Report - bolandraf.com/prostutefiles/fridayexploit.hta

Report Overview

Submitted URL
bolandraf.com/prostutefiles/fridayexploit.hta
IP
199.59.243.225
ASN
#16509 AMAZON-02
Submitted
2024-04-16 10:20:53
Access
public
Website Title
Bolandraf.com
Final URL
bolandraf.com/prostutefiles/fridayexploit.hta
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25	2024-04-15	3.1 kB	82 kB	216.58.207.206
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-04-15	991 B	2.1 kB	142.250.74.97
parking3.parklogic.com	unknown	2007-02-28	2023-05-10	2024-04-15	1.5 kB	51 kB	45.79.244.209
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	411 B	192 kB	142.250.74.164
bolandraf.com	unknown	2022-03-24	2022-03-24	2024-02-22	2.1 kB	39 kB	199.59.243.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	bolandraf.com	Sinkholed
2024-04-16	medium	bolandraf.com	Sinkholed
2024-04-16	medium	bolandraf.com	Sinkholed
2024-04-16	medium	bolandraf.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Bolandraf.com	2.1 kB	2024-04-16	2024-04-24
Pretty URL parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Bolandraf.com IP 45.79.244.209 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 12:20:53 Last Seen2024-04-24 14:22:48 Times Seen3 Hash 49a1754a6f48cbdc5adb4f176977c84e 2540228f5819442dabb328e9c1fea83e78bb1fb5 35851ca110e317fb6a7d109528e8b986b43f588be6c27612e328c7cc98532c98 Loading...

	bolandraf.com/prostutefiles/fridayexploit.hta	335 B	2024-04-16	2024-04-16
Pretty URL bolandraf.com/prostutefiles/fridayexploit.hta IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 12:20:53 Last Seen2024-04-16 12:20:53 Times Seen1 Hash 48655e28e735c2d9210caafb802ffb49 27a27f58782f136a7125e511d93173f600894920 00c9fc3c351e94e167089be46e25b46e6e4d4d4fec1c3242f47c15791a7b6739 Loading...

	bolandraf.com/bxBmKdpBZ.js	33 kB	2024-04-16	2024-04-17
Pretty URL bolandraf.com/bxBmKdpBZ.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 01:35:23 Last Seen2024-04-17 17:57:43 Times Seen418 Hash a53936d43620baea9f9bff9eaaee5f6c 25ebf5f50366836fc0cdf82a02ff6b09896ff33e 21bcc41f022f805dc902e3cadc8af88e34549473e0fa518fb1ee1c36bc8609e1 Loading...

	www.google.com/adsense/domains/caf.js	191 kB	2024-04-15	2024-04-18
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 21:44:53 Last Seen2024-04-18 13:39:50 Times Seen36 Hash beb51954eb4f0ded859cff4e51dbb82f 125c4fdcc1d4ba4c46d24dadcc622b0435e81831 cfc720a57bf929e13741c3c93f2ed7d663715c6b20873dadc8f0cf9563d8f5af Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta	658 B	2024-04-16	2024-04-16
Pretty URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 12:20:53 Last Seen2024-04-16 12:20:53 Times Seen1 Hash 755a7f1887a8eac21cdd0d3c7d4397a3 e89365534aa5b34bf5d23f247ec719317f77fd74 d4d2d1b1f94f4a9829d96b7f8e5d32c7c94d4bef5fa1208e4fc61387b0847235 Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	191 kB	2024-04-15	2024-04-18
Pretty URL syndicatedsearch.goog/adsense/domains/caf.js IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 19:59:58 Last Seen2024-04-18 05:57:11 Times Seen17 Hash ab1c01ac38bcbad969be46e6abb8918a e85a9565036317102cc0d0405370356756fd5fea ec1c4aabaa8cb519fbdba5c2140fdf9ba888c6aab153f0ecb239ef60f74aa85b Loading...

		Size	First Seen	Last Seen
	#1 Eval - bbf517b90f7993fd9d4ce748eb4bbaa3	402 B	2024-03-30	2024-04-29
Pretty Observations First Seen2024-03-30 22:46:39 Last Seen2024-04-29 19:06:30 Times Seen38 Hash bbf517b90f7993fd9d4ce748eb4bbaa3 e76c0e3fd4e6e4c38c825d7729e073b0ef737ac5 9c0a0576cfdec6b13ed2b662d2c18c4e9c4fe4a456c61931b8905399e895340e Loading...

		Size	First Seen	Last Seen
	#1 Write - ba87ddc9db3114d69fcf813faf859093	183 B	2024-04-16	2024-04-24
Pretty Observations First Seen2024-04-16 12:20:53 Last Seen2024-04-24 14:22:48 Times Seen2 Hash ba87ddc9db3114d69fcf813faf859093 b4b4069955f7eda95219b33f423b3e81a1a7291a 4424ce98d86886b4fbf942c93741fedb317483d1200ac6397ece5776f6896fa8 Loading...

HTTP Transactions (14)

URL IP Response Size

bolandraf.com/prostutefiles/fridayexploit.hta

199.59.243.225

200 OK

1.1 kB

URL User Request GET HTTP/1.1
bolandraf.com/prostutefiles/fridayexploit.hta
IP
199.59.243.225:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectbolandraf.com
Fingerprint10:35:36:36:E9:6B:46:A9:DB:9E:9A:F4:77:B5:24:A6:06:80:92:07
ValiditySun, 24 Mar 2024 23:34:00 GMT - Sat, 22 Jun 2024 23:33:59 GMT

File type
HTML document, ASCII text, with very long lines (350)
Size
1.1 kB (1082 bytes)
Hash
d7a50b452637e8da2b8aff0fa4d06544
c6174627b8880ff9d16dcd359e944f026f0be912
dd6296bff986c9dbb336e6e3aac5bb558108b1e616f254469a3694193c05c1c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prostutefiles/fridayexploit.hta HTTP/1.1
Host: bolandraf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 10:20:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1082
X-Request-Id: bbe43e6a-6786-4768-9ebe-8860488d7881
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_P9+4B160c7zcpXuLHD09HRLAqqtpJIwlGeTMY6VddWVeozU41cf4p8wdqTMhTtUwStiZqY5jXnSrvf3OvUhJaA==
Set-Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881; expires=Tue, 16 Apr 2024 10:35:27 GMT; path=/
Connection: close

bolandraf.com/bxBmKdpBZ.js

199.59.243.225

200 OK

33 kB

URL GET HTTP/1.1
bolandraf.com/bxBmKdpBZ.js
IP
199.59.243.225:443
ASN
#16509 AMAZON-02

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerLet's Encrypt
Subjectbolandraf.com
Fingerprint10:35:36:36:E9:6B:46:A9:DB:9E:9A:F4:77:B5:24:A6:06:80:92:07
ValiditySun, 24 Mar 2024 23:34:00 GMT - Sat, 22 Jun 2024 23:33:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33205)
Size
33 kB (33208 bytes)
Hash
a53936d43620baea9f9bff9eaaee5f6c
25ebf5f50366836fc0cdf82a02ff6b09896ff33e
21bcc41f022f805dc902e3cadc8af88e34549473e0fa518fb1ee1c36bc8609e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bxBmKdpBZ.js HTTP/1.1
Host: bolandraf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/prostutefiles/fridayexploit.hta
Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 10:20:27 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 33208
X-Request-Id: 6924b68b-4c37-486a-b1e5-544056aac541
Set-Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881; expires=Tue, 16 Apr 2024 10:35:28 GMT
Connection: close

bolandraf.com/_fd

199.59.243.225

200 OK

2.4 kB

URL POST HTTP/1.1
bolandraf.com/_fd
IP
199.59.243.225:443
ASN
#16509 AMAZON-02

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerLet's Encrypt
Subjectbolandraf.com
Fingerprint10:35:36:36:E9:6B:46:A9:DB:9E:9A:F4:77:B5:24:A6:06:80:92:07
ValiditySun, 24 Mar 2024 23:34:00 GMT - Sat, 22 Jun 2024 23:33:59 GMT

File type
ASCII text, with very long lines (4801), with no line terminators
Size
2.4 kB (2444 bytes)
Hash
438ab96a2c1c3a967ef4ca89b8edf509
b00f5eef12f5e96045a969ce0afeeff7f7241a69
befcc522030917868b186da348d2cd6c993f8614fc0dd2a3221062bb27c08ed4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd HTTP/1.1
Host: bolandraf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bolandraf.com/prostutefiles/fridayexploit.hta
Content-Type: application/json
Origin: https://bolandraf.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 16 Apr 2024 10:20:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 2444
X-Version: 2.117.4
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881; expires=Tue, 16 Apr 2024 10:35:28 GMT; Max-Age=900; path=/; httponly
Connection: close

syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta

216.58.207.206

200 OK

2.5 kB

URL GET HTTP/2
syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subjectsyndicatedsearch.goog
Fingerprint11:F3:4F:46:25:BD:42:30:18:9B:BA:23:35:18:C2:17:F8:9E:52:98
ValidityMon, 04 Mar 2024 07:27:32 GMT - Mon, 27 May 2024 07:27:31 GMT

File type
HTML document, ASCII text, with very long lines (13015)
Size
2.5 kB (2548 bytes)
Hash
f0fd38ac13ef064812d4a4f805f555d3
02ca589ce1368f6e536065121d96900d63aae2c6
0df8f4d1f603e6f1b098b467769ab471c0ad2a0b832b20f1597ffc26d1b502c4

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Tue, 16 Apr 2024 10:20:28 GMT
expires: Tue, 16 Apr 2024 10:20:28 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-_Dh8KZ5qQVB75E6oVjtoQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2548
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE0:0C:38:A4:4D:4F:CB:42:05:30:9A:C4:60:B3:64:3F:EF:43:D1:2F
ValidityMon, 04 Mar 2024 07:14:32 GMT - Mon, 27 May 2024 07:14:31 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 12:51:51 GMT
expires: Tue, 16 Apr 2024 11:51:51 GMT
cache-control: public, max-age=82800
age: 77317
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE0:0C:38:A4:4D:4F:CB:42:05:30:9A:C4:60:B3:64:3F:EF:43:D1:2F
ValidityMon, 04 Mar 2024 07:14:32 GMT - Mon, 27 May 2024 07:14:31 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 22:08:48 GMT
expires: Tue, 16 Apr 2024 21:08:48 GMT
cache-control: public, max-age=82800
age: 43901
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bolandraf.com/_tr

199.59.243.225

200 OK

22 B

URL POST HTTP/1.1
bolandraf.com/_tr
IP
199.59.243.225:443
ASN
#16509 AMAZON-02

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerLet's Encrypt
Subjectbolandraf.com
Fingerprint10:35:36:36:E9:6B:46:A9:DB:9E:9A:F4:77:B5:24:A6:06:80:92:07
ValiditySun, 24 Mar 2024 23:34:00 GMT - Sat, 22 Jun 2024 23:33:59 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: bolandraf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bolandraf.com/prostutefiles/fridayexploit.hta
Content-Type: application/json
Content-Length: 1721
Origin: https://bolandraf.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 16 Apr 2024 10:20:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 22
X-Version: 2.117.4
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: parking_session=bbe43e6a-6786-4768-9ebe-8860488d7881; expires=Tue, 16 Apr 2024 10:35:29 GMT; Max-Age=900; path=/; httponly
Connection: close

syndicatedsearch.goog/adsense/domains/caf.js

216.58.207.206

200 OK

76 kB

URL GET HTTP/3
syndicatedsearch.goog/adsense/domains/caf.js
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fbolandraf.com%2F%3Fcaf%3D1&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301447%2C17301454%2C17301466%2C17301266&client_gdprApplies=1&format=r3&nocache=5771713262828472&num=0&output=afd_ads&domain_name=bolandraf.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1713262828473&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=623135625&rurl=https%3A%2F%2Fbolandraf.com%2Fprostutefiles%2Ffridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subjectsyndicatedsearch.goog
Fingerprint11:F3:4F:46:25:BD:42:30:18:9B:BA:23:35:18:C2:17:F8:9E:52:98
ValidityMon, 04 Mar 2024 07:27:32 GMT - Mon, 27 May 2024 07:27:31 GMT

File type
gzip compressed data, max compression
Size
76 kB (76281 bytes)
Hash
eeb210083870c02e4644c0c7aadded42
092d128354b3b2bb338f34dc178aba90985cacc1
df2a4da5b60e7f0f584cc66f7574257013d661c3f2b211e341d95cfd9920a013

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 16 Apr 2024 10:20:28 GMT
expires: Tue, 16 Apr 2024 10:20:28 GMT
cache-control: private, max-age=3600
etag: "17879524657389626521"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

parking3.parklogic.com/page/scribe.php?pcId=7&domain=bolandraf.com&pId=1129&usid=null&utid=null&query=null&domainJs=bolandraf.com&path=/prostutefiles/fridayexploit.hta&ss=true&lp=1

45.79.244.209

200 OK

46 B

URL GET HTTP/1.1
parking3.parklogic.com/page/scribe.php?pcId=7&domain=bolandraf.com&pId=1129&usid=null&utid=null&query=null&domainJs=bolandraf.com&path=/prostutefiles/fridayexploit.hta&ss=true&lp=1
IP
45.79.244.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerSectigo Limited
Subject*.parklogic.com
FingerprintA5:25:E3:1A:B4:C8:32:BD:0D:BA:C8:B4:19:22:F9:75:D4:D3:88:3F
ValiditySat, 20 Jan 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
ASCII text
Size
46 B (46 bytes)
Hash
c0fc9a1b28380f063a17615f14be00f3
b7ecca5ab4774ccc34683ad2b9f43fd19a4ae864
e9b5a209bb45f7d6f760111c08135c18ff5ad6ace1bfbfe8d77f796d00d18f41

HTTP Headers

GET /page/scribe.php?pcId=7&domain=bolandraf.com&pId=1129&usid=null&utid=null&query=null&domainJs=bolandraf.com&path=/prostutefiles/fridayexploit.hta&ss=true&lp=1 HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bolandraf.com/
Origin: https://bolandraf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 16 Apr 2024 10:20:29 GMT
server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
x-powered-by: PHP/5.5.38
access-control-allow-origin: *
transfer-encoding: chunked
content-type: text/html;charset=UTF-8
connection: close

parking3.parklogic.com/page/images/pe262/hero_nc.svg

45.79.244.209

200 OK

48 kB

URL GET HTTP/1.1
parking3.parklogic.com/page/images/pe262/hero_nc.svg
IP
45.79.244.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerSectigo Limited
Subject*.parklogic.com
FingerprintA5:25:E3:1A:B4:C8:32:BD:0D:BA:C8:B4:19:22:F9:75:D4:D3:88:3F
ValiditySat, 20 Jan 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
48 kB (48097 bytes)
Hash
5a2c392e7acdf6e9de6e00129500503c
c8d0f80381e4ce180b5eb3c4c98539907292a7bb
878da09a057ec8f1775cdc522e5f7ec44966df547a87a9c29826ba114833c24b

HTTP Headers

GET /page/images/pe262/hero_nc.svg HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 16 Apr 2024 10:20:29 GMT
server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
last-modified: Mon, 08 Mar 2021 23:04:00 GMT
etag: "bbe1-5bd0e72fe1800"
accept-ranges: bytes
content-length: 48097
content-type: image/svg+xml
connection: close

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=c1xyeerm8wmc&aqid=7FAeZr_vJNOxxdwP9vu04As&psid=3113057640&pbt=bs&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=623135625&csala=4%7C0%7C288%7C90%7C16&lle=0&ifv=1&hpt=0

216.58.207.206

204 No Content

0 B

URL GET HTTP/3
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=c1xyeerm8wmc&aqid=7FAeZr_vJNOxxdwP9vu04As&psid=3113057640&pbt=bs&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=623135625&csala=4%7C0%7C288%7C90%7C16&lle=0&ifv=1&hpt=0
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subjectsyndicatedsearch.goog
Fingerprint11:F3:4F:46:25:BD:42:30:18:9B:BA:23:35:18:C2:17:F8:9E:52:98
ValidityMon, 04 Mar 2024 07:27:32 GMT - Mon, 27 May 2024 07:27:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=c1xyeerm8wmc&aqid=7FAeZr_vJNOxxdwP9vu04As&psid=3113057640&pbt=bs&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=623135625&csala=4%7C0%7C288%7C90%7C16&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-JXaE8FtlNQEtO5Wfj0SnKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 16 Apr 2024 10:20:30 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=5hdy2ttyaju&aqid=7FAeZr_vJNOxxdwP9vu04As&psid=3113057640&pbt=bv&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=623135625&csala=4%7C0%7C288%7C90%7C16&lle=0&ifv=1&hpt=0

216.58.207.206

204 No Content

0 B

URL GET HTTP/3
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=5hdy2ttyaju&aqid=7FAeZr_vJNOxxdwP9vu04As&psid=3113057640&pbt=bv&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=623135625&csala=4%7C0%7C288%7C90%7C16&lle=0&ifv=1&hpt=0
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subjectsyndicatedsearch.goog
Fingerprint11:F3:4F:46:25:BD:42:30:18:9B:BA:23:35:18:C2:17:F8:9E:52:98
ValidityMon, 04 Mar 2024 07:27:32 GMT - Mon, 27 May 2024 07:27:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=5hdy2ttyaju&aqid=7FAeZr_vJNOxxdwP9vu04As&psid=3113057640&pbt=bv&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=623135625&csala=4%7C0%7C288%7C90%7C16&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-YuzWwLQnPcsPhaN8bW-whw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 16 Apr 2024 10:20:30 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Bolandraf.com

45.79.244.209

200 OK

2.1 kB

URL GET HTTP/1.1
parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Bolandraf.com
IP
45.79.244.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerSectigo Limited
Subject*.parklogic.com
FingerprintA5:25:E3:1A:B4:C8:32:BD:0D:BA:C8:B4:19:22:F9:75:D4:D3:88:3F
ValiditySat, 20 Jan 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2121), with no line terminators
Size
2.1 kB (2061 bytes)
Hash
ad6282fa1e045485c3f17b181eb6fa68
c64b5be65f758f012f1ce3eb733612eec17cbea2
c7ce2148b1a631214bd6896ec6eb29de6851a7571b3173391696e42bad5c9bb2

HTTP Headers

GET /page/enhance.js?pcId=7&pId=1129&domain=Bolandraf.com HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 16 Apr 2024 10:20:29 GMT
server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
x-powered-by: PHP/5.5.38
transfer-encoding: chunked
content-type: text/javascript;charset=UTF-8
connection: close

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

191 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://bolandraf.com/prostutefiles/fridayexploit.hta
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
191 kB (191054 bytes)
Hash
beb51954eb4f0ded859cff4e51dbb82f
125c4fdcc1d4ba4c46d24dadcc622b0435e81831
cfc720a57bf929e13741c3c93f2ed7d663715c6b20873dadc8f0cf9563d8f5af

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bolandraf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 16 Apr 2024 10:20:28 GMT
expires: Tue, 16 Apr 2024 10:20:28 GMT
cache-control: private, max-age=3600
etag: "16702422679529225315"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash