Report - ww1.aalcovid19.org/

Report Overview

Visitedpublic

2025-04-22 05:16:30

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww1.aalcovid19.org	unknown	2022-09-27	2025-04-22	2025-04-22	2.3 kB	44 kB	199.59.243.228
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2025-04-16	1.0 kB	2.0 kB	142.250.178.97
www.google.com	7	1997-09-15	2015-05-10	2025-04-16	444 B	145 kB	142.250.74.68
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25	2025-04-16	3.1 kB	161 kB	216.58.207.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-22 05:16:08	medium	Client IP	199.59.243.228	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
2025-04-22 05:16:08	medium	Client IP	199.59.243.228	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
2025-04-22 05:16:08	medium	Client IP	199.59.243.228	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
2025-04-22 05:16:08	medium	Client IP	199.59.243.228	ET HUNTING Suspicious POST Request with Possible COVID-19 Domain M1

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	ww1.aalcovid19.org/	ScriptElement	305 B	2025-04-22	2025-04-22
URL ww1.aalcovid19.org/ IP / ASN 199.59.243.228 #16509 AMAZON-02 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-04-22 Last Seen 2025-04-22 Times Seen 1 Size 305 B (305 bytes) MD5 024426c4d2b328ae002a0eea68d1567d SHA1 cceedef524d49e28b5e0883e3990c1f319cb9a51 SHA256 95d00a91eecb4d19f49c501cd2d066aeac521b98a469beff5d8d805ee1667492 Format Code Loading...

	ww1.aalcovid19.org/bhRtlMSpp.js	ScriptElement	36 kB	2025-04-15	2025-05-05
URL ww1.aalcovid19.org/bhRtlMSpp.js IP / ASN 199.59.243.228 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-15 Last Seen 2025-05-05 Times Seen 727 Size 36 kB (35693 bytes) MD5 b31a2ef88b7707fdd5e9dacade05a504 SHA1 349fc0a18b1b31d2fe8f81a28034dd600caf4ae1 SHA256 1a05b5cf9f72b9af409d10301e29196c4435fd094310bd0da4c2d7856b80d0af Format Code Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	ScriptElement	144 kB	2025-04-18	2025-04-23
URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP / ASN 142.250.74.68 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-18 Last Seen 2025-04-23 Times Seen 284 Size 144 kB (144028 bytes) MD5 7297aca04e434ef194f887c5f85dd362 SHA1 6bfc9b76a0a50c859f39c3dd1d5dbe01255b6d77 SHA256 51d964e574cc5c4c227791a2931eaf58ec8f3782970cd53caa1ed1bef9a0753a Format Code Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol421%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.aalcovid19.org%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3&nocache=6951745298969329&num=0&output=afd_ads&domain_name=ww1.aalcovid19.org&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1745298969332&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=747525664&rurl=http%3A%2F%2Fww1.aalcovid19.org%2F	ScriptElement	584 B	2025-04-22	2025-04-22
URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol421%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.aalcovid19.org%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3&nocache=6951745298969329&num=0&output=afd_ads&domain_name=ww1.aalcovid19.org&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1745298969332&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=747525664&rurl=http%3A%2F%2Fww1.aalcovid19.org%2F IP / ASN 216.58.207.238 #15169 GOOGLE Introduced by ScriptElement Embedded true Resource Info First Seen 2025-04-22 Last Seen 2025-04-22 Times Seen 1 Size 584 B (584 bytes) MD5 bc82b658b83a6bf39371e7da261dfab8 SHA1 b2c2c2778f85db4b643fe292bf00cc07aa8355df SHA256 caa393e017fd59bdf6d2a266cd7a1be8e88cf8d1b739844d4eb192d1744b1cda Format Code Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	144 kB	2025-04-18	2025-04-24
URL syndicatedsearch.goog/adsense/domains/caf.js IP / ASN 216.58.207.238 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-18 Last Seen 2025-04-24 Times Seen 592 Size 144 kB (144026 bytes) MD5 3d817de4a9be48fa32e7000b38340e7e SHA1 8c3512bc11303f2853df215202e25311de8d8bfc SHA256 c3853b930a9221eb6771013bf6dad4967f5f0e241337a51e0b511049e368d63c Format Code Loading...

HTTP Transactions (12)

URL IP Response Size

POST ww1.aalcovid19.org/_tr

199.59.243.228

200 OK

2 B

URL

ww1.aalcovid19.org/_tr

IP / ASN

199.59.243.228

#16509 AMAZON-02

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-02

Times Seen192542

Size2 B (2 bytes)

MD5444bcb3a3fcf8389296c49467f27e1d6

SHA17a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA2562689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /_tr HTTP/1.1
Host: ww1.aalcovid19.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.aalcovid19.org/
Content-Type: application/json
Content-Length: 1897
Origin: http://ww1.aalcovid19.org
DNT: 1
Connection: keep-alive
Cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 22 Apr 2025 05:16:09 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-request-id: ed680771-fc80-4430-8a4a-e1c29a6dde5c
set-cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b; expires=Tue, 22 Apr 2025 05:31:10 GMT

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.178.97

200 OK

200 B

URL

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

IP / ASN

142.250.178.97

#15169 GOOGLE

Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol421%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.aalcovid19.org%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3&nocache=6951745298969329&num=0&output=afd_ads&domain_name=ww1.aalcovid19.org&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1745298969332&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=747525664&rurl=http%3A%2F%2Fww1.aalcovid19.org%2F

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-06

Last Seen2025-08-02

Times Seen168187

Size200 B (200 bytes)

MD511b3089d616633ca6b73b57aa877eeb4

SHA107632f63e06b30d9b63c97177d3a8122629bda9b

SHA256809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1

Certificate Info

IssuerGoogle Trust Services

Subject*.googleusercontent.com

Fingerprint85:7D:D7:AA:27:49:F3:83:36:F8:74:84:32:01:E8:F1:A5:3B:95:77

ValidityMon, 31 Mar 2025 08:55:30 GMT - Mon, 23 Jun 2025 08:55:29 GMT

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Apr 2025 09:36:34 GMT
expires: Tue, 22 Apr 2025 08:36:34 GMT
cache-control: public, max-age=82800
age: 70776
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.178.97

200 OK

200 B

URL

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

IP / ASN

142.250.178.97

#15169 GOOGLE

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-07

Last Seen2025-08-02

Times Seen76532

Size200 B (200 bytes)

MD5d47125b2ba92be53dcff07ba322ce1de

SHA1e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28

SHA2565a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

Certificate Info

IssuerGoogle Trust Services

Subject*.googleusercontent.com

Fingerprint85:7D:D7:AA:27:49:F3:83:36:F8:74:84:32:01:E8:F1:A5:3B:95:77

ValidityMon, 31 Mar 2025 08:55:30 GMT - Mon, 23 Jun 2025 08:55:29 GMT

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Apr 2025 10:48:34 GMT
expires: Tue, 22 Apr 2025 09:48:34 GMT
cache-control: public, max-age=82800
age: 66456
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET ww1.aalcovid19.org/

199.59.243.228

200 OK

1.1 kB

URL

ww1.aalcovid19.org/

IP / ASN

199.59.243.228

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (322)

First Seen2025-04-22

Last Seen2025-04-22

Times Seen1

Size1.1 kB (1054 bytes)

MD5824f162b0097fd98d158950ec89e33b8

SHA1f52b63d3256f350009a4df41655fbcd3e38f2f2b

SHA2563667577206a547997277b1e0208cc26a4d2d9d439319e86738de6a756e02315c

Detections

Analyzer	Verdict	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET / HTTP/1.1
Host: ww1.aalcovid19.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 22 Apr 2025 05:16:07 GMT
content-type: text/html; charset=utf-8
content-length: 1054
x-request-id: 090eec95-7680-4695-9b85-b6c6e5db2c1b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_eipv0F3sBUVJfjthuK4T2lOneloknuKNeGEhp1oSo12B3VTyA3Wi3kjHszNxS0Y0mhlRk/5P4yPnCaBd1VjQVg==
set-cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b; expires=Tue, 22 Apr 2025 05:31:08 GMT; path=/

POST ww1.aalcovid19.org/_fd

199.59.243.228

200 OK

5.3 kB

URL

ww1.aalcovid19.org/_fd

IP / ASN

199.59.243.228

#16509 AMAZON-02

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeASCII text, with very long lines (5297), with no line terminators

First Seen2025-04-22

Last Seen2025-04-22

Times Seen1

Size5.3 kB (5297 bytes)

MD59aabc38391727c9104b5058e71b7d86c

SHA18f491fda03807c948bccfc4fa39fa1beb4b09b53

SHA25607e170b82bec5e892230115333a5227447c30f306d6f2ef1eab49c1588ecfb3c

Detections

Analyzer	Verdict	Alert
suricata	medium	ET HUNTING Suspicious POST Request with Possible COVID-19 Domain M1

HTTP Headers

POST /_fd HTTP/1.1
Host: ww1.aalcovid19.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.aalcovid19.org/
Content-Type: application/json
Origin: http://ww1.aalcovid19.org
DNT: 1
Connection: keep-alive
Cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Tue, 22 Apr 2025 05:16:08 GMT
content-type: application/json; charset=utf-8
content-length: 5297
x-request-id: 73476fab-a208-4ef8-9970-f0dd2fbaab64
set-cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b; expires=Tue, 22 Apr 2025 05:31:08 GMT

GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.68

200 OK

144 kB

URL

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

IP / ASN

142.250.74.68

#15169 GOOGLE

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1839)

First Seen2025-04-18

Last Seen2025-04-23

Times Seen284

Size144 kB (144028 bytes)

MD57297aca04e434ef194f887c5f85dd362

SHA16bfc9b76a0a50c859f39c3dd1d5dbe01255b6d77

SHA25651d964e574cc5c4c227791a2931eaf58ec8f3782970cd53caa1ed1bef9a0753a

Certificate Info

IssuerGoogle Trust Services

Subjectwww.google.com

FingerprintFD:1E:8C:23:6E:3E:CE:28:8F:BB:1E:C1:87:A0:77:5D:45:20:F7:03

ValidityMon, 31 Mar 2025 08:56:21 GMT - Mon, 23 Jun 2025 08:56:20 GMT

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.aalcovid19.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 22 Apr 2025 05:16:09 GMT
expires: Tue, 22 Apr 2025 05:16:09 GMT
cache-control: private, max-age=3600
etag: "12770754396467021651"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol421%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.aalcovid19.org%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3&nocache=6951745298969329&num=0&output=afd_ads&domain_name=ww1.aalcovid19.org&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1745298969332&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=747525664&rurl=http%3A%2F%2Fww1.aalcovid19.org%2F

216.58.207.238

200 OK

14 kB

URL

syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol421%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.aalcovid19.org%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3&nocache=6951745298969329&num=0&output=afd_ads&domain_name=ww1.aalcovid19.org&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1745298969332&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=747525664&rurl=http%3A%2F%2Fww1.aalcovid19.org%2F

IP / ASN

216.58.207.238

#15169 GOOGLE

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeHTML document, ASCII text, with very long lines (13100)

First Seen2025-04-22

Last Seen2025-04-22

Times Seen1

Size14 kB (13629 bytes)

MD5b2ab8a5a04ef3db3144a02bff56abd3f

SHA146e86202ce4e18bded25db744f49877de57d3bd3

SHA25637021eb7bc0259fd4036019aacc81866508339c1e1d51e434fdf8ae5194d2d71

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30

ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol105%2Cpid-bodis-gcontrol421%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.aalcovid19.org%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3&nocache=6951745298969329&num=0&output=afd_ads&domain_name=ww1.aalcovid19.org&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1745298969332&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=747525664&rurl=http%3A%2F%2Fww1.aalcovid19.org%2F HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.aalcovid19.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Tue, 22 Apr 2025 05:16:09 GMT
expires: Tue, 22 Apr 2025 05:16:09 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-m9kxZ2TKoK7kLLUfojGtcA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2716
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET syndicatedsearch.goog/adsense/domains/caf.js

