Report - svfree2.gdmhost.ga/

Report Overview

Visited public
2023-11-04 12:35:37
Tags
URL
svfree2.gdmhost.ga/
Finishing URL
ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
IP / ASN
103.224.182.210
#133618 Trellian Pty. Limited
Title
gdmhost.ga - gdmhost Ressurser og informasjon

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
svfree2.gdmhost.ga	unknown	unknown	2023-07-26 07:45:50	2023-08-20 05:29:08	475 B	334 B	103.224.182.210
ww16.svfree2.gdmhost.ga	unknown	unknown	No data	No data	1.4 kB	8.2 kB	64.190.63.136
img.sedoparking.com	54200	2001-09-18	2013-04-23 00:23:29	2023-11-04 05:10:38	740 B	29 kB	205.234.175.175
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-04 02:18:07	2.6 kB	114 kB	142.250.74.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-04 12:35:18	low	Client IP	Internal IP	ET INFO DNS Query for Suspicious .ga Domain
2023-11-04 12:35:18	low	Client IP	103.224.182.210	ET INFO Suspicious Domain (*.ga) in TLS SNI
2023-11-04 12:35:19	medium	Client IP	64.190.63.136	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:20	medium	Client IP	64.190.63.136	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:20	medium	Client IP	64.190.63.136	ET INFO HTTP Request to a *.ga domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	www.google.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-02	2023-11-08
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 20:14 Last Seen2023-11-08 15:18 Times Seen991 Hash c742c058f455dabcb883337b0536a096 126286b5062f0bff891a118150413170dfca07ad 43cfc242d32ce82bdc16af2b4c1f7231591c5176e32702cf6be84ce17943b279 Loading...

	ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:57 Last Seen2024-08-20 20:57 Times Seen1 Hash f6ba088062a52c157ab52f5d5755dff7 8b4a87000e26b8d6643e0f6bdc267a83a2c01a92 b0bbf0d9b2e6577a8fe6c681f122e35fbbf1f857ba01c6a5988676a50f1bdffa Loading...

	www.google.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-01	2024-08-20
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 17:57 Last Seen2024-08-20 21:29 Times Seen407 Hash e25dace862f459ae23c0a1d8041afd9f 029a1dee6b87224faaa48a920d5f48aa94610fc0 6d53b02d245461ae08e75d57e245d7ee61fee196cb6a1ab6429d6f548ff0b03b Loading...

	www.google.com/afs/ads/i/iframe.html	ScriptElement	1.3 kB	2023-04-05	2025-03-02
Pretty URL www.google.com/afs/ads/i/iframe.html IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 04:36 Last Seen2025-03-02 05:25 Times Seen67768 Hash 33839cb72649c81ab58b763c95b4a163 0c9b62881e660fded013cee58439ae287690065a cdded269406c9b2b49a3066d12e75913abf338cdd7fa00e31fff299efef1cb76 Loading...

	www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd	ScriptElement	794 B	2024-08-20	2024-08-20
Pretty URL www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:57 Last Seen2024-08-20 20:57 Times Seen1 Hash 43e86cf08fb250c02aadae39c7586ba7 0d918c72b3fb5109caa084491847926044d6519c b21cce0375d8e649c878ec2d7915a34ad156f571400ea47c63d88890667dfdcf Loading...

	ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd	ScriptElement	622 B	2023-03-08	2025-01-29
Pretty URL ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 22:20 Last Seen2025-01-29 07:06 Times Seen3041 Hash 7092a8d1b298a7bf4ee7eea987b0526b 6402a42f627c9d747b1fbb40289398491188b534 cb876f47b991283892edcb04daa58aae2e223eb174699f8b6d8ffc59e7bf1405 Loading...

	ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd	ScriptElement	5.5 kB	2023-03-07	2024-08-21
Pretty URL ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2024-08-21 09:43 Times Seen9041 Hash ea441a4ad9bf148e5d8180a531b57c2b f825c0d4c39d7f50bc74188a695903ba8cb5ef20 50cc8ac8f50cdef0641f8c14ac12268a1930df9781ecf751d4d10aa1a3b772f5 Loading...

HTTP Transactions (10)

URL IP Response Size

svfree2.gdmhost.ga/

103.224.182.210

2 B

URL
svfree2.gdmhost.ga/
IP
103.224.182.210:0
ASN
#133618 Trellian Pty. Limited

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

HTTP Headers

GET / HTTP/1.1
Host: svfree2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Sat, 04 Nov 2023 12:35:19 GMT
server: Apache
set-cookie: __tad=1699101319.6481861; expires=Tue, 01-Nov-2033 12:35:19 GMT; Max-Age=315360000
location: http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd

64.190.63.136

200 OK

7.0 kB

URL User Request GET HTTP/1.1
ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
IP
64.190.63.136:80
ASN
#47846 SEDO GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10263)
Size
7.0 kB (7015 bytes)
Hash
b91f4371271d25732137ffdf4603daa5
2c38b19af1df86083327cf84b285b18371316ef2
bba7f8b541d0baa161afd56185700c8c9f26f83c8cd5f2bfbad5e8ce6b009063

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /?sub1=20231104-2335-19eb-a7fe-3707e6159bcd HTTP/1.1
Host: ww16.svfree2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 Nov 2023 12:35:19 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_XaHKIH3O6MCyK5vEGgiC0Vik18mlla3PUscGJ5tF0A842N2yz1kWMVoD8T/UU7rQUIO3Tm2ln7609adTQ6p9ow==
last-modified: Sat, 04 Nov 2023 12:35:19 GMT
x-cache-miss-from: parking-697977dd84-fd6rv
server: NginX
content-encoding: gzip

img.sedoparking.com/templates/bg/arrows.png

205.234.175.175

200 OK

13 kB

URL GET HTTP/1.1
img.sedoparking.com/templates/bg/arrows.png
IP
205.234.175.175:80
ASN
#30081 CACHENETWORKS

Requested by
http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd

File type
PNG image data, 426 x 475, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12642 bytes)
Hash
6dc0bad9aa452ff871b282dabd47131e
01411e6726e033240caa3926141a6adbc18a2d73
3059fbd6cd3550047483dca4071c93e5cf4cc79ce8bafc4388166fbc5279644b

HTTP Headers

GET /templates/bg/arrows.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Nov 2023 12:35:20 GMT
Content-Type: image/png
Content-Length: 12642
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Sat, 11 Nov 2023 12:35:20 GMT
X-CFHash: "6dc0bad9aa452ff871b282dabd47131e"
X-CFF: B
Last-Modified: Mon, 11 Oct 2021 05:39:44 GMT
X-CF3: H
CF4Age: 0
x-cf-tsc: 1697358617
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: c56a28eca8ecf4c3a4f3b4cdbd1ae3e7
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL GET HTTP/3
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
ASCII text, with very long lines (2067)
Size
54 kB (54473 bytes)
Hash
c742c058f455dabcb883337b0536a096
126286b5062f0bff891a118150413170dfca07ad
43cfc242d32ce82bdc16af2b4c1f7231591c5176e32702cf6be84ce17943b279

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 04 Nov 2023 12:35:20 GMT
Expires: Sat, 04 Nov 2023 12:35:20 GMT
Cache-Control: private, max-age=3600
ETag: "15071243276503152946"
X-Content-Type-Options: nosniff
Link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

ww16.svfree2.gdmhost.ga/search/tsc.php?200=NTA3OTIzNzIy&21=OTEuOTAuNDIuMTU0&681=MTY5OTEwMTMxOWI5OTViZDFjNTljMTYzOTcwZmJmMDJhZWU3N2VjNjEx&crc=59be9a0043b626cdb1656d234e35faca894444ff&cv=1

64.190.63.136

200 OK

0 B

URL GET HTTP/1.1
ww16.svfree2.gdmhost.ga/search/tsc.php?200=NTA3OTIzNzIy&21=OTEuOTAuNDIuMTU0&681=MTY5OTEwMTMxOWI5OTViZDFjNTljMTYzOTcwZmJmMDJhZWU3N2VjNjEx&crc=59be9a0043b626cdb1656d234e35faca894444ff&cv=1
IP
64.190.63.136:80
ASN
#47846 SEDO GmbH

Requested by
http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /search/tsc.php?200=NTA3OTIzNzIy&21=OTEuOTAuNDIuMTU0&681=MTY5OTEwMTMxOWI5OTViZDFjNTljMTYzOTcwZmJmMDJhZWU3N2VjNjEx&crc=59be9a0043b626cdb1656d234e35faca894444ff&cv=1 HTTP/1.1
Host: ww16.svfree2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 Nov 2023 12:35:20 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-697977dd84-w289q
server: NginX

www.google.com/afs/ads/i/iframe.html

142.250.74.132

200 OK

727 B

URL GET HTTP/2
www.google.com/afs/ads/i/iframe.html
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintF5:CC:DA:B5:BA:1E:14:14:44:CC:27:90:92:CC:60:1F:5F:08:AF:77
ValidityMon, 16 Oct 2023 08:10:46 GMT - Mon, 08 Jan 2024 08:10:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1559)
Size
727 B (727 bytes)
Hash
9cafb1b0b8f3de494abb63c1e8bfb759
e734da52a6ca33ae863873c683333690234971be
18f827c27692c8b704bca17c32aa3a435e929f4302443fca4ab7fdfa97608376

