ww25.blandcaptcha.top Open in urlscan Pro
199.59.243.224 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blandcaptcha.top/
Effective URL:
http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
Submission Tags: phishingrod
Submission: On September 29 via api (September 29th 2023, 1:58:25 am UTC) from DE — Scanned from AU

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 199.59.243.224, located in United States and belongs to AMAZON-02, US. The main domain is ww25.blandcaptcha.top.

This is the only time ww25.blandcaptcha.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	103.224.182.210 103.224.182.210	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
6	199.59.243.224 199.59.243.224	16509 (AMAZON-02) (AMAZON-02)
1	142.250.4.95 142.250.4.95	15169 (GOOGLE) (GOOGLE)
4	142.251.12.147 142.251.12.147	15169 (GOOGLE) (GOOGLE)
1	142.251.175.156 142.251.175.156	15169 (GOOGLE) (GOOGLE)
2	142.251.175.132 142.251.175.132	15169 (GOOGLE) (GOOGLE)
14	5

1 103.224.182.210 (Australia) 1 redirects

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-210.above.com

blandcaptcha.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 199.59.243.224 (United States)

ASN16509 (AMAZON-02, US)

ww25.blandcaptcha.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.12.147 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.175.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sh-in-f156.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.175.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sh-in-f132.1e100.net

afs.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	blandcaptcha.top 1 redirects blandcaptcha.top ww25.blandcaptcha.top	46 KB
4	google.com www.google.com — Cisco Umbrella Rank: 11	112 KB
2	googleusercontent.com afs.googleusercontent.com — Cisco Umbrella Rank: 9302	1 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1368	596 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	882 B
14	5

	Domain	Requested by
6	ww25.blandcaptcha.top	ww25.blandcaptcha.top
4	www.google.com	ww25.blandcaptcha.top www.google.com
2	afs.googleusercontent.com	www.google.com
1	partner.googleadservices.com	www.google.com
1	fonts.googleapis.com	client
1	blandcaptcha.top	1 redirects
14	6

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
Frame ID: 72E58BD5AABA40E9B432EEBC852230A6
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol301%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol407&client=dp-bodis31_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.blandcaptcha.top%3Fcaf%26subid1%3D20230929-1158-203c-b7a7-47f38984686b&terms=combo%20cleaner&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2589285024539458&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301293%2C17301321%2C17301323&format=r3&nocache=3851695952703107&num=0&output=afd_ads&domain_name=ww25.blandcaptcha.top&v=3&bsl=8&pac=0&u_his=2&u_tz=480&dt=1695952703109&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=568520416&uio=-&cont=rs&jsid=caf&jsv=568520416&rurl=http%3A%2F%2Fww25.blandcaptcha.top%2F%3Fsubid1%3D20230929-1158-203c-b7a7-47f38984686b&adbw=master-1%3A1600
Frame ID: ED8C7CB62C3BBB4D3BFEF8BC9B2C41E3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blandcaptcha.top

Page URL History Show full URLs

https://blandcaptcha.top/ HTTP 302
http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b Page URL

Page Statistics

14
Requests

57 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

160 kB
Transfer

359 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blandcaptcha.top/ HTTP 302
http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
ww25.blandcaptcha.top/
Redirect Chain

https://blandcaptcha.top/
http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b

1 KB
2 KB

839ms
535ms

Document
text/html

199.59.243.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
Protocol: HTTP/1.1
Server: 199.59.243.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 142d3995b323e386f955c7c76d4356c4ea6ff6dcd0ae74fe53a1f5a489597e14

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-prefers-color-scheme
cache-control: no-store, max-age=0
content-length: 1157
content-type: text/html; charset=utf-8
critical-ch: sec-ch-prefers-color-scheme
date: Fri, 29 Sep 2023 01:58:20 GMT
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZpwTKYUp2gHRbeFqMLoJYjRkEAyu/KqdHIdYyaJ/q+ZD7fJ2hf5gh/fKWPXdn013Fd4FR+heya/hUzPOBDXX2Q==
x-request-id: 459503e4-c5ea-4e99-96eb-2da83d45dcd5

Redirect headers

connection: close
content-length: 2
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 01:58:20 GMT
location: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
server: Apache

GET
H/1.1 200
OK bPhUnOAas.js Show response
ww25.blandcaptcha.top/ 40 KB
40 KB 291ms
291ms Script
application/javascript 199.59.243.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.blandcaptcha.top/bPhUnOAas.js
Requested by: Host: ww25.blandcaptcha.top
URL: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
Protocol: HTTP/1.1
Server: 199.59.243.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: da0aa980f01a0086026b276bde5d2efa7a56555d3216e5b8d379ba7c7f31d97d

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 01:58:20 GMT
content-length: 41004
x-request-id: 4566f6fa-7f11-4bcc-a713-07fc8a5e460f
content-type: application/javascript; charset=utf-8

