Report - popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php

Report Overview

Submitted URL
popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php
IP
199.59.243.225
ASN
#16509 AMAZON-02
Submitted
2024-05-08 21:33:39
Access
public
Website Title
Byethost4.com
Final URL
iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
a.delivery.consentmanager.net	128991	2018-05-02	2021-07-25	2024-05-07	3.9 kB	10 kB	87.230.98.78
popularenlinea3.byethost4.com	unknown	unknown	No data	No data	2.1 kB	42 kB	199.59.243.225
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	4.0 kB	894 kB	142.250.74.132
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-05-07	24 kB	932 kB	142.250.74.142
ww01.byethost4.com	unknown	2005-12-02	2022-09-01	2024-01-10	35 kB	520 kB	199.59.243.225
iyfbodn.com	147548	2020-09-22	2021-06-29	2024-04-30	7.7 kB	101 kB	208.91.196.46
cdn.consentmanager.net	29447	2018-05-02	2021-02-08	2024-05-07	1.8 kB	158 kB	185.76.9.24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed
2024-05-08	medium	byethost4.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	iyfbodn.com/px.js?ch=2	346 B	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/px.js?ch=2 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-20 01:01:39 Times Seen44623 Hash f84f931c0dd37448e03f0dabf4e4ca9f 9c2c50edcf576453ccc07bf65668bd23c76e8663 5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	9.8 kB	2023-09-26	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-26 13:40:49 Last Seen2024-05-20 01:01:39 Times Seen1653 Hash 9560adf5dc63298430192355356041d5 9821c3fb6d617b7059178ffa45f2262a9d0950df 622a8bc5f9ce711cd90042b20cd78387dc75dc9742838e78ef6c3024933a5b08 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	8 B	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:33 Last Seen2024-05-20 01:01:39 Times Seen11090 Hash 883fa82f6169ed5ddd95e0c34cf36450 52fcfe1e375b542d4847a9c963bff266b98bfbc2 dca6253c1f2bdadb922b559c83bee52fbe1411e3a159adcb922ff3b45c623185 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	504 B	2024-05-08	2024-05-08
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 23:33:47 Last Seen2024-05-08 23:33:47 Times Seen1 Hash 146c304cb95988a2c3c73fe0ff1d32b3 40bcace808aa9ac0a28064abc9934ec09df154d9 efefcf86466287c2d9dc1dbb1b48d1a29ce700c345722d6eab80b1d5e58aca17 Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en	1.2 kB	2024-05-08	2024-05-08
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en IP 87.230.98.78 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 23:33:47 Last Seen2024-05-08 23:33:47 Times Seen1 Hash 7e8766e45445e6a69f0acd0395d5f585 a2ff92dec0f2bc2a88ba2b0c57d7daf14cd35f22 779c5c3990d308dd5463239b937aa2d670c4f2d6aeb78cb40897e0b521787a89 Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en	5.4 kB	2024-05-08	2024-05-08
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en IP 87.230.98.78 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 23:33:47 Last Seen2024-05-08 23:33:47 Times Seen1 Hash 363de73c86993d06c1a7b64dbba1a620 ae2344db52f1879b07cab5964a5521b053563859 ebdc32d7a6bb5a02e86043f272fbb466bedb20b317b71b6ef102d42eda9d8cc3 Loading...

	cdn.consentmanager.net/delivery/js/cmp_en.min.js	430 kB	2024-04-24	2024-05-16
Pretty URL cdn.consentmanager.net/delivery/js/cmp_en.min.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:35:11 Last Seen2024-05-16 09:18:00 Times Seen487 Hash e826e2568f3153d2e146bf66286bd521 b47610e60026f3db1e80bcf0026b53dbb089007b b601830d2f9a081099ea148ed53a859bf410ca3460f0029030fb663fef728c99 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	37 B	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:33 Last Seen2024-05-20 01:01:39 Times Seen12518 Hash fcd7b94e73a1f9cc8807da94baec6354 088ae01bf28379b61fd5a322034c8c618d3f2b23 0361577e582e091d8656bc3ffeeafc27c0607530e2000d55772674122d703253 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	227 B	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:37 Last Seen2024-05-20 01:01:39 Times Seen12237 Hash 188f7666308742fb39f78319eeffac6b 30e2ed4b88881c18f5e93d6ab7bf1e581708260a 49203316dee4271f8246c461b34a6757e33008f09f85924ab5ac12235a9ef445 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	42 B	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:33 Last Seen2024-05-20 01:01:39 Times Seen12344 Hash 4aa1cafcdca484710d10c7d6d1a6a273 4f2007c15b663111205ce137bdd263e5345104e5 9ce013c35c35b5f4007d40c0d4fa366530f064cbaa91de6c01b3edfe4471b7f8 Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&o=1715204008255	1.2 kB	2024-05-08	2024-05-08
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&o=1715204008255 IP 87.230.98.78 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 23:33:47 Last Seen2024-05-08 23:33:47 Times Seen1 Hash c412810df6f9fe7470e8f8f35e49d3ec 71f9a7bffcc0641f81e807f8e27849ddef9a1b10 8d21163d274e3363643923a32afc143c30795d072bbd58a80a4b2ae064f4e3b5 Loading...

	cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8zMzY2NC54XzMzLnYucC50XzMzNjY0Lnh0XzMz.js	107 kB	2024-05-08	2024-05-20
Pretty URL cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8zMzY2NC54XzMzLnYucC50XzMzNjY0Lnh0XzMz.js IP 185.76.9.24 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:21:38 Last Seen2024-05-20 01:01:39 Times Seen251 Hash 2a5b8615451aec177c4ad40168be253a 647c53b4aa74d5f5e8aa28c10064bada250cdcdd 0af5b9b801304e08f071cd55ded7a16de031e0ac15a3dc96ad792a5ec9644574 Loading...

	unknown	0 B	2023-03-07	2024-05-20
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 04:25:08 Times Seen37855457 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	27 B	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:33 Last Seen2024-05-20 01:01:39 Times Seen12325 Hash 1a13337fc71dcb5b6fb8be5e40b05c66 8ca2b8e8b15ff416d1b6c557a767140c4c034243 e94f533b6c39b822e83695ecb11a193f5ba7a3a3f97c8136bd0bbef8436e48bf Loading...

	iyfbodn.com/__media__/js/min.js?v2.3	8.4 kB	2023-03-07	2024-05-20
Pretty URL iyfbodn.com/__media__/js/min.js?v2.3 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-05-20 01:01:39 Times Seen26807 Hash c16c3a4c0fad29106f34d00e89f6886e 6e11811ab8a98bb295b0916cdee68b302c33403d 097786d677a859b7bc87e285377b083b76d66a2fc2832a16bcd50b0e99df77ff Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	950 B	2023-10-25	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-25 20:17:46 Last Seen2024-05-20 01:01:39 Times Seen1930 Hash 04abf87bcd2e54fb9f318470fad4f9bd 052155077c248f93e568113bb6d4098a72bc677f 163e01880fa1b6efd56262f5c72b3b8e18ac07ad1df3086e66337517df6cceab Loading...

	iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I	864 B	2023-11-01	2024-05-20
Pretty URL iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-01 09:56:59 Last Seen2024-05-20 01:01:39 Times Seen1880 Hash 03b604d3ca46b070c6102a9605a7d3a3 4530cad19c43a41b7053f90f4742f98ad6ef9af8 8450c00fdc1220bc175e99bae3548d48c2057de550e91860c1dfce3c29bd7aea Loading...

HTTP Transactions (95)

URL IP Response Size

popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php

199.59.243.225

1.2 kB

URL
popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (454)
Size
1.2 kB (1186 bytes)
Hash
6b9e757e6cdc04e5d2fbed984777f5ef
7de8c6528a7e98e9349aec6871d0913c4cc0f3e7
004c8ff9aeed9132d1387196f6a2af5a101ae0d1781662bbdde5f85f24000e0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /banco.popular.ib310300266338323360163335377471439465413409411346/personal.php HTTP/1.1
Host: popularenlinea3.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:11 GMT
content-type: text/html; charset=utf-8
content-length: 1186
x-request-id: 8ede4d6f-23bf-4af6-a7c5-d57be7c894a0
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hFF/Z2Y1PGigklc86EU/BYBW9y2sFFmGJF24Qaog5O1ovZAKLfJm8yyPQtyc29NBQbEjE3yD5Fq7NSkaiY9q2A==
set-cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0; expires=Wed, 08 May 2024 21:48:11 GMT; path=/

popularenlinea3.byethost4.com/bKIhwLckQ.js

199.59.243.225

34 kB

URL
popularenlinea3.byethost4.com/bKIhwLckQ.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bKIhwLckQ.js HTTP/1.1
Host: popularenlinea3.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php
Cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 5da47802-c23a-4727-bf4e-d7ad01dd8fb2
set-cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0; expires=Wed, 08 May 2024 21:48:11 GMT

popularenlinea3.byethost4.com/_fd

199.59.243.225

5.4 kB

URL
popularenlinea3.byethost4.com/_fd
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5425), with no line terminators
Size
5.4 kB (5425 bytes)
Hash
d8c79a9497ff939f77e7eeffaf7c1fbf
61cd13ffe4607e9bfc78346c3599366346d123f4
2ef217f47b8085b970e60036e9fbe424868970b9122f487b335d0f69d0482a0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd HTTP/1.1
Host: popularenlinea3.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php
Content-Type: application/json
Origin: http://popularenlinea3.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:11 GMT
content-type: application/json; charset=utf-8
content-length: 5425
x-request-id: 5736147a-56ec-47c5-a5f0-d550abe7b34b
set-cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0; expires=Wed, 08 May 2024 21:48:11 GMT

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

74 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
74 kB (74481 bytes)
Hash
631f3fd9980857e51762c2f745078f94
c74569d9ec6e934b91880390a6c70ba3ce75ed47
393cadafe47cb1f8be07c876f9967b3cdde0361130cc7d042bfe7f123b13f0af

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://popularenlinea3.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:11 GMT
expires: Wed, 08 May 2024 21:33:11 GMT
cache-control: private, max-age=3600
etag: "7664028437327203187"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.142

588 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fpopularenlinea3.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=6241715203991976&num=0&output=afd_ads&domain_name=popularenlinea3.byethost4.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1715203991978&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fpopularenlinea3.byethost4.com%2Fbanco.popular.ib310300266338323360163335377471439465413409411346%2Fpersonal.php
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (663)
Size
588 B (588 bytes)
Hash
19d68071d5bb027d64bcdfa7430c8a90
5c11f3d0761841b8f4d4126fc0260b6c161d9c71
a92a1d7846e5d6b0247f69149a63ee0396e5460b326edbd4c9df8ca8960c7062

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fpopularenlinea3.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=6241715203991976&num=0&output=afd_ads&domain_name=popularenlinea3.byethost4.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1715203991978&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fpopularenlinea3.byethost4.com%2Fbanco.popular.ib310300266338323360163335377471439465413409411346%2Fpersonal.php HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://popularenlinea3.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:12 GMT
expires: Wed, 08 May 2024 21:33:12 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-eOsYS2QgjHK-xV0yCNU1ZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 588
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

popularenlinea3.byethost4.com/_zc

199.59.243.225

179 B

URL
popularenlinea3.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
179 B (179 bytes)
Hash
487007de146b058a3f99a107bfbca957
37ae83625889b349e56347fd5dfdd6d8574cc020
f413bb1fc46f3096cfe19b60bd2f59f3271a7d33ed3d8e65b105f9a33ded0c05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: popularenlinea3.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://popularenlinea3.byethost4.com/banco.popular.ib310300266338323360163335377471439465413409411346/personal.php
Content-Type: application/json
Content-Length: 6041
Origin: http://popularenlinea3.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:12 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 179
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0; expires=Wed, 08 May 2024 21:48:13 GMT; Max-Age=900; path=/; httponly

ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I

199.59.243.225

1.8 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1030)
Size
1.8 kB (1762 bytes)
Hash
2d317e8f3ff57efee6604289489ccbd8
2dc083743ea8c8aa1d1c8d9bf415e1b439042a3c
988471b013be9daf2e82156f26a6d9a91490cafaaff62aa9972dadcb2d8df785

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://popularenlinea3.byethost4.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:13 GMT
content-type: text/html; charset=utf-8
content-length: 1762
x-request-id: 3170a601-b2d1-4e4d-a722-f2826feec351
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_S8HZ+0NBhqHV49kDpEz5eTxE/CfIkoYSXDsJjOGZz1qsqPD6r2Qxyx0slPizz6BTihn6nim9mE6bYCWELg5sqA==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:13 GMT; path=/

ww01.byethost4.com/brbyZoIBt.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/brbyZoIBt.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /brbyZoIBt.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: c3f44d53-509d-4d2a-bb10-f8324dfa15d9
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:13 GMT

ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
d23427575036b7bb81b38dd15e8709b5
ac0d8b38f164a3c02c627aea4b89e7b49f16928d
da9daed43db81ea92097cec8f028432efa2251ce920d4e9d936ff4bd1ee8c0b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:13 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 8bd1e514-d23b-4095-ab4a-5a09fbc18378
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:13 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=101715203993682&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1715203993684&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fpopularenlinea3.byethost4.com%2F

142.250.74.142

594 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=101715203993682&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1715203993684&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fpopularenlinea3.byethost4.com%2F
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (659)
Size
594 B (594 bytes)
Hash
1d054171535f607847a2b39cb2d274d1
17a711309d70b796cb17408274e031735cc69f9e
c69130dec18a822eea8bd20ec4c2b7e2e1ff09aa2fe0989a5874327faecccd86

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=101715203993682&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1715203993684&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fpopularenlinea3.byethost4.com%2F HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:13 GMT
expires: Wed, 08 May 2024 21:33:13 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce--zKdKjwtNOZl0JKxcJrfPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 594
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

74 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
74 kB (74192 bytes)
Hash
8f57a11584ed40583c1f200fa5606d30
3c83d0e008de612e9918a99e33a28938dc4eb7d1
09131d32ae019fcd4a5aa7670b6a324ce162387da15288df4334eb5c6db0a438

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:13 GMT
expires: Wed, 08 May 2024 21:33:13 GMT
cache-control: private, max-age=3600
etag: "8198968192214571772"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
db7d98e63684ce8ec649e17910718dbe
72feeaa723f575375e294cd642b10cf6154b7d14
6c1e75bb3ef623e4251554f196d4d974bdf34a3adbeea33a89fa25344f9a29fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:13 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: a6fee19a-bb02-4f55-b2f5-5ff03599b45f
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:14 GMT

ww01.byethost4.com/bMnNWNbBB.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bMnNWNbBB.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bMnNWNbBB.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: f730122c-b2f8-4937-9133-8ec71aee2452
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:14 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
d505409afad063c69964d2d22b8b6314
b6f9d625b42fd379e494bf544e66ae8e25ac1b48
fc803728fb6c48cd7937b5bbfaacb1b8f7446361e7bb12a48dd68e183e3d89c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:14 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 7f9412bd-5d45-4149-828a-5e7c018c142f
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:14 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=2241715203994556&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203994557&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I

142.250.74.142

800 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=2241715203994556&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203994557&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (957)
Size
800 B (800 bytes)
Hash
9df4980824c6a0f7589f44418cffbf9b
16ef377397bc2e2f82ed5907d87e1995f7836733
07df69d2f7c2a271caeee71f3e759ca35875182c18d03b84340fe37f72455b42

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=2241715203994556&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203994557&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:14 GMT
expires: Wed, 08 May 2024 21:33:14 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-n7-dEKg6lu22m5Q5V6YnOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 800
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

177 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
177 B (177 bytes)
Hash
63e390f28326ce36dfea68e3e0812c4a
3aa9034c2d26ab1c1d9138013fa2d6af85d9028b
8ac0e25bb990018e6b3ef56390a7793a7b6bc8ad6e6bb6ea6350a0e5d89e87a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Content-Length: 7149
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:14 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 177
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:15 GMT; Max-Age=900; path=/; httponly

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
81fb488cce509045c1fb68af92fbc59d
dbfca030f0e97f3bd58ddcd6f01e472c1e0eb08a
e466e80e9aced8f71a0ae628b7936df41451b1cfcb39d349041e2a34b6d9aaa7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:14 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 73e68e36-88ec-46e0-ac36-d83474a1fe20
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:15 GMT

ww01.byethost4.com/bgkaRjEhm.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bgkaRjEhm.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bgkaRjEhm.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: b0cd724e-9e80-4ffe-b5c6-17c45bf252d9
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:15 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
bebc2b188f2e6f30bd76fb3bdde6b516
c7c8eacc568db4304061a200be47a77913af0791
8925975802e8c1d327bab4f247e819ff4e20f15da98586fe9ee062cc3c0c5034

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:15 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 2de9e85b-2176-4977-ae5c-60895fb6e486
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:15 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=6381715203995467&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203995469&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I

142.250.74.142

802 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=6381715203995467&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203995469&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (957)
Size
802 B (802 bytes)
Hash
5cb8e691790bda6e8bc1905a6fb8a8dc
3952e628cb0240c08cff241033613213a8a75565
bf51f63b0a2eac9e5de6620d0cb648ca0b3efb893fdf09199bc6d3292add6e0a

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=6381715203995467&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203995469&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:15 GMT
expires: Wed, 08 May 2024 21:33:15 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-BoVcUF8miTjS5ytdELigoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 802
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

177 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
177 B (177 bytes)
Hash
af0c6d909d25d71301b03cbb02ccf2db
a2f33b666e01bb80baa8792f83298e0d10dd16a5
961f3da44565c87b169e168d4261f3b33e35476f0e0b751e9a6d591ebd26c572

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Content-Length: 7149
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:15 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 177
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:16 GMT; Max-Age=900; path=/; httponly

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

76 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
76 kB (76073 bytes)
Hash
644c39cf967c8a65be37f000ec833445
cb1be70bcbdaf368299f11070512c8c817bdd0d6
5878205d5996b2118f1399c0de1261acfa9c3b6b0abab44fa8ee0d51d5c4c810

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:12 GMT
expires: Wed, 08 May 2024 21:33:12 GMT
cache-control: private, max-age=3600
etag: "18408918157281371790"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/bbRSdkndT.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bbRSdkndT.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bbRSdkndT.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 40911132-5f7f-4ed7-b125-87ed8068ec34
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:16 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
f221bbea312d2b520183a74af5077949
767e8cfbeeaf18ff4a2de016ee4a46d081db2505
8c9cd6fdf0d371e42af9711fa19971f417bb15c83856fb7c3d8d924abbf09763

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:16 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 085bb0e2-a62f-442e-ad94-fd58f90dd1e9
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:16 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=2701715203996674&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=2&u_his=4&u_tz=0&dt=1715203996676&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=631415066&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I

142.250.74.142

803 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=2701715203996674&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=2&u_his=4&u_tz=0&dt=1715203996676&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=631415066&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (955)
Size
803 B (803 bytes)
Hash
71704c014935ddb5c36b56e06cae4d2c
fe5e197b91cbc9e10bb7f3bcbf0b510bdc3ab2ee
019bb76f7b909ae7279596c40e4c62f048e20aaab3de5507010b6e15d3d2fc1a

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=2701715203996674&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=2&u_his=4&u_tz=0&dt=1715203996676&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=631415066&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:16 GMT
expires: Wed, 08 May 2024 21:33:16 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-nmsfeDJZZYa5x5Yhwc2NyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 803
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

148 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
148 kB (148200 bytes)
Hash
d10b908aa6c8fe60ca099100e2b085b3
4f75034ebaeffa71ab49cd8cad4a56d2ce56c4f2
772ff06bd8dbae3e7d658b9051fbd1f8e8ac9d7529033f2a1b94534181123348

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:16 GMT
expires: Wed, 08 May 2024 21:33:16 GMT
cache-control: private, max-age=3600
etag: "14858689741525678471"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
fd2547ffca8a2c9123cb8ea1301a6634
eae95b8a3068b214e179141cafa16dad733131ee
2ba658f97ae89d489f9516bc3f6189759867e66f6b98dff247d45a4c57129251

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:17 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 0d983a03-f5e9-4497-94a6-209aad346439
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:17 GMT

ww01.byethost4.com/bbWzBtows.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bbWzBtows.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bbWzBtows.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 82f19527-f4d2-494b-acd6-7268b5da0c86
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:17 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
8a59f85dc1e4262332f3a6489c9fc508
b4d974d43be8c8a6030d0bbd157fa1ca8a9688d4
ac781551b48b30c58203fa420c88a63056a3d716198a9b8741e1b87826689fff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:17 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 010f9fba-da6c-44a1-9dbc-a9bb0ed46b1b
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:17 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=2401715203997579&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203997580&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I

142.250.74.142

781 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=2401715203997579&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203997580&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (908)
Size
781 B (781 bytes)
Hash
af703ceb45a72283c70a36ee0cb96eeb
b7de49e9debbbbc8fc522598ac46ac4104bc6762
5dabf5f8eb537095d18a34f77a312702d8a75d3243e5dca80c2909cb63d2d4f7

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=2401715203997579&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=4&u_tz=0&dt=1715203997580&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:17 GMT
expires: Wed, 08 May 2024 21:33:17 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-_iNSV1BzJvqStFG-vqnLNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 781
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

179 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
179 B (179 bytes)
Hash
d647986df5ceba6f029a901163aa29a8
2f5bd0f439ecedb51a6e327cf31a3fddd712d917
fd6779659c6bc4c437bf285f80c93c9c7f16813a768a5bd18cc4fb3ad0dfb6b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Content-Length: 7149
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:17 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 179
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:18 GMT; Max-Age=900; path=/; httponly

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
6102416f72aad6077b81d5ea3e408efc
13c735370e6e1a1344fc3ae73750ea68ce8ecba4
1882b96f8592311850f56c78cf2ebb7e0735e45c96da05a40da607187fe6700b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:18 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: eb058cab-cd24-4ba4-89e0-1cac0f9c3922
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:18 GMT

ww01.byethost4.com/bjlahddrc.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bjlahddrc.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bjlahddrc.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:18 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: d6ee8d37-c742-402f-8d29-15dd1c2b34e0
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:18 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5413), with no line terminators
Size
5.4 kB (5413 bytes)
Hash
52cb1fbf66b1c82e3e1e36d9d88b95fa
a19a9ac65aa54642585996dc9bc2190e8ae00c46
082656fcfc4e31207df94a91dc24e36d1816842321d62e340aa47c41fe69cc0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:18 GMT
content-type: application/json; charset=utf-8
content-length: 5413
x-request-id: 47755120-193d-42ef-8f6c-c78c2db333eb
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:18 GMT

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

149 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
149 kB (148806 bytes)
Hash
35a1f08f2d2e0511051bf54c1ce7b897
566f9b17bff9b5675ebefabd3f2fc401366a91c0
9a3e3a5511d05976bb0cfb9e69f1cd6abf0fd417b504b8bfe0762019c124e8af

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:17 GMT
expires: Wed, 08 May 2024 21:33:17 GMT
cache-control: private, max-age=3600
etag: "5955863232234845859"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

74 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
74 kB (74184 bytes)
Hash
b8ceb0ba3941abfba45c22845c8b4f06
d029c84edc2250e61a3869d7f5e51ee261239bf4
323484b6d68dcbcd6fef6f5c850c1dba00dbab3d0a3edd65ec90d5b142ffeff4

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:18 GMT
expires: Wed, 08 May 2024 21:33:18 GMT
cache-control: private, max-age=3600
etag: "5778538521678302269"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
cd7c7c45eeeaefd0c2ac359d607d7e26
eaf416a40813dc52f347f1eff561a534bf1221a8
e1704ff3278d20e173dfd4c0b741e1a803e958c7f4a0866ca0b4b4d8c9cbab80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:19 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 1e9a3b22-dd59-4f3b-b2dc-b778a5efed69
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_S8HZ+0NBhqHV49kDpEz5eTxE/CfIkoYSXDsJjOGZz1qsqPD6r2Qxyx0slPizz6BTihn6nim9mE6bYCWELg5sqA==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:19 GMT

ww01.byethost4.com/biRdGczYc.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/biRdGczYc.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /biRdGczYc.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 910c5a0f-4385-49d6-bd7b-5814df4302fe
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:19 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
be31a7d6273a693275ec3890429c3335
7571ff54de915b6dff4b93557c1d6674c1495454
0926a14d2d106fab3d4e7f9c60c81e64d4ea58bd14a3e3a2df94ec7148963129

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:19 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 5d6a936b-a1c4-4145-a173-050312871ab3
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:19 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1021715203999355&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=5&u_tz=0&dt=1715203999357&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I

142.250.74.142

779 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1021715203999355&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=5&u_tz=0&dt=1715203999357&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (908)
Size
779 B (779 bytes)
Hash
87d6bfa6259f93113e8e8fdc96321609
a857633ba35cea1148d57670a372252e50232171
29f6063e15b56e0b5585d5f33b74d4fff134351996f415228356b5d149bcd902

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1021715203999355&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=5&u_tz=0&dt=1715203999357&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:19 GMT
expires: Wed, 08 May 2024 21:33:19 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-4uAPNUpLyoR2C011s-b2sA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 779
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

177 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
177 B (177 bytes)
Hash
0e3b65720a47fbea7e3f560822eb5beb
e90b167fe54c33601b4e62603f27d0b97fc0383d
6e64b558ce98e623fd5b66315b3daebdde69f90219dab04a94aa4f5f9eb12e60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Content-Length: 7149
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:19 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 177
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:19 GMT; Max-Age=900; path=/; httponly

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
3688a1c403a2cf70ce271f6ca431c265
890cb4f7e698e1fdf141a55dd94146f61d943253
c696ddc006e925579cd868e153d2d74b83ea0c1b652b0ef3f09931acaf023ba2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:19 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 7dc30b0a-8f2c-47f9-a596-7f0bb0f12b98
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:20 GMT

ww01.byethost4.com/bRyLTuCLi.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bRyLTuCLi.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bRyLTuCLi.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 90043d52-86e7-4bf8-be99-e69e5a887ce2
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:20 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5413), with no line terminators
Size
5.4 kB (5413 bytes)
Hash
ec1e90f15319ddb66fa5b4c56ec8cf1e
a6cb39ceba881af284dff3497bab88b466d8406a
b9a514a65ebe96fcba362dd16cd9ad02fea0ac9dc20a2a5e9639a23c60bcebbc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:19 GMT
content-type: application/json; charset=utf-8
content-length: 5413
x-request-id: 428beef9-749a-46eb-9810-60ad52f3a0f3
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:20 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=21715204000306&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=2&u_his=6&u_tz=0&dt=1715204000308&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=631415066&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I

142.250.74.142

781 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=21715204000306&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=2&u_his=6&u_tz=0&dt=1715204000308&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=631415066&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (908)
Size
781 B (781 bytes)
Hash
a6f273b9bf868b75aa0cb74a967ef07c
0294dfdcf3e152d73db549490a7d4270a3a8f718
2d33a32ac386da32f718513e20d4958863f7fcb87452f35eae0e9e2b4d3e6df3

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=21715204000306&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=2&u_his=6&u_tz=0&dt=1715204000308&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=631415066&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:20 GMT
expires: Wed, 08 May 2024 21:33:20 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-d9pwtUZTbjfK-ULJfA-AIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 781
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

148 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
148 kB (148203 bytes)
Hash
5fd320622da548537bdd60f399d33042
bbf6e7b6bbabb7364400e6e48c1dbac60f8122ab
e04a3da389c9a37fd53c1f33c172fcb837d1f8dc03eec3fab800ce1ef0875152

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:15 GMT
expires: Wed, 08 May 2024 21:33:15 GMT
cache-control: private, max-age=3600
etag: "15804660649526306264"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
e4e208e7762f2b6fbaed6582d5d82521
aa63ba74ee17a77b5fb7fcba437c96c5d8c77761
10173668944f44cc09db322c830bb0f9d51734412a016c9e46c3d3b21617d8cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:20 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 0903fe42-f3de-48f4-a960-86e12ddb3a7d
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_S8HZ+0NBhqHV49kDpEz5eTxE/CfIkoYSXDsJjOGZz1qsqPD6r2Qxyx0slPizz6BTihn6nim9mE6bYCWELg5sqA==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:21 GMT

ww01.byethost4.com/bkvuwnvqU.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bkvuwnvqU.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bkvuwnvqU.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 1b61d8dd-cc5a-4ec3-af63-d3128e6f39d7
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:21 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
c2c6dc0f971ae1ce8e73cb275ae42d64
0a1371e7c35246e5d99c4ae3ad12d2307891bae2
56c7b0100a49573dddc3a060e6c24d3f7c57014fab4c8c57e5307866668f96ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:20 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 841dd8eb-b2a4-4536-84e9-788cecf05afc
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:21 GMT

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

149 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
149 kB (148823 bytes)
Hash
a8b17c0a6c3a726d1444ad97c64e53a4
50fc0883d01811cdd18a7f6adf812425b47f7301
1434b440adee422c5b7e47c441dbc7d5f268f76c6d58dd18c8f8af60a5ab9646

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:14 GMT
expires: Wed, 08 May 2024 21:33:14 GMT
cache-control: private, max-age=3600
etag: "4567345819176541143"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

74 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
74 kB (74184 bytes)
Hash
c97a7212b89ccdb51b1df7af105d93e1
4cfa329588159731262d0784c04b50ab5a4b9ec5
c36650645d7f5229ab234b7c2f37d227f1c738360d505a1c9769325c47395442

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:21 GMT
expires: Wed, 08 May 2024 21:33:21 GMT
cache-control: private, max-age=3600
etag: "5778538521678302269"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
afe00fd485ce68b3707731261791d234
863b24fc3064126b20350d6451a3e32286cab5f8
d430be82fd1706636606894ffa9ca2936868842c263ff9f497eb7dcd56b91499

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:21 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 9fdf65ed-8533-4667-858a-0e4519d9efef
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:22 GMT

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

108 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
108 kB (107801 bytes)
Hash
5d0462f8f946c79f4173461b849731a1
d592e95a14c79bb1eade2986ae9aa9e3a7a4d900
265bf2bed767e255d0169d760124a792a47c842ee2d4a8a989dcbe66730624d2

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:13 GMT
expires: Wed, 08 May 2024 21:33:13 GMT
cache-control: private, max-age=3600
etag: "7664028437327203187"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5413), with no line terminators
Size
5.4 kB (5413 bytes)
Hash
4ac7204fa7801b57f9db2f767f3461e5
b9c0360b26a2cf779d3b44dbef3ce0063535736a
59f2ff1d7d62c8544ecffae5a3bc10eb8f5f6e039e9fbb441ca66af7016de610

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:22 GMT
content-type: application/json; charset=utf-8
content-length: 5413
x-request-id: a4dfa7cd-6ef0-4e3e-8f18-5c3c68d51e6e
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:22 GMT

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

75 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
75 kB (74791 bytes)
Hash
136e576a946d56e3f3b5867ae816b522
ff704f04e89366ce5984cca364cdfbc452586993
ccc8f9e638a997173808dd63e63e1c7c49cefd1da6b1650eddaa0050d9d13712

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:22 GMT
expires: Wed, 08 May 2024 21:33:22 GMT
cache-control: private, max-age=3600
etag: "5955863232234845859"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

74 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
74 kB (74188 bytes)
Hash
32a019c09f764abc4535c47d79be5358
6478c95f996fbe9462a7283060952b141d9098c4
dcf7bd6d892d9b901fe7ebd3c2aa80226928600125e4638a0976002374f9cf81

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:22 GMT
expires: Wed, 08 May 2024 21:33:22 GMT
cache-control: private, max-age=3600
etag: "15804660649526306264"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
ff134c24768aa8ddd96b9de187c53240
3430ed50f90c9027b2f08220eee3327b4257244d
c08d93c879919e3797c953bc875be3d1c3f74abbda6c80ef99ba90bcab3d6739

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:23 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 8b606120-2f99-49b2-8c3a-f9350f8105f8
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_S8HZ+0NBhqHV49kDpEz5eTxE/CfIkoYSXDsJjOGZz1qsqPD6r2Qxyx0slPizz6BTihn6nim9mE6bYCWELg5sqA==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:23 GMT

ww01.byethost4.com/bbutwSePU.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bbutwSePU.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bbutwSePU.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 88c30767-2259-478b-ad90-4364a507ac3f
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:23 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5413), with no line terminators
Size
5.4 kB (5413 bytes)
Hash
c2c18ebd43730af341209d213861d4d4
5180bbb0295690c3a8d3d61dcb51a479779548cc
0efa9936741b7efe4f34c072559341320f9a94195141a866d446d91239eb7af2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:23 GMT
content-type: application/json; charset=utf-8
content-length: 5413
x-request-id: b41f8632-9d6f-4488-b6d9-823fe6475c9f
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:23 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=9221715204003733&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=9&u_tz=0&dt=1715204003735&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I

142.250.74.142

781 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=9221715204003733&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=9&u_tz=0&dt=1715204003735&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (908)
Size
781 B (781 bytes)
Hash
88ce3e18eb24e52b6f01d8cfe3e24534
1a87de5f13e3bdc39ffb85f06a72c50123486a8b
8ebd9370a563d661c758b0126f30bf0fe10eae02b2c87bfe68aaeb07d9d4dcdc

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=9221715204003733&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=9&u_tz=0&dt=1715204003735&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:23 GMT
expires: Wed, 08 May 2024 21:33:23 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-CbkVUyMIM9dfaMCzsZXu2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 781
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

84 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
84 kB (83761 bytes)
Hash
341b4d9dc8d1a62ab7897e69bcf4edb9
1bd7bf6ae427548f3de7ca78e5746b2b944fbde2
6e424529e9d06d119d0b43f297bf44ed30b1b2072e298ec86800548fb3219daf

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:15 GMT
expires: Wed, 08 May 2024 21:33:15 GMT
cache-control: private, max-age=3600
etag: "2259117186216259517"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

178 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
178 B (178 bytes)
Hash
53ac3ed0d7668fb61017fb92c834c24f
48333badef7bab0e69c83370779967d7fd7e266e
19dcb256708db6c8af8b68246be439413fe88d43b6f91faa40fe0725c504c17e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Content-Length: 7153
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:24 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 178
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:24 GMT; Max-Age=900; path=/; httponly

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
dae2265856985758d8a73f16d2a6ca0a
806ba7b516edaa2f06076f5e507f1d065c9e980c
64540e3a570afd97716d5f08942b2241f2609a97c064ea4526f296483b52196b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:24 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: ed08a9fb-d37a-4067-ad71-d6796ef9a858
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_S8HZ+0NBhqHV49kDpEz5eTxE/CfIkoYSXDsJjOGZz1qsqPD6r2Qxyx0slPizz6BTihn6nim9mE6bYCWELg5sqA==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:24 GMT

ww01.byethost4.com/biNSANlQL.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/biNSANlQL.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /biNSANlQL.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 2863ea38-810a-4eb4-8796-c390915c6562
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:24 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.4 kB (5409 bytes)
Hash
2e64d2153a0985f5d247f3db460ffc8d
428574bc090d8a70b4378eddd8c02ca222f6c7eb
7aad057c6814de789b48d1782172bb27682489d7e0f71bf6b9e201dbc435ca4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:24 GMT
content-type: application/json; charset=utf-8
content-length: 5409
x-request-id: 38bce6fd-2137-4d9f-8a31-b4e6110201bc
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:24 GMT

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=691715204004923&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=9&u_tz=0&dt=1715204004924&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I

142.250.74.142

783 B

URL
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=691715204004923&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=9&u_tz=0&dt=1715204004924&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (908)
Size
783 B (783 bytes)
Hash
d068b09b67554d638c8c6140f1e7ad98
362042801e35f4129e4ed40aff82dad0fd93e6c4
971394595bb1f63533c62ce692ce54e7265564c1c5bfd9b58ac04d764ef80af5

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol321%2Cpid-bodis-gcontrol486%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww01.byethost4.com%2F%3Fcaf%3D1%26bpt%3D345%26dn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2894319533101138&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=691715204004923&num=0&output=afd_ads&domain_name=ww01.byethost4.com&v=3&bsl=8&pac=0&u_his=9&u_tz=0&dt=1715204004924&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I&referer=http%3A%2F%2Fww01.byethost4.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D8ede4d6f-23bf-4af6-a7c5-d57be7c894a0%26pid%3D9POT3387I HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 08 May 2024 21:33:24 GMT
expires: Wed, 08 May 2024 21:33:24 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-7iQez9iQ8sv52DiUCVGN8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 783
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

81 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
81 kB (80956 bytes)
Hash
f85bd89b8f5502f7169fd00367593a33
7db2c515b0ee6fdbfce45b9f286594bac7f1bb83
3a857f42af0072b116144f04d640a151eb3d106e548b42fea601d93e4cd8e89d

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:14 GMT
expires: Wed, 08 May 2024 21:33:14 GMT
cache-control: private, max-age=3600
etag: "2259117186216259517"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

178 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
178 B (178 bytes)
Hash
4cec213e175e37ab6ec46b9136e2eb71
74d1e3afbdb936ac1af42b3826aaabdf3b018444
bba4cce972533d930ad39ddb4cd474ea54720ba58c24a5fa2ca87e185998a68b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
Content-Type: application/json
Content-Length: 7149
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:25 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 178
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:25 GMT; Max-Age=900; path=/; httponly

199.59.243.225

2.1 kB

URL
ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1334)
Size
2.1 kB (2066 bytes)
Hash
644e14ee274ba5b657433b8ee5553c2f
5b6b152d77ad0b471778ffbd234076a4906fbc1c
0e9d1173dbc57c2382261df3cb72e68982dbc488e07f2a6c9268d62124fff361

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=8ede4d6f-23bf-4af6-a7c5-d57be7c894a0&pid=9POT3387I
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:25 GMT
content-type: text/html; charset=utf-8
content-length: 2066
x-request-id: 6265083e-b31f-4c20-b988-86790e7c8b12
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LDBEdxtuLckXq3KV8LVF0LIw2Q57S97YqwnHQgjqGgd/BThVazC3r6bjh8WlaLQfzbluA7OyokMOPpQ3HAUrTg==
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:25 GMT

ww01.byethost4.com/bCyLKKBUh.js

199.59.243.225

34 kB

URL
ww01.byethost4.com/bCyLKKBUh.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bCyLKKBUh.js HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 645cf02a-8ac5-4771-ad8c-94737aa37e46
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:25 GMT

199.59.243.225

5.4 kB

URL
ww01.byethost4.com/_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5401), with no line terminators
Size
5.4 kB (5401 bytes)
Hash
47d0fb907fa41f621d881b3f19bc3844
8a7ed3ffd6ebe8ba2dacb7898dafc88956a11f45
8f5973cf6d9966fa62df121d1cc2d99863f30afeb749ac23c7d4d5deca705a0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Wed, 08 May 2024 21:33:25 GMT
content-type: application/json; charset=utf-8
content-length: 5401
x-request-id: 514235c4-34db-4071-abf2-f8f6561ea472
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:25 GMT

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

149 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
149 kB (148826 bytes)
Hash
b3f64c30214536a061efe689a4de9cf1
064afcf1ca293e98e47d59d0f2ab3ac417559455
6e4bd69a7b94fbc506a60bc78cc981ff57291992e3e27e531ab05ab7a17f07ae

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:25 GMT
expires: Wed, 08 May 2024 21:33:25 GMT
cache-control: private, max-age=3600
etag: "8198968192214571772"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww01.byethost4.com/_zc

199.59.243.225

178 B

URL
ww01.byethost4.com/_zc
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
178 B (178 bytes)
Hash
1201c7f38d74d3cdb72cb83c22ea4bcb
99bbdf68a293677b8c1ddcda67c9f59f4dfc3d7f
66eab0ca678c7113153b3e241a6be822a8dd7cb1049c3a42a0f716152bde6181