HTTP Headers

GET /afs/ads/i/iframe.html HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-Mru8l5av-d5alBvJ0sMb8A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 727
date: Sat, 04 Nov 2023 12:35:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Tue, 24 Oct 2023 06:00:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

img.sedoparking.com/templates/logos/sedo_logo.png

205.234.175.175

200 OK

15 kB

URL GET HTTP/1.1
img.sedoparking.com/templates/logos/sedo_logo.png
IP
205.234.175.175:80
ASN
#30081 CACHENETWORKS

Requested by
http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15086 bytes)
Hash
def00c11b1596db4efee6a9fbe64fc27
bd298981e6d8d7e4ffa18abcf687041f4246672d
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4

HTTP Headers

GET /templates/logos/sedo_logo.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Nov 2023 12:35:20 GMT
Content-Type: image/png
Content-Length: 15086
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Sat, 11 Nov 2023 12:35:20 GMT
X-CFHash: "def00c11b1596db4efee6a9fbe64fc27"
X-CFF: B
Last-Modified: Mon, 11 Jan 2021 07:44:34 GMT
X-CF3: H
CF4Age: 0
x-cf-tsc: 1696677940
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: b8788f35827b3a03e840bd8beba44bce
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes

www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd

142.250.74.132

200 OK

578 B

URL GET HTTP/2
www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintF5:CC:DA:B5:BA:1E:14:14:44:CC:27:90:92:CC:60:1F:5F:08:AF:77
ValidityMon, 16 Oct 2023 08:10:46 GMT - Mon, 08 Jan 2024 08:10:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (608)
Size
578 B (578 bytes)
Hash
6555d12a0f37018d2e7e605fad15e723
92034440dc1caf4c2fca0fbfbfbd4d034752a29f
28192d5ce2c75fc6047087b01f0cb35b2713b644207f38f3cabf43c49b1c27cb

HTTP Headers

GET /afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 04 Nov 2023 12:35:20 GMT
expires: Sat, 04 Nov 2023 12:35:20 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-qGLRFIMMY0TGDKJuCRdvTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 578
x-xss-protection: 0
set-cookie: CONSENT=PENDING+918; expires=Mon, 03-Nov-2025 12:35:20 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL GET HTTP/3
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMTkmdGNpZD13dzE2LnN2ZnJlZTIuZ2RtaG9zdC5nYTY1NDYzYTg3YzRmMGMxLjk3OTE3ODIzJnRhc2s9c2VhcmNoJmRvbWFpbj1nZG1ob3N0LmdhJmFfaWQ9MyZzZXNzaW9uPXg0UW9RdkxtWE1jajZEbklycFBM&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=1141699101320271&num=0&output=afd_ads&domain_name=ww16.svfree2.gdmhost.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1699101320282&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.svfree2.gdmhost.ga%2F%3Fsub1%3D20231104-2335-19eb-a7fe-3707e6159bcd
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
ASCII text, with very long lines (2067)
Size
54 kB (54545 bytes)
Hash
ffd7a2f79b9a8b666389ee392045ba95
cb273d38ed92508ab2e711b578e48b74d0e23181
448d28bcfa07bb42e922b495406585b9351dcc5a1c32a0e0533182ecc4b05273

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 04 Nov 2023 12:35:20 GMT
expires: Sat, 04 Nov 2023 12:35:20 GMT
cache-control: private, max-age=3600
etag: "11115931788013909323"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww16.svfree2.gdmhost.ga/search/fb.php?ses=477a804499c6631b01699101319b4f09cf09074914&ec=23

64.190.63.136

403 Forbidden

58 B

URL GET HTTP/1.1
ww16.svfree2.gdmhost.ga/search/fb.php?ses=477a804499c6631b01699101319b4f09cf09074914&ec=23
IP
64.190.63.136:80
ASN
#47846 SEDO GmbH

Requested by
http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd

File type
exported SGML document, ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
bd94f215d49998add9fdf87a0c5f9523
cce4f14efe55bc31205f0678dd013dae81b5631a
fd70dd11e5d93f9a35651faa62976498caf3d0b9c00665095916cdd87b1a629f

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /search/fb.php?ses=477a804499c6631b01699101319b4f09cf09074914&ec=23 HTTP/1.1
Host: ww16.svfree2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.svfree2.gdmhost.ga/?sub1=20231104-2335-19eb-a7fe-3707e6159bcd
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
date: Sat, 04 Nov 2023 12:35:20 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-697977dd84-fd6rv
server: NginX
content-encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP