Report - cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php

Report Overview

Submitted URL
cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php
IP
70.32.1.32
ASN
#32181 ASN-GIGENET
Submitted
2024-03-29 09:55:54
Access
public
Website Title
Cestica.me
Final URL
ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-03-28	3.8 kB	151 kB	216.58.211.14
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-03-28	1.0 kB	2.1 kB	142.250.74.97
cestica.me	unknown	2023-08-24	2021-07-07	2024-03-16	1.1 kB	978 B	70.32.1.32
ww25.cestica.me	unknown	2023-08-24	2023-10-26	2024-03-16	2.4 kB	41 kB	199.59.243.225
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	410 B	54 kB	142.250.74.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-13	medium	cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php	Allied Bank Limited

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed
2024-03-29	medium	cestica.me	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870	479 B	2024-03-29	2024-03-29
Pretty URL ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870 IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 10:55:55 Last Seen2024-03-29 10:55:55 Times Seen1 Hash ed3807d7296f3ae31a609d3a74cef88e 9968fecb12788fc720dd737b85eda5c3c82e56c3 1bd1f8da9c6590f99e8f7e76efa4bc20d4c61babca447a76c1443969d755418c Loading...

	ww25.cestica.me/bsghVDBUW.js	33 kB	2024-03-25	2024-04-09
Pretty URL ww25.cestica.me/bsghVDBUW.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-25 21:43:26 Last Seen2024-04-09 16:28:19 Times Seen2741 Hash 97451820d38de2419d8d60401fb3dcc3 5af4a1ce7bbe427d4ddecb19b1f836622015d399 d6921ce574cf816a962cd14ec8530150ffe35f482e2f0b61b7be4395b5bd40b0 Loading...

	www.google.com/adsense/domains/caf.js	145 kB	2024-03-28	2024-04-01
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 20:39:28 Last Seen2024-04-01 15:10:22 Times Seen71 Hash fb0c65cb20ebd6388275604fecfab135 4d1cc00a0d0b1eaf96be3f09b0bacff9d4475f5e d224f81f790e5ab8639e1635ae79af8635a49df0607e744c35cf3cf9e02af4b9 Loading...

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870	609 B	2024-03-29	2024-03-29
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 10:55:55 Last Seen2024-03-29 10:55:55 Times Seen1 Hash 88fa55a5ba3f3e14025dc372425ffa8e f84ee4b713dd535ad8125929aa9131983c87044c 0e97f82d544a4c3c0a8e5ce552a97e67d24aa104cd3883321b34f8a4ca61d844 Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	145 kB	2024-03-29	2024-04-01
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:55:55 Last Seen2024-04-01 13:57:54 Times Seen11 Hash 50a6b26a66700a608529f558690607b0 8351a17311f201d1755646c441eb3b3eead73cb0 841a758bacaf6dd661c5c5edbd1bef0462fc86f59392df9e7fd0ff24e43e14b4 Loading...

HTTP Transactions (16)

URL IP Response Size

cestica.me/

70.32.1.32

0 B

URL
cestica.me/
IP
70.32.1.32:0
ASN
#32181 ASN-GIGENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Fri, 29 Mar 2024 09:55:38 GMT
server: Apache
set-cookie: __tad=1711706138.1899347; expires=Mon, 27-Mar-2034 09:55:38 GMT; Max-Age=315360000
location: https://cestica.me/
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php

70.32.1.32

302 Found

2 B

URL User Request GET HTTP/1.1
cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php
IP
70.32.1.32:443
ASN
#32181 ASN-GIGENET

Certificate
IssuerLet's Encrypt
Subjectpartavatar.ca
FingerprintE7:47:33:9D:32:77:7C:DF:5B:F4:B4:81:14:3E:D7:CA:48:DC:EC:B5
ValidityTue, 20 Feb 2024 15:18:26 GMT - Mon, 20 May 2024 15:18:25 GMT

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Allied Bank Limited
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/upgrade/MmmMBbbhBB/mkb/signin.php HTTP/1.1
Host: cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Fri, 29 Mar 2024 09:55:40 GMT
server: Apache
set-cookie: __tad=1711706140.7728235; expires=Mon, 27-Mar-2034 09:55:40 GMT; Max-Age=315360000
location: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870

199.59.243.225

200 OK

1.2 kB

URL User Request GET HTTP/1.1
ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (494)
Size
1.2 kB (1226 bytes)
Hash
a832ec89f627ccf45b2c8dbfc01e3836
c4278312448e8b6d782be66115449bf46050cdc0
cfdde02648219a368f4edad44edd51274c467a96322517e8a048465c5190ebd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870 HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 29 Mar 2024 09:55:40 GMT
content-type: text/html; charset=utf-8
content-length: 1226
x-request-id: 9847f633-f0b8-4608-86c0-9f9bd2960593
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hVVSHOnc3I227zUcYjJJKFS0eEqPM6adt27/TG01cvkLepSc/85JN91fnzduhcRyIYhtx7BITFvU44vIPEnI4Q==
set-cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593; expires=Fri, 29 Mar 2024 10:10:41 GMT; path=/

ww25.cestica.me/bsghVDBUW.js

199.59.243.225

200 OK

33 kB

URL GET HTTP/1.1
ww25.cestica.me/bsghVDBUW.js
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33125)
Size
33 kB (33128 bytes)
Hash
97451820d38de2419d8d60401fb3dcc3
5af4a1ce7bbe427d4ddecb19b1f836622015d399
d6921ce574cf816a962cd14ec8530150ffe35f482e2f0b61b7be4395b5bd40b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsghVDBUW.js HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 29 Mar 2024 09:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 33128
x-request-id: 74f6855d-8a84-44d5-ab82-451a27a4def2
set-cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593; expires=Fri, 29 Mar 2024 10:10:42 GMT

ww25.cestica.me/_fd?subid1=20240329-2055-40b0-892b-3d135bb95870

199.59.243.225

200 OK

2.6 kB

URL POST HTTP/1.1
ww25.cestica.me/_fd?subid1=20240329-2055-40b0-892b-3d135bb95870
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870

File type
ASCII text, with very long lines (4873), with no line terminators
Size
2.6 kB (2611 bytes)
Hash
6f04997e598698736c50c1db50041094
80f74a9b9d8d9f0f19364cb8b934c81940a609b5
e13bf384c7e4a384b44e419bfb009b5c4be182f90d9c8941f5bf6e6acfbe03ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20240329-2055-40b0-892b-3d135bb95870 HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Content-Type: application/json
Origin: http://ww25.cestica.me
DNT: 1
Connection: keep-alive
Cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
server: openresty
date: Fri, 29 Mar 2024 09:55:41 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2611
x-version: 2.117.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593; expires=Fri, 29 Mar 2024 10:10:42 GMT; Max-Age=900; path=/; httponly

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

53 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint32:A3:19:7A:6B:D5:C7:5E:CA:7C:C8:08:79:14:56:FD:FC:3E:06:F0
ValidityMon, 26 Feb 2024 08:18:59 GMT - Mon, 20 May 2024 08:18:58 GMT

File type
gzip compressed data, max compression
Size
53 kB (53221 bytes)
Hash
00a527dcb3bb32f972876c7c6476f2aa
caf8f70afab305152f69b30b248fee94bd4f0e01
c76ea43a9d5aff864c1519ce4dbda440181b83288e2766b60035590d5bcac0ff

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 29 Mar 2024 09:55:42 GMT
expires: Fri, 29 Mar 2024 09:55:42 GMT
cache-control: private, max-age=3600
etag: "1403097391178795343"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=j2utnd8e3qbg&pbt=rd&ivt=false&dA=true&msg=client-side%20changes%20applied.

216.58.211.14

204 No Content

0 B

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=j2utnd8e3qbg&pbt=rd&ivt=false&dA=true&msg=client-side%20changes%20applied.
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint92:21:D6:CC:09:15:38:0E:0C:11:C8:56:AB:29:B4:25:BE:A6:29:DE
ValidityMon, 26 Feb 2024 08:06:34 GMT - Mon, 20 May 2024 08:06:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=j2utnd8e3qbg&pbt=rd&ivt=false&dA=true&msg=client-side%20changes%20applied. HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-spEiIqYwRPpHtmVMkIWh6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 29 Mar 2024 09:55:42 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870

216.58.211.14

200 OK

2.6 kB

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint92:21:D6:CC:09:15:38:0E:0C:11:C8:56:AB:29:B4:25:BE:A6:29:DE
ValidityMon, 26 Feb 2024 08:06:34 GMT - Mon, 20 May 2024 08:06:33 GMT

File type
HTML document, ASCII text, with very long lines (13227)
Size
2.6 kB (2603 bytes)
Hash
4017cf27085d0d998d8bf7d47af6cef2
65898a0ca59f9a6decc1deacdd1173d09d441537
061e397720ea4e5368bc49a5863f51a6de0fc7684cdb44c3b9470591b9fdaaf5

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 29 Mar 2024 09:55:42 GMT
expires: Fri, 29 Mar 2024 09:55:42 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-if-6XK6Yx6jA65uZXE7ExQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2603
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint45:D1:C0:2D:E8:A2:E4:6C:89:C5:B6:FE:AE:99:83:B1:CA:66:17:CF
ValidityMon, 26 Feb 2024 08:17:52 GMT - Mon, 20 May 2024 08:17:51 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:08:21 GMT
expires: Fri, 29 Mar 2024 16:08:21 GMT
cache-control: public, max-age=82800
age: 60442
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww25.cestica.me/_tr

199.59.243.225

200 OK

22 B

URL POST HTTP/1.1
ww25.cestica.me/_tr
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Content-Type: application/json
Content-Length: 1821
Origin: http://ww25.cestica.me
DNT: 1
Connection: keep-alive
Cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Fri, 29 Mar 2024 09:55:43 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
x-version: 2.117.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=9847f633-f0b8-4608-86c0-9f9bd2960593; expires=Fri, 29 Mar 2024 10:10:43 GMT; Max-Age=900; path=/; httponly

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint45:D1:C0:2D:E8:A2:E4:6C:89:C5:B6:FE:AE:99:83:B1:CA:66:17:CF
ValidityMon, 26 Feb 2024 08:17:52 GMT - Mon, 20 May 2024 08:17:51 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 29 Mar 2024 06:50:22 GMT
expires: Sat, 30 Mar 2024 05:50:22 GMT
cache-control: public, max-age=82800
age: 11121
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=lmhlx5mb1na&aqid=HpAGZoOcLoXIxdwPuJSIuAw&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=618877072&csala=8%7C0%7C488%7C53%7C16&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=lmhlx5mb1na&aqid=HpAGZoOcLoXIxdwPuJSIuAw&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=618877072&csala=8%7C0%7C488%7C53%7C16&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint92:21:D6:CC:09:15:38:0E:0C:11:C8:56:AB:29:B4:25:BE:A6:29:DE
ValidityMon, 26 Feb 2024 08:06:34 GMT - Mon, 20 May 2024 08:06:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=lmhlx5mb1na&aqid=HpAGZoOcLoXIxdwPuJSIuAw&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=618877072&csala=8%7C0%7C488%7C53%7C16&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-phARIL_1LhdV84GkuolSVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 29 Mar 2024 09:55:44 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=9mn92i9f4kdl&aqid=HpAGZoOcLoXIxdwPuJSIuAw&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=618877072&csala=8%7C0%7C488%7C53%7C16&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=9mn92i9f4kdl&aqid=HpAGZoOcLoXIxdwPuJSIuAw&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=618877072&csala=8%7C0%7C488%7C53%7C16&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint92:21:D6:CC:09:15:38:0E:0C:11:C8:56:AB:29:B4:25:BE:A6:29:DE
ValidityMon, 26 Feb 2024 08:06:34 GMT - Mon, 20 May 2024 08:06:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=9mn92i9f4kdl&aqid=HpAGZoOcLoXIxdwPuJSIuAw&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=618877072&csala=8%7C0%7C488%7C53%7C16&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-G69OmBzubLf0DQlTxEO_lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 29 Mar 2024 09:55:45 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cestica.me/

70.32.1.32

2 B

URL
cestica.me/
IP
70.32.1.32:0
ASN
#32181 ASN-GIGENET

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Fri, 29 Mar 2024 09:55:49 GMT
server: Apache
set-cookie: __tad=1711706149.3316469; expires=Mon, 27-Mar-2034 09:55:49 GMT; Max-Age=315360000
location: http://ww25.cestica.me/?subid1=20240329-2055-49e7-ab3f-3f9586049c00
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww25.cestica.me/?subid1=20240329-2055-49e7-ab3f-3f9586049c00

199.59.243.225

1.2 kB

URL
ww25.cestica.me/?subid1=20240329-2055-49e7-ab3f-3f9586049c00
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (434)
Size
1.2 kB (1166 bytes)
Hash
eb855d5462934863cbfb555da491a983
bcc0010d03b993f4fa4666614a38c3340cb388c7
e921270a42e1edeba884c2e2f09ba900153f63267b2771d614e88d92d9e00d85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?subid1=20240329-2055-49e7-ab3f-3f9586049c00 HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 29 Mar 2024 09:55:50 GMT
content-type: text/html; charset=utf-8
content-length: 1166
x-request-id: c084cd35-3511-489f-afd9-b979731a562b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_eu9qmUWiTIvtb+1P+DfaOIS0g+QW+bBFacV9REHDAgr19ZXg8uX9CxPXRVPcqjd0pTlXfwiLjbssDOht5a7wKg==
set-cookie: parking_session=c084cd35-3511-489f-afd9-b979731a562b; expires=Fri, 29 Mar 2024 10:10:50 GMT; path=/

www.adsensecustomsearchads.com/adsense/domains/caf.js

216.58.211.14

200 OK

145 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol439&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%3Fcaf%26subid1%3D20240329-2055-40b0-892b-3d135bb95870&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=1801711706142657&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1711706142659&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240329-2055-40b0-892b-3d135bb95870
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint92:21:D6:CC:09:15:38:0E:0C:11:C8:56:AB:29:B4:25:BE:A6:29:DE
ValidityMon, 26 Feb 2024 08:06:34 GMT - Mon, 20 May 2024 08:06:33 GMT

File type
JavaScript source, ASCII text, with very long lines (2283)
Size
145 kB (145100 bytes)
Hash
50a6b26a66700a608529f558690607b0
8351a17311f201d1755646c441eb3b3eead73cb0
841a758bacaf6dd661c5c5edbd1bef0462fc86f59392df9e7fd0ff24e43e14b4

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 29 Mar 2024 09:55:43 GMT
expires: Fri, 29 Mar 2024 09:55:43 GMT
cache-control: private, max-age=3600
etag: "4722038097184235073"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1