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_zc HTTP/1.1
Host: ww01.byethost4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.byethost4.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Content-Type: application/json
Content-Length: 7141
Origin: http://ww01.byethost4.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Wed, 08 May 2024 21:33:26 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 178
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=3170a601-b2d1-4e4d-a722-f2826feec351; expires=Wed, 08 May 2024 21:48:26 GMT; Max-Age=900; path=/; httponly

iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I

208.91.196.46

200 OK

37 kB

URL User Request GET HTTP/1.1
iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (10738), with CRLF, LF line terminators
Size
37 kB (36652 bytes)
Hash
6f54a395f30e1a6035b0978648eafee2
a31f19a4e1c034d1f63d7d73a7560eff1b60acf7
633ba693dbcca621305bbd2946e20308fda2a2bed2345436675a692ef040ca19

HTTP Headers

GET /?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww01.byethost4.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:25 GMT
Server: Apache
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_lIbsZ9O9rlnhboTBa4VaYq4IkazfNDrWju88/mC9DIFrvuvi7NrtnyRD7LX0OuapxRAVFylUe+gGcteNSWe4OA==
Keep-Alive: timeout=5, max=118
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

iyfbodn.com/px.js?ch=1

208.91.196.46

200 OK

346 B

URL GET HTTP/1.1
iyfbodn.com/px.js?ch=1
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

HTTP Headers

GET /px.js?ch=1 HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=117
Connection: Keep-Alive
Content-Type: application/javascript

cdn.consentmanager.net/delivery/js/cmp_en.min.js

185.76.9.24

200 OK

94 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/js/cmp_en.min.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint87:A7:6F:22:26:60:66:88:EF:24:3A:3C:5F:C3:B4:5D:03:F7:88:7B
ValidityFri, 26 Apr 2024 11:50:47 GMT - Thu, 25 Jul 2024 11:50:46 GMT

File type
gzip compressed data, from Unix
Size
94 kB (93665 bytes)
Hash
bf94a9717f9cceb70b291d3572ae14f6
ba18e76f7b587e91ef82873e07a1223f90c696f1
3c5861e640a1d23eca494deb44703debe771a8e5c3af580bc61a9ee2e6d41a52

HTTP Headers

GET /delivery/js/cmp_en.min.js HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 24 Apr 2024 09:35:32 GMT
etag: W/"68f99-616d4644e6100"
cache-control: max-age=86400
expires: Thu, 25 Apr 2024 09:41:22 GMT
edge-control: max-age=86400
x-77-nzt: EwwBuUwJFAH32KYAAAgBuUwKDAGhDAGKxyXBAfdJFAAA
x-77-nzt-ray: af585630c3119fc2a8ef3b66389a7914
x-accel-expires: @1715247696
x-accel-date: 1715161296
x-77-cache: HIT
x-77-age: 42712
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 42712
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

iyfbodn.com/__media__/js/min.js?v2.3

208.91.196.46

200 OK

8.4 kB

URL GET HTTP/1.1
iyfbodn.com/__media__/js/min.js?v2.3
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
JavaScript source, ASCII text, with very long lines (8349), with CRLF line terminators
Size
8.4 kB (8435 bytes)
Hash
c16c3a4c0fad29106f34d00e89f6886e
6e11811ab8a98bb295b0916cdee68b302c33403d
097786d677a859b7bc87e285377b083b76d66a2fc2832a16bcd50b0e99df77ff

HTTP Headers

GET /__media__/js/min.js?v2.3 HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Thu, 16 Feb 2023 20:42:19 GMT
ETag: "20f3-5f4d73ba0384e"
Accept-Ranges: bytes
Content-Length: 8435
Keep-Alive: timeout=5, max=121
Connection: Keep-Alive
Content-Type: application/javascript

iyfbodn.com/px.js?ch=2

208.91.196.46

200 OK

346 B

URL GET HTTP/1.1
iyfbodn.com/px.js?ch=2
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

HTTP Headers

GET /px.js?ch=2 HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=122
Connection: Keep-Alive
Content-Type: application/javascript

cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8zMzY2NC54XzMzLnYucC50XzMzNjY0Lnh0XzMz.js

185.76.9.24

200 OK

26 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8zMzY2NC54XzMzLnYucC50XzMzNjY0Lnh0XzMz.js
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint87:A7:6F:22:26:60:66:88:EF:24:3A:3C:5F:C3:B4:5D:03:F7:88:7B
ValidityFri, 26 Apr 2024 11:50:47 GMT - Thu, 25 Jul 2024 11:50:46 GMT

File type
gzip compressed data, from Unix
Size
26 kB (26315 bytes)
Hash
fa2937e94c56fb4fffd5fe243a55d4cf
8535f60a2ca9b93a64d7b87b9ce089c6b5c2279b
bb2d859de7746c91632d7d8b9edd38121f10f118a77efca03867c1037eb98789

HTTP Headers

GET /delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8zMzY2NC54XzMzLnYucC50XzMzNjY0Lnh0XzMz.js HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-xss-protection: 0
expires: Wed, 08 May 2024 21:34:41 GMT
cache-control: public, max-age=1800
edge-control: public, max-age=1800
last-modified: Wed, 08 May 2024 21:04:41 GMT
x-77-nzt: EwwBuUwJFAH3vgYAAAwBuUwKAQGzCQcAAAwBJRPCLgH3AQAAAA
x-77-nzt-ray: af585630c3119fc2a8ef3b669e164324
x-accel-expires: @1715204081
x-accel-date: 1715202282
x-77-cache: HIT
x-77-age: 1726
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 1726
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.delivery.consentmanager.net/delivery/info/?id=68884&did=2&cfdid=2&t=cv&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&o=1715204008662&l=EN&lv=96961&d=2&ct=14&e=&e2=&e3=&i=&sv=19&dv=33&

87.230.98.78

200 OK

43 B

URL GET HTTP/2
a.delivery.consentmanager.net/delivery/info/?id=68884&did=2&cfdid=2&t=cv&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&o=1715204008662&l=EN&lv=96961&d=2&ct=14&e=&e2=&e3=&i=&sv=19&dv=33&
IP
87.230.98.78:443
ASN
#61157 PlusServer GmbH

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint69:B9:38:2C:D2:98:EE:BC:2E:9B:83:33:E4:2F:BC:73:04:51:C8:79
ValidityThu, 14 Mar 2024 00:37:17 GMT - Wed, 12 Jun 2024 00:37:16 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

HTTP Headers

GET /delivery/info/?id=68884&did=2&cfdid=2&t=cv&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&o=1715204008662&l=EN&lv=96961&d=2&ct=14&e=&e2=&e3=&i=&sv=19&dv=33& HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
cache-control: no-store, no-cache, must-revalidate
edge-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Dec 1994 16:00:00 GMT
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
last-modified: Wed, 08 May 2024 21:33:28 GMT
content-length: 43
content-type: image/gif
X-Firefox-Spdy: h2

iyfbodn.com/__media__/pics/29590/bg1.png

208.91.196.46

200 OK

18 kB

URL GET HTTP/1.1
iyfbodn.com/__media__/pics/29590/bg1.png
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
PNG image data, 1730 x 988, 4-bit colormap, non-interlaced
Size
18 kB (17986 bytes)
Hash
825ccd29ac102fcadaf92b2343d5917b
24472e766cfac5b82a73b219796556a0a3702bd6
0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd

HTTP Headers

GET /__media__/pics/29590/bg1.png HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: __cmpcc=1; __cmpconsentx68884=CP-S4UAP-S4UAAfN0CENAzEgAAAAAAAAAAigAAAAAAAA; __cmpcccx68884=aBP-V1yWAAADgAXACCAE0ALwDiQIOAqIADWzstn1bhY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 12:16:35 GMT
ETag: "4642-5ee4a7e31c9c9"
Accept-Ranges: bytes
Content-Length: 17986
Keep-Alive: timeout=5, max=128
Connection: Keep-Alive
Content-Type: image/png

iyfbodn.com/__media__/pics/28905/arrrow.png

208.91.196.46

200 OK

283 B

URL GET HTTP/1.1
iyfbodn.com/__media__/pics/28905/arrrow.png
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
PNG image data, 17 x 27, 8-bit colormap, non-interlaced
Size
283 B (283 bytes)
Hash
80d42c82a6c37da90210fd60a2f36128
554ba7c84d2a27ecf3b1f29d03e62101936b54d8
a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10

HTTP Headers

GET /__media__/pics/28905/arrrow.png HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: __cmpcc=1; __cmpconsentx68884=CP-S4UAP-S4UAAfN0CENAzEgAAAAAAAAAAigAAAAAAAA; __cmpcccx68884=aBP-V1yWAAADgAXACCAE0ALwDiQIOAqIADWzstn1bhY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Tue, 04 Jan 2022 14:44:27 GMT
ETag: "11b-5d4c2ac970ed9"
Accept-Ranges: bytes
Content-Length: 283
Keep-Alive: timeout=5, max=114
Connection: Keep-Alive
Content-Type: image/png

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

77 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
77 kB (76656 bytes)
Hash
842dbbb6aacdecbb1f811498f95055ac
ec90296aefa4935be20389c2f739288d63a9ec2e
d487475976f44e11ea22d5aba9e9263bc2678381a07c7ab7f8266a36c556eb50

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:20 GMT
expires: Wed, 08 May 2024 21:33:20 GMT
cache-control: private, max-age=3600
etag: "14858689741525678471"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.142

91 kB

URL
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
91 kB (91277 bytes)
Hash
661f23b163d30fe851ab70ba16e298d8
d9127b41406f4a72713cfa09409e0313d400da50
90b35b1d350c36d9da4263f85a7c3e5ab26d7fafceb073a8834df62b05f8df8b

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:19 GMT
expires: Wed, 08 May 2024 21:33:19 GMT
cache-control: private, max-age=3600
etag: "8198968192214571772"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.132

91 kB

URL
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
91 kB (91328 bytes)
Hash
c5352d6b49ddb6bca4f5fbc6caefdab3
4419fde96336e4dd633c7e0e30f123434c60fa63
3bf90c5c0db7033b8e3a0741660c421b53a4e3a626abcfa04215a5709f578b82

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.byethost4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 08 May 2024 21:33:19 GMT
expires: Wed, 08 May 2024 21:33:19 GMT
cache-control: private, max-age=3600
etag: "6994515115610601966"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

iyfbodn.com/favicon.ico

208.91.196.46

404 Not Found

10 B

URL GET HTTP/1.1
iyfbodn.com/favicon.ico
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
ASCII text, with no line terminators
Size
10 B (10 bytes)
Hash
6608dd3e21ca3beabd4bdfa625a0b221
e926d0f8694a4bc4013308afaca7af51e4c9fd9f
c75eb01138771bfb2a5517aeae882356733782767c4560cc9601c34d2591ca75

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: __cmpcc=1; __cmpconsentx68884=CP-S4UAP-S4UAAfN0CENAzEgAAAAAAAAAAigAAAAAAAA; __cmpcccx68884=aBP-V1yWAAADgAXACCAE0ALwDiQIOAqIADWzstn1bhY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 21:33:28 GMT
Server: Apache
Content-Length: 10
Keep-Alive: timeout=5, max=115
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

cdn.consentmanager.net/delivery/recall/logos/68884

185.76.9.24

200 OK

4.2 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/recall/logos/68884
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint87:A7:6F:22:26:60:66:88:EF:24:3A:3C:5F:C3:B4:5D:03:F7:88:7B
ValidityFri, 26 Apr 2024 11:50:47 GMT - Thu, 25 Jul 2024 11:50:46 GMT

File type
SVG Scalable Vector Graphics image
Size
4.2 kB (4172 bytes)
Hash
46d40c431f8e14f71ab8f2f31eee942b
4f2140ab124f17c65f4a1d7998301b4747d1f87b
042c930c16842f0c1a14d5c16d23429d075c1ebdd16cad3ddd6f0d94ab0ae0ae

HTTP Headers

GET /delivery/recall/logos/68884 HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
content-type: image/svg+xml
vary: Accept-Encoding
expires: Thu, 09 May 2024 12:36:24 GMT
cache-control: public, max-age=86400
edge-control: public, max-age=86400, max-age=2592000
x-77-nzt: EwwBuUwJFAH3330AAAwBuUwKDAH3AQAAAAwBisclxAGTgVEBAA
x-77-nzt-ray: af585630c3119fc2a8ef3b66631edd26
x-accel-expires: @1715258184
x-accel-date: 1715171785
x-77-cache: HIT
x-77-age: 32223
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 32223
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

iyfbodn.com/sk-logabpstatus.php?a=ak9GR0ZwNTR4NDFiNll5NTM0bEFqSHJ2dktCNFNGakpjdGpDbE55UTJOUXhPaW5BQ050SVM3Qi9nTG4xS0Nyb0dWcmFPSFA5bzhXdFZVVDBIbEMrTnhReFpNNkFTVE5NQTNsdWw4L3hwWFlITkUvZ2l6OUVrOWNRcEN0cHNaaGs=&b=true

208.91.196.46

200 OK

0 B

URL GET HTTP/1.1
iyfbodn.com/sk-logabpstatus.php?a=ak9GR0ZwNTR4NDFiNll5NTM0bEFqSHJ2dktCNFNGakpjdGpDbE55UTJOUXhPaW5BQ050SVM3Qi9nTG4xS0Nyb0dWcmFPSFA5bzhXdFZVVDBIbEMrTnhReFpNNkFTVE5NQTNsdWw4L3hwWFlITkUvZ2l6OUVrOWNRcEN0cHNaaGs=&b=true
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sk-logabpstatus.php?a=ak9GR0ZwNTR4NDFiNll5NTM0bEFqSHJ2dktCNFNGakpjdGpDbE55UTJOUXhPaW5BQ050SVM3Qi9nTG4xS0Nyb0dWcmFPSFA5bzhXdFZVVDBIbEMrTnhReFpNNkFTVE5NQTNsdWw4L3hwWFlITkUvZ2l6OUVrOWNRcEN0cHNaaGs=&b=true HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: __cmpcc=1; __cmpconsentx68884=CP-S4UAP-S4UAAfN0CENAzEgAAAAAAAAAAigAAAAAAAA; __cmpcccx68884=aBP-V1yWAAADgAXACCAE0ALwDiQIOAqIADWzstn1bhY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Content-Length: 0
Keep-Alive: timeout=5, max=121
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&o=1715204008255

87.230.98.78

200 OK

1.2 kB

URL GET HTTP/2
a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&o=1715204008255
IP
87.230.98.78:443
ASN
#61157 PlusServer GmbH

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint69:B9:38:2C:D2:98:EE:BC:2E:9B:83:33:E4:2F:BC:73:04:51:C8:79
ValidityThu, 14 Mar 2024 00:37:17 GMT - Wed, 12 Jun 2024 00:37:16 GMT

File type
ASCII text, with very long lines (1296), with no line terminators
Size
1.2 kB (1226 bytes)
Hash
6ef40b87face3b7e5ea443df00a7a0be
0d3f37ffd4ad11dae040deb7f5b5de891e8857e8
7a1eebd2116a1138ac632131ffb8a5ac9664710810b8adb56a9160e95c5eeb2e

HTTP Headers

GET /delivery/cmp.php?&cdid=21fdca2281833&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&o=1715204008255 HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
cache-control: no-store, no-cache, must-revalidate
edge-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Dec 1994 16:00:00 GMT
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
last-modified: Wed, 08 May 2024 21:33:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en

87.230.98.78

200 OK

5.4 kB

URL GET HTTP/2
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.78:443
ASN
#61157 PlusServer GmbH

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint69:B9:38:2C:D2:98:EE:BC:2E:9B:83:33:E4:2F:BC:73:04:51:C8:79
ValidityThu, 14 Mar 2024 00:37:17 GMT - Wed, 12 Jun 2024 00:37:16 GMT

File type
ASCII text, with very long lines (5910), with no line terminators
Size
5.4 kB (5442 bytes)
Hash
f1a72b7281a20327140f334a9f8ba50c
dd11fb9c2ae07dcddf6e233e51efb7f96ed5798e
1f70f860cbde98fea033bd57fd7bf8c24b4c98437edaf30a8d1ab052cd33f535

HTTP Headers

GET /delivery/cmp.php?__cmpcc=2&__cmpfcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
cache-control: no-store, no-cache, must-revalidate
edge-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Dec 1994 16:00:00 GMT
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
last-modified: Wed, 08 May 2024 21:33:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

a.delivery.consentmanager.net/delivery/info/?id=68884&did=2&cfdid=31746&t=pv.d_ncs.d_ancs.d_bncs.cf.cfx&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&o=1715204008659&l=EN&lv=96961&d=2&ct=14&e=&e2=&e3=&i=&sv=19&dv=33&

87.230.98.78

200 OK

43 B

URL GET HTTP/2
a.delivery.consentmanager.net/delivery/info/?id=68884&did=2&cfdid=31746&t=pv.d_ncs.d_ancs.d_bncs.cf.cfx&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&o=1715204008659&l=EN&lv=96961&d=2&ct=14&e=&e2=&e3=&i=&sv=19&dv=33&
IP
87.230.98.78:443
ASN
#61157 PlusServer GmbH

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint69:B9:38:2C:D2:98:EE:BC:2E:9B:83:33:E4:2F:BC:73:04:51:C8:79
ValidityThu, 14 Mar 2024 00:37:17 GMT - Wed, 12 Jun 2024 00:37:16 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

HTTP Headers

GET /delivery/info/?id=68884&did=2&cfdid=31746&t=pv.d_ncs.d_ancs.d_bncs.cf.cfx&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&o=1715204008659&l=EN&lv=96961&d=2&ct=14&e=&e2=&e3=&i=&sv=19&dv=33& HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
cache-control: no-store, no-cache, must-revalidate
edge-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Dec 1994 16:00:00 GMT
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
last-modified: Wed, 08 May 2024 21:33:28 GMT
content-length: 43
content-type: image/gif
X-Firefox-Spdy: h2

cdn.consentmanager.net/delivery/flags-rect/en.svg

185.76.9.24

200 OK

31 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/flags-rect/en.svg
IP
185.76.9.24:443
ASN
#60068 Datacamp Limited

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint87:A7:6F:22:26:60:66:88:EF:24:3A:3C:5F:C3:B4:5D:03:F7:88:7B
ValidityFri, 26 Apr 2024 11:50:47 GMT - Thu, 25 Jul 2024 11:50:46 GMT

File type
SVG Scalable Vector Graphics image
Size
31 kB (30966 bytes)
Hash
bd6a0ea3787e858b72d71dac1438fedd
d59ba1a15ada77c2bc7a8edaa117f20893b3ee03
467dc751e1a67b8c2211ea6b0d5a8e77774f7e17bd542f8811c31f03d4d39907

HTTP Headers

GET /delivery/flags-rect/en.svg HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Fri, 15 Jul 2022 22:22:41 GMT
etag: W/"78f6-5e3df74d6ce40"
cache-control: max-age=31536000
expires: Sat, 15 Feb 2025 13:39:56 GMT
edge-control: max-age=2592000
x-77-nzt: EwwBuUwJFAH3r31sAAwBuUwKDAH3SgwAAAwBJRPCNAH3AwAAAA
x-77-nzt-ray: af585630c3119fc2a8ef3b668c82b728
x-accel-expires: @1739626796
x-accel-date: 1708093945
x-77-cache: HIT
x-77-age: 7110063
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 7110063
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

iyfbodn.com/__media__/fonts/montserrat-bold/montserrat-bold.woff

208.91.196.46

200 OK

17 kB

URL GET HTTP/1.1
iyfbodn.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
Web Open Font Format, TrueType, length 17312, version 2.1
Size
17 kB (17312 bytes)
Hash
bebe201d813feaad85a3e66607d0da3a
28b049502afa8e9db5340c1a92400591b39870e8
58bb75322beb862803b0d156e1a1d01fb1e7fde82ee93c929b08bf5aea9fc55b

HTTP Headers

GET /__media__/fonts/montserrat-bold/montserrat-bold.woff HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: __cmpcc=1; __cmpconsentx68884=CP-S4UAP-S4UAAfN0CENAzEgAAAAAAAAAAigAAAAAAAA; __cmpcccx68884=aBP-V1yWAAADgAXACCAE0ALwDiQIOAqIADWzstn1bhY
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
ETag: "43a0-5b952a63ce953"
Accept-Ranges: bytes
Content-Length: 17312
Keep-Alive: timeout=5, max=113
Connection: Keep-Alive
Content-Type: font/woff

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en

87.230.98.78

200 OK

1.2 kB

URL GET HTTP/2
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.78:443
ASN
#61157 PlusServer GmbH

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint69:B9:38:2C:D2:98:EE:BC:2E:9B:83:33:E4:2F:BC:73:04:51:C8:79
ValidityThu, 14 Mar 2024 00:37:17 GMT - Wed, 12 Jun 2024 00:37:16 GMT

File type
ASCII text, with very long lines (1296), with no line terminators
Size
1.2 kB (1226 bytes)
Hash
4267d0b1b6b2184a2b43700a0ddfa3d9
c0803267595f913ecbc92ef71db7b63f099c18e8
ab814e7c6d3f023e73d98a18399bbae25a4f5ad8a4c86b5934b0f8da3bb52da4

HTTP Headers

GET /delivery/cmp.php?__cmpcc=1&id=68884&o=1715204008&h=https%3A%2F%2Fiyfbodn.com%2F%3Fdn%3Dbyethost4.com%26enc_txt%3DXn%252FsQ8mmUMmmJSt%252BIa3cQURyPFKM1KF461pPhnJOFaK%252BrnvehkvPFulVFsXycMm6qy%252FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%252B0JxnNOcyZEixF%252F%26pbsubid%3D3170a601-b2d1-4e4d-a722-f2826feec351%26pid%3D9POT3387I&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 21:33:28 GMT
cache-control: no-store, no-cache, must-revalidate
edge-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Dec 1994 16:00:00 GMT
pragma: no-cache
access-control-allow-origin: *
x-xss-protection: 0
last-modified: Wed, 08 May 2024 21:33:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

iyfbodn.com/__media__/fonts/montserrat-regular/montserrat-regular.woff

208.91.196.46

200 OK

17 kB

URL GET HTTP/1.1
iyfbodn.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
IP
208.91.196.46:443
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Certificate
IssuerLet's Encrypt
Subjectiyfbodn.com
Fingerprint32:A4:7F:CE:CF:BF:34:ED:AF:A4:9C:6F:BD:B1:67:DE:62:E2:5C:AD
ValidityTue, 19 Mar 2024 09:10:41 GMT - Mon, 17 Jun 2024 09:10:40 GMT

File type
Web Open Font Format, TrueType, length 17264, version 2.1
Size
17 kB (17264 bytes)
Hash
a43b107861b42ce1335e41e43d4e4d00
99bdb1cec4a68ebe29249c46fefefb6880d009e5
a6542dc92d71eb412bac89d8fb06c70f15be74a64b1b4ef1633288b78f4f2ff2

HTTP Headers

GET /__media__/fonts/montserrat-regular/montserrat-regular.woff HTTP/1.1
Host: iyfbodn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://iyfbodn.com/?dn=byethost4.com&enc_txt=Xn%2FsQ8mmUMmmJSt%2BIa3cQURyPFKM1KF461pPhnJOFaK%2BrnvehkvPFulVFsXycMm6qy%2FamFYMWC097sHfb1Dn2PbRhy5cQXGHFyu9oABgvBQJ09E9B%2B0JxnNOcyZEixF%2F&pbsubid=3170a601-b2d1-4e4d-a722-f2826feec351&pid=9POT3387I
Cookie: __cmpcc=1; __cmpconsentx68884=CP-S4UAP-S4UAAfN0CENAzEgAAAAAAAAAAigAAAAAAAA; __cmpcccx68884=aBP-V1yWAAADgAXACCAE0ALwDiQIOAqIADWzstn1bhY
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 21:33:27 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
ETag: "4370-5b952a63d1833"
Accept-Ranges: bytes
Content-Length: 17264
Keep-Alive: timeout=5, max=127
Connection: Keep-Alive
Content-Type: font/woff

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML