430 B (430 bytes)
Hash
c0ac00366770cc96a2999e9c078ac1b1
100a6b57582fbf383f96c289c92fbbc9aaa63f06
f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004

HTTP Headers

GET /l/by/3.0/80x15.png HTTP/1.1
Host: licensebuttons.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.exploit-monday.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:16:34 GMT
content-type: image/png
content-length: 430
cf-bgj: imgq:100,h2pri
cf-polished: origSize=640
etag: "5eab4a31-280"
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
cache-control: max-age=432000
cf-cache-status: HIT
age: 206
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ce85f5d6356a9-OSL
X-Firefox-Spdy: h2

3.bp.blogspot.com/-yZBvHmUyRLs/Tlumwynul5I/AAAAAAAAAB4/JuJFYqp3c2g/s640/fragmentation.png

142.250.74.161

200 OK

21 kB

URL GET HTTP/1.1
3.bp.blogspot.com/-yZBvHmUyRLs/Tlumwynul5I/AAAAAAAAAB4/JuJFYqp3c2g/s640/fragmentation.png
IP
142.250.74.161:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
PNG image data, 440 x 640, 8-bit/color RGB, non-interlaced\012- data
Size
21 kB (21108 bytes)
Hash
c360de16f4fd51aa1f1665252674a133
0426ea8167346bcc530bbddc71c931099c2f3944
a665a22aefad932f11528aecd80b79e0252b82ed486e07fb837f67882107f5be

HTTP Headers

GET /-yZBvHmUyRLs/Tlumwynul5I/AAAAAAAAAB4/JuJFYqp3c2g/s640/fragmentation.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v1ac"
Expires: Wed, 06 Dec 2023 14:16:34 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="fragmentation.png"
X-Content-Type-Options: nosniff
Date: Tue, 05 Dec 2023 14:16:34 GMT
Server: fife
Content-Length: 21108
X-XSS-Protection: 0

www.blogger.com/dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4

216.58.207.233

200 OK

21 B

URL GET HTTP/2
www.blogger.com/dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4
IP
216.58.207.233:443
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint4A:89:9B:E5:F1:54:0E:2D:0A:8E:40:A8:27:DF:2E:6B:7F:74:51:90
ValidityMon, 23 Oct 2023 11:17:52 GMT - Mon, 15 Jan 2024 11:17:51 GMT

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /dyn-css/authorization.css?targetBlogID=6052198192158185644&zx=52b8493b-64ba-4b65-b7f8-bf9f73ab33b4 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.exploit-monday.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 14:16:34 GMT
last-modified: Tue, 05 Dec 2023 14:16:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.exploit-monday.com/favicon.jpg

172.67.200.89

200 OK

55 kB

URL GET HTTP/1.1
www.exploit-monday.com/favicon.jpg
IP
172.67.200.89:80
ASN
#13335 CLOUDFLARENET

Requested by
http://www.exploit-monday.com/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 566x340, components 3\012- data
Size
55 kB (55227 bytes)
Hash
c03b4ca0e6185eb9f46a0d28f459a148
a755fde7ec1e75db39662df7ddfa9564c4736e92
6ad40b46a9d5df63dc1e2252c253f1ff2cde94f722ca28164b18addeb2841162

HTTP Headers

GET /favicon.jpg HTTP/1.1
Host: www.exploit-monday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 14:16:35 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/8.0.30
etag: "c03b4ca0e6185eb9f46a0d28f459a148"
cache-control: public, max-age=2592000
last-modified: Fri, 01 Sep 2023 20:12:40 20SepGMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 343145
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HjArQNtM1u7GOtYlTCxahY3hFH35d6QuQaNJOem6wCRgK1IkLXbdC08Ai3nehAKbPxoGkzWVGtMN%2Fx7p1W1Qd1rEBwiYjoZDAwQr5SUXKN6EpgKGbhxLCptLAjZ1WiLKjz1xcm8twPd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 830ce863dca97128-OSL

ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

172.217.21.170

200 OK

5.4 kB

URL GET HTTP/1.1
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP
172.217.21.170:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
ASCII text, with very long lines (2134)
Size
5.4 kB (5437 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

HTTP Headers

GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 5437
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 04 Dec 2023 23:18:12 GMT
Expires: Tue, 03 Dec 2024 23:18:12 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 53903

themes.googleusercontent.com/fonts/css?kit=9vYsg5VgPHKK8SXYbf3sMhcjgQorkBQ0PulLRUNPaOk

142.250.74.97

200 OK

293 B

URL GET HTTP/1.1
themes.googleusercontent.com/fonts/css?kit=9vYsg5VgPHKK8SXYbf3sMhcjgQorkBQ0PulLRUNPaOk
IP
142.250.74.97:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
ASCII text
Size
293 B (293 bytes)
Hash
4612a2dd64f67706c4c345bce2925704
b312728264c2a31a888308548f98a722c28c072c
c9abb54c7e480837388e343c07f2e36afd86448d9bc3f6c63999843998fdb34b

HTTP Headers

GET /fonts/css?kit=9vYsg5VgPHKK8SXYbf3sMhcjgQorkBQ0PulLRUNPaOk HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 05 Dec 2023 14:16:35 GMT
Date: Tue, 05 Dec 2023 14:16:35 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

1.bp.blogspot.com/-cZ8kOqdrgn8/Tf5aESMrnmI/AAAAAAAAAAY/YCBIrF_XszU/s0/zxdgddp.png

142.250.74.161

200 OK

25 kB

URL GET HTTP/1.1
1.bp.blogspot.com/-cZ8kOqdrgn8/Tf5aESMrnmI/AAAAAAAAAAY/YCBIrF_XszU/s0/zxdgddp.png
IP
142.250.74.161:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
PNG image data, 190 x 190, 8-bit/color RGB, non-interlaced\012- data
Size
25 kB (25224 bytes)
Hash
a550dc50e00c55157de4f3f5e956d951
01794a597b7ef166c8fb70abeb7a7b29e1c7499b
cfc94c056eb14ce6b677a9ab6f0a9da3e20a41477f0ee9cd5438226e1c8e59ad

HTTP Headers

GET /-cZ8kOqdrgn8/Tf5aESMrnmI/AAAAAAAAAAY/YCBIrF_XszU/s0/zxdgddp.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v6"
Expires: Wed, 06 Dec 2023 14:16:35 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="zxdgddp.png"
X-Content-Type-Options: nosniff
Date: Tue, 05 Dec 2023 14:16:35 GMT
Server: fife
Content-Length: 25224
X-XSS-Protection: 0

fonts.gstatic.com/s/permanentmarker/v16/Fh4uPib9Iyv2ucM6pGQMWimMp004La2Cfw.woff2

216.58.207.227

200 OK

30 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/permanentmarker/v16/Fh4uPib9Iyv2ucM6pGQMWimMp004La2Cfw.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
Web Open Font Format (Version 2), TrueType, length 29564, version 1.0\012- data
Size
30 kB (29564 bytes)
Hash
1b66ccb164151a6cf698667c8b570cc6
f5617a0f087645703c874453960be6382c8a7427
4884fec2c73aa52a2461073c1b87d1ceb80f400520391b43f97ca7d3c39eeb24

HTTP Headers

GET /s/permanentmarker/v16/Fh4uPib9Iyv2ucM6pGQMWimMp004La2Cfw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.exploit-monday.com
DNT: 1
Connection: keep-alive
Referer: http://themes.googleusercontent.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 29564
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 01 Dec 2023 08:48:17 GMT
Expires: Sat, 30 Nov 2024 08:48:17 GMT
Cache-Control: public, max-age=31536000
Age: 365298
Last-Modified: Tue, 19 Apr 2022 17:55:57 GMT
Content-Type: font/woff2

www.blogger.com/static/v1/v-css/3471120812-lightbox_bundle.css

216.58.207.233

200 OK

7.0 kB

URL GET HTTP/1.1
www.blogger.com/static/v1/v-css/3471120812-lightbox_bundle.css
IP
216.58.207.233:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
ASCII text, with very long lines (41231), with no line terminators
Size
7.0 kB (7011 bytes)
Hash
d1a4a5076311416379e3eb06013423c0
180d33558d7284af9916afe131737debd35556d8
e922620cb0bdabed5943edb6362281dc1244f27ba0d1f7e9aa9947a59c1e9dc7

HTTP Headers

GET /static/v1/v-css/3471120812-lightbox_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/css
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Date: Tue, 05 Dec 2023 14:16:35 GMT
Expires: Wed, 04 Dec 2024 14:16:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sat, 15 Oct 2011 01:41:17 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Transfer-Encoding: chunked

www.blogger.com/static/v1/jsbin/2444540184-lbx.js

216.58.207.233

200 OK

136 kB

URL GET HTTP/1.1
www.blogger.com/static/v1/jsbin/2444540184-lbx.js
IP
216.58.207.233:80
ASN
#15169 GOOGLE

Requested by
http://www.exploit-monday.com/

File type
HTML document, ASCII text, with very long lines (1502)
Size
136 kB (135557 bytes)
Hash
8a045dd5b16c0d1d970aa3583cd6d794
f0c9151bb048be8060ace0bd32ac65e09f0ca63f
61e72e1c7d3242f8b63994264816d52ea7da58b649387b063ae543a0f01278d7

HTTP Headers

GET /static/v1/jsbin/2444540184-lbx.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.exploit-monday.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Date: Tue, 05 Dec 2023 14:16:35 GMT
Expires: Wed, 04 Dec 2024 14:16:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sat, 15 Oct 2011 01:41:17 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Transfer-Encoding: chunked

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by