216.58.207.238

200 OK

144 kB

URL

syndicatedsearch.goog/adsense/domains/caf.js

IP / ASN

216.58.207.238

#15169 GOOGLE

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1839)

First Seen2025-04-18

Last Seen2025-04-24

Times Seen592

Size144 kB (144026 bytes)

MD53d817de4a9be48fa32e7000b38340e7e

SHA18c3512bc11303f2853df215202e25311de8d8bfc

SHA256c3853b930a9221eb6771013bf6dad4967f5f0e241337a51e0b511049e368d63c

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30

ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 22 Apr 2025 05:16:09 GMT
expires: Tue, 22 Apr 2025 05:16:09 GMT
cache-control: private, max-age=3600
etag: "3555663810076976912"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET ww1.aalcovid19.org/

0.0.0.0

0 B

URL

ww1.aalcovid19.org/

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605896

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET / HTTP/1.1
Host: ww1.aalcovid19.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET ww1.aalcovid19.org/bhRtlMSpp.js

199.59.243.228

200 OK

36 kB

URL

ww1.aalcovid19.org/bhRtlMSpp.js

IP / ASN

199.59.243.228

#16509 AMAZON-02

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (35690)

First Seen2025-04-15

Last Seen2025-05-05

Times Seen727

Size36 kB (35693 bytes)

MD5b31a2ef88b7707fdd5e9dacade05a504

SHA1349fc0a18b1b31d2fe8f81a28034dd600caf4ae1

SHA2561a05b5cf9f72b9af409d10301e29196c4435fd094310bd0da4c2d7856b80d0af

Detections

Analyzer	Verdict	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /bhRtlMSpp.js HTTP/1.1
Host: ww1.aalcovid19.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.aalcovid19.org/
Cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 22 Apr 2025 05:16:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 35693
x-request-id: 08626ae1-8ff4-4cde-8882-4d61c553f7c6
set-cookie: parking_session=090eec95-7680-4695-9b85-b6c6e5db2c1b; expires=Tue, 22 Apr 2025 05:31:08 GMT

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=fk7qgya1huf&cd_fexp=72717108&aqid=GSYHaMK-I5SgxdwP8pPYgAQ&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=747525664&csala=7%7C0%7C539%7C179%7C42&lle=0&ifv=1&hpt=0

216.58.207.238

204 No Content

0 B

URL

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=fk7qgya1huf&cd_fexp=72717108&aqid=GSYHaMK-I5SgxdwP8pPYgAQ&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=747525664&csala=7%7C0%7C539%7C179%7C42&lle=0&ifv=1&hpt=0

IP / ASN

216.58.207.238

#15169 GOOGLE

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605896

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30

ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=fk7qgya1huf&cd_fexp=72717108&aqid=GSYHaMK-I5SgxdwP8pPYgAQ&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=747525664&csala=7%7C0%7C539%7C179%7C42&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.aalcovid19.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
x-content-security-policy-report-only: default-src https: data:; options eval-script inline-script; report-uri /csp_report; referrer origin
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Jo2T_u7KIwyDzjof34B7Ig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 22 Apr 2025 05:16:11 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=whzm39vu58qq&cd_fexp=72717108&aqid=GSYHaMK-I5SgxdwP8pPYgAQ&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=747525664&csala=7%7C0%7C539%7C179%7C42&lle=0&ifv=1&hpt=0

216.58.207.238

204 No Content

0 B

URL

syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=whzm39vu58qq&cd_fexp=72717108&aqid=GSYHaMK-I5SgxdwP8pPYgAQ&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=747525664&csala=7%7C0%7C539%7C179%7C42&lle=0&ifv=1&hpt=0

IP / ASN

216.58.207.238

#15169 GOOGLE

Requested byhttp://ww1.aalcovid19.org/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605896

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsyndicatedsearch.goog

Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30

ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=whzm39vu58qq&cd_fexp=72717108&aqid=GSYHaMK-I5SgxdwP8pPYgAQ&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=747525664&csala=7%7C0%7C539%7C179%7C42&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.aalcovid19.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-bKMpjmssHwH3C_27wUfnfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 22 Apr 2025 05:16:11 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000