POST
H/1.1 200
OK _fd Show response
ww25.blandcaptcha.top/ 4 KB
3 KB 319ms
319ms Fetch
text/html 199.59.243.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.blandcaptcha.top/_fd?subid1=20230929-1158-203c-b7a7-47f38984686b
Requested by: Host: ww25.blandcaptcha.top
URL: http://ww25.blandcaptcha.top/bPhUnOAas.js
Protocol: HTTP/1.1
Server: 199.59.243.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 745e9434c519764f20c0b2696700a67f60f337aeea846408d8bdd559e961fe66

Request headers

Accept: application/json
Referer: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/json

Response headers

x-version: 2.109.6
date: Fri, 29 Sep 2023 01:58:21 GMT
content-encoding: gzip
pragma: no-cache
server: openresty
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length: 2077
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK px.gif
ww25.blandcaptcha.top/ 42 B
397 B 292ms
292ms Image
image/gif 199.59.243.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ww25.blandcaptcha.top/px.gif?ch=1&rn=6.128007107260657
Protocol: HTTP/1.1
Server: 199.59.243.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 01:58:21 GMT
last-modified: Tue, 18 Jul 2023 15:33:43 GMT
server: openresty
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
accept-ranges: bytes
content-length: 42
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK px.gif
ww25.blandcaptcha.top/ 42 B
397 B 582ms
534ms Image
image/gif 199.59.243.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ww25.blandcaptcha.top/px.gif?ch=2&rn=6.128007107260657
Protocol: HTTP/1.1
Server: 199.59.243.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 01:58:22 GMT
last-modified: Tue, 18 Jul 2023 15:33:43 GMT
server: openresty
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
accept-ranges: bytes
content-length: 42
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
882 B 513ms
172ms Stylesheet
text/css 142.250.4.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Quicksand

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f95.1e100.net

Software

ESF /

Resource Hash

47766ba3fc1fd86f1e5464627e3eb6cb377f4b81a3b3a63dd70d8958836352d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 01:58:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 00:02:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 01:58:22 GMT

GET
H2 200 caf.js Show response
www.google.com/adsense/domains/ 148 KB
55 KB 521ms
175ms Script
text/javascript 142.251.12.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/adsense/domains/caf.js

Requested by

Host: ww25.blandcaptcha.top
URL: http://ww25.blandcaptcha.top/bPhUnOAas.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f147.1e100.net

Software

sffe /

Resource Hash

a14cad92b694b7cf8826ee4e6e20ddc939a40f67814fa12aa3baf00cc5aa9841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 01:58:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "1473561577334114221"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Fri, 29 Sep 2023 01:58:22 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 386 B
596 B 520ms
173ms Script
text/javascript 142.251.175.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ww25.blandcaptcha.top&client=dp-bodis31_3ph&product=SAS&callback=__sasCookie

Requested by

Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f156.1e100.net

Software

cafe /

Resource Hash

2e673c045a32f0a96e479e0a97ab3acd50ee457c7aa2ec8399ae708a8def5ef0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 01:58:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 244
x-xss-protection: 0

GET
H2 200 ads Show response
www.google.com/afs/ Frame ED8C 14 KB
3 KB 237ms
236ms Document
text/html 142.251.12.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol301%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol407&client=dp-bodis31_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.blandcaptcha.top%3Fcaf%26subid1%3D20230929-1158-203c-b7a7-47f38984686b&terms=combo%20cleaner&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2589285024539458&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301293%2C17301321%2C17301323&format=r3&nocache=3851695952703107&num=0&output=afd_ads&domain_name=ww25.blandcaptcha.top&v=3&bsl=8&pac=0&u_his=2&u_tz=480&dt=1695952703109&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=568520416&uio=-&cont=rs&jsid=caf&jsv=568520416&rurl=http%3A%2F%2Fww25.blandcaptcha.top%2F%3Fsubid1%3D20230929-1158-203c-b7a7-47f38984686b&adbw=master-1%3A1600

Requested by

Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f147.1e100.net

Software

gws /

Resource Hash

62eb8d0424576ae6abb34b9f48acfd6bee322aae79b5a6197e4637bcbf49e719

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-5odO20mllVE5PLSd6jB5Gg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection	0

Request headers

Referer: http://ww25.blandcaptcha.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-disposition: inline
content-encoding: br
content-length: 3032
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-5odO20mllVE5PLSd6jB5Gg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
date: Fri, 29 Sep 2023 01:58:23 GMT
expires: Fri, 29 Sep 2023 01:58:23 GMT
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server: gws
x-xss-protection: 0

GET
H2 200 chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame ED8C 200 B
700 B 510ms
169ms Image
image/svg+xml 142.251.175.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

Requested by

Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol301%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol407&client=dp-bodis31_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.blandcaptcha.top%3Fcaf%26subid1%3D20230929-1158-203c-b7a7-47f38984686b&terms=combo%20cleaner&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2589285024539458&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301293%2C17301321%2C17301323&format=r3&nocache=3851695952703107&num=0&output=afd_ads&domain_name=ww25.blandcaptcha.top&v=3&bsl=8&pac=0&u_his=2&u_tz=480&dt=1695952703109&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=568520416&uio=-&cont=rs&jsid=caf&jsv=568520416&rurl=http%3A%2F%2Fww25.blandcaptcha.top%2F%3Fsubid1%3D20230929-1158-203c-b7a7-47f38984686b&adbw=master-1%3A1600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f132.1e100.net

Software

sffe /

Resource Hash

5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Sep 2023 20:24:52 GMT
age: 20011
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
vary: Accept-Encoding
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type: image/svg+xml
cache-control: public, max-age=82800
accept-ranges: bytes
expires: Fri, 29 Sep 2023 19:24:52 GMT

GET
H2 200 call_to_action_arrow.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame ED8C 444 B
370 B 511ms
170ms Image
image/svg+xml 142.251.175.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f132.1e100.net

Software

sffe /

Resource Hash

5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Sep 2023 14:02:26 GMT
age: 42957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 278
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
vary: Accept-Encoding
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type: image/svg+xml
cache-control: public, max-age=82800
accept-ranges: bytes
expires: Fri, 29 Sep 2023 13:02:26 GMT

GET
H2 200 caf.js Show response
www.google.com/adsense/domains/ Frame ED8C 148 KB
54 KB 175ms
175ms Script
text/javascript 142.251.12.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/adsense/domains/caf.js?pac=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f147.1e100.net

Software

sffe /

Resource Hash

a8ace8b35960392da1e3b6466b5028e78cc09660ce4d5daa7c92a6bcd04a6634

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 01:58:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "12632447711319672299"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Fri, 29 Sep 2023 01:58:23 GMT

POST
H/1.1 200
OK _tr
ww25.blandcaptcha.top/ 2 B
0 310ms
310ms Fetch
text/html 199.59.243.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.blandcaptcha.top/_tr
Requested by: Host: ww25.blandcaptcha.top
URL: http://ww25.blandcaptcha.top/bPhUnOAas.js
Protocol: HTTP/1.1
Server: 199.59.243.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Accept: application/json
Referer: http://ww25.blandcaptcha.top/?subid1=20230929-1158-203c-b7a7-47f38984686b
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/json

Response headers

x-version: 2.109.6
date: Fri, 29 Sep 2023 01:58:23 GMT
content-encoding: gzip
pragma: no-cache
server: openresty
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length: 22
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 204 gen_204
www.google.com/afs/ 0
21 B 186ms
186ms Image
text/html 142.251.12.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=mmhk9n5vjnsi&aqid=Py8WZbKFDu3KmsMPv8eloAI&psid=3113057640&pbt=bs&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=568520416&csala=3%7C0%7C258%7C257%7C258&lle=0&ifv=1&usr=0&hpt=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f147.1e100.net

Software

gws /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-anHI5Yfb98OoS-7E_a5FIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://ww25.blandcaptcha.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-anHI5Yfb98OoS-7E_a5FIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date: Fri, 29 Sep 2023 01:58:25 GMT
server: gws
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/html; charset=UTF-8
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blandcaptcha.top/	1970-01-21 00:41:52	Name: __tad Value: 1695952700.5102542
ww25.blandcaptcha.top/	1970-01-20 15:05:53	Name: parking_session Value: 459503e4-c5ea-4e99-96eb-2da83d45dcd5
.blandcaptcha.top/	1970-01-21 00:27:28	Name: __gsas Value: ID=fefaec026b324f54:T=1695952703:RT=1695952703:S=ALNI_MYpfyNoYvFrwsiIxiTJtwlWCb7Q-Q

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.google.com/adsense/domains/caf.js(Line 223) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

afs.googleusercontent.com
blandcaptcha.top
fonts.googleapis.com
partner.googleadservices.com
ww25.blandcaptcha.top
www.google.com
103.224.182.210
142.250.4.95
142.251.12.147
142.251.175.132
142.251.175.156
199.59.243.224
142d3995b323e386f955c7c76d4356c4ea6ff6dcd0ae74fe53a1f5a489597e14
2e673c045a32f0a96e479e0a97ab3acd50ee457c7aa2ec8399ae708a8def5ef0
47766ba3fc1fd86f1e5464627e3eb6cb377f4b81a3b3a63dd70d8958836352d3
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
62eb8d0424576ae6abb34b9f48acfd6bee322aae79b5a6197e4637bcbf49e719
745e9434c519764f20c0b2696700a67f60f337aeea846408d8bdd559e961fe66
a14cad92b694b7cf8826ee4e6e20ddc939a40f67814fa12aa3baf00cc5aa9841
a8ace8b35960392da1e3b6466b5028e78cc09660ce4d5daa7c92a6bcd04a6634
da0aa980f01a0086026b276bde5d2efa7a56555d3216e5b8d379ba7c7f31d97d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

ww25.blandcaptcha.top Open in urlscan Pro 199.59.243.224 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

57 %HTTPS

0 %IPv6

5 Domains

6 Subdomains

5 IPs

2 Countries

160 kBTransfer

359 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

ww25.blandcaptcha.top Open in urlscan Pro
199.59.243.224 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

57 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

160 kB
Transfer

359 kB
Size

3
Cookies

14 HTTP transactions
0 data transactions