Report - simmsigg.ch/

Report Overview

Visited public
2023-12-04 06:59:07
Tags
URL
simmsigg.ch/
Finishing URL
simmsigg.ch/
IP / ASN
15.197.130.221
#16509 AMAZON-02
Title
simmsigg.ch

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2023-12-03 05:09:45	987 B	2.1 kB	142.250.74.97
simmsigg.ch	unknown	unknown	2023-10-21 05:43:20	2023-11-23 03:27:07	2.4 kB	14 kB	15.197.130.221
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	3.6 kB	117 kB	142.250.74.132
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22 18:48:38	2023-12-03 09:57:14	403 B	12 kB	54.230.241.187

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 06:58:57	medium	15.197.130.221	Client IP	ET Threatview.io High Confidence Cobalt Strike C2 IP group 2
2023-12-04 06:58:57	medium	15.197.130.221	Client IP	ET Threatview.io High Confidence Cobalt Strike C2 IP group 3

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	simmsigg.ch	Sinkholed
2023-12-04	medium	simmsigg.ch	Sinkholed
2023-12-04	medium	simmsigg.ch	Sinkholed
2023-12-04	medium	simmsigg.ch	Sinkholed
2023-12-04	medium	simmsigg.ch	Sinkholed
2023-12-04	medium	simmsigg.ch	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	simmsigg.ch/	ScriptElement	968 B	2023-03-08	2025-05-11
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:24 Last Seen2025-05-11 20:44 Times Seen74578 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	simmsigg.ch/	ScriptElement	663 B	2024-08-20	2024-08-20
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash 76f86eef574922dfe00da0797777b748 2f5de8b6d4c3f02709aa53e923fc349c56b3ceb6 3ecd6f8f1aa5b040c5ac38340e6eeca7280d60929cb944649de79a936e72604d Loading...

	simmsigg.ch/	ScriptElement	246 B	2024-08-20	2024-08-20
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash 9d5faa251663a3733646b9b52d16b3ed 8b1e382b66a4dcc5225763c04ba5cfa0121b70aa fc2ac955a0a8909143dea7004492f6d0c07a1582c93cbc53dcff1df849e56f7f Loading...

	simmsigg.ch/	ScriptElement	7.0 kB	2023-03-13	2024-08-21
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 06:10 Last Seen2024-08-21 09:44 Times Seen6195 Hash 04b2b624f94797c26d17a57f399d9356 3143986e839c47a5c1eff03bd9df63ecc54dca9c 233b1cbfb295a0629bcf68a2a4198a62132f02ee1f061ada2ce7143bd5d2dabb Loading...

	simmsigg.ch/	ScriptElement	1.1 kB	2024-08-20	2024-08-20
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash e9402ee5cfe81ca75e811f084aefe686 fbf84d05212acf89073676156071b002e00b5ef7 0e782dd2a866a8369e5c31e7ea3f6a0118a6b653fa309052358be27b89ad67cd Loading...

	simmsigg.ch/	ScriptElement	29 B	2023-03-12	2024-08-21
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 12:56 Last Seen2024-08-21 09:43 Times Seen2033 Hash 5405126a58d646a09ad6d154c5d3a335 9e64f2a4ee55fef112fbd9654e76e8eabb751e28 76229fdaf8e9553878811c30cf5305bd2dab82248d0054d3fb2e760b35f32154 Loading...

	www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F	ScriptElement	893 B	2024-08-20	2024-08-20
Pretty URL www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash 97dc0f6ede28233fddfeb0c0cc3cca0b 0df314ead06b4c549ca9986e8cdb98707790bee5 04bcf629515f591e6981126caca48d055e7809e901c2ee685efc91ad18229c23 Loading...

	www.google.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-09	2024-08-20
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 14:17 Last Seen2024-08-20 20:17 Times Seen985 Hash b12a68993aa865bacca71827d5ff3938 788a994fae0e361f39e4137ac60790b784673012 3503f88f15c97af34775dd6a1601c85fed1402b075d1889a263b28dedbafc37f Loading...

	simmsigg.ch/	ScriptElement	65 B	2023-03-12	2024-08-21
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 13:12 Last Seen2024-08-21 09:43 Times Seen989 Hash e1859098c346f1d2c0a9a86b1125e7d8 8091032ba2f2f1271b7c8efa5e18d6708bc1d611 d492d26bef8fb35a2eaffa6cf9d349c6feb42d33f8daae71f449672e6a1b48c7 Loading...

	simmsigg.ch/	ScriptElement	472 B	2023-03-13	2024-08-21
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 06:13 Last Seen2024-08-21 09:44 Times Seen6016 Hash d31eefc1e54bdae9204297e4ae5b9cce fc49bf319586a623670a81c01d43bbd93b477fbb 2683a6247a15433dd269eaefbc7131b1326c7bc0146361913ea10ad8fa23bb14 Loading...

	simmsigg.ch/	ScriptElement	669 B	2024-08-20	2024-08-20
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash e93f1ae6aeee62fca07eccf1952572fc c6e4fee18ad7121659eabf12b685fe192c553cb4 502091694a8d82bc63d65597381eb9409b72cc674fe336989a4d3c03c460c49f Loading...

	simmsigg.ch/	ScriptElement	40 B	2023-08-09	2024-08-21
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-09 10:52 Last Seen2024-08-21 09:42 Times Seen9104 Hash fca3e6a61d4a07440e4f10c4dbaad8e3 41480802bf872b2d15f9cbcadba025fe326eac03 dfe5c5e10934e7abf7903d4ede3b8fa091c11bef63d675808e6314ec763185ee Loading...

	www.google.com/adsense/domains/caf.js?abp=1	ScriptElement	150 kB	2023-11-09	2024-08-20
Pretty URL www.google.com/adsense/domains/caf.js?abp=1 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 14:10 Last Seen2024-08-20 20:17 Times Seen2217 Hash 8a76c49bbeb49fa874cb415fe2b10d0c 76de9796dbe01e64d77fccd00d0b19cf382493b8 a1f85a8b9c0ae7e01a01780b44c447ebbadb5d856c6ff826e2cd9fe19f15135f Loading...

	simmsigg.ch/	ScriptElement	71 B	2023-03-08	2024-08-21
Pretty URL simmsigg.ch/ IP 15.197.130.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:23 Last Seen2024-08-21 09:44 Times Seen6209 Hash 1a5a5e1b6a26f57b95e3dd42f60612f4 b62a27e55a59b49084e682bd3c1588f6a40881ab 4066da16910907c7962da8e7011bf0cd62b6f2dcddb1911e3ea2de03ce3e1dc7 Loading...

HTTP Transactions (14)

URL IP Response Size

simmsigg.ch/

15.197.130.221

5.5 kB

URL User Request GET
simmsigg.ch/
IP
15.197.130.221:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1158)
Size
5.5 kB (5496 bytes)
Hash
285145c0ebb8605370fe1a99a7a51c7d
a8ccc58002a44bd0c56085c4af910d171cf75ac4
6e1d9fd7c3cc7188e3bae8c2613f9d81047aafe30af2ee0a692a63c27a07abb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: simmsigg.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 06:58:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket102
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_eboaKYLr04qWdqTrY7fYIckV7R2hKBQTpVT36YB4SpzG1nOHyUiI3hKEhCQgaS52Q+UjuYv5j6iLFsWhOjFj3A==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: simmsigg.ch
X-Subdomain: 
Content-Encoding: gzip

simmsigg.ch/

15.197.130.221

5.5 kB

URL User Request GET
simmsigg.ch/
IP
15.197.130.221:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1190)
Size
5.5 kB (5513 bytes)
Hash
c7de2f0f6b010e9b54c42ea7d8fb6d75
f8396582280ac3dc8bd69d317fa8525c4524144c
ea4424db34f46f38844c2764533da0c50514837d209664c233d174a615a42cc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: simmsigg.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 06:58:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_eboaKYLr04qWdqTrY7fYIckV7R2hKBQTpVT36YB4SpzG1nOHyUiI3hKEhCQgaS52Q+UjuYv5j6iLFsWhOjFj3A==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: simmsigg.ch
X-Subdomain: 
Content-Encoding: gzip

www.google.com/adsense/domains/caf.js?abp=1

142.250.74.132

200 OK

54 kB

URL GET HTTP/1.1
www.google.com/adsense/domains/caf.js?abp=1
IP
142.250.74.132:80
ASN
#15169 GOOGLE

Requested by
http://simmsigg.ch/

File type
ASCII text, with very long lines (1888)
Size
54 kB (54355 bytes)
Hash
8a76c49bbeb49fa874cb415fe2b10d0c
76de9796dbe01e64d77fccd00d0b19cf382493b8
a1f85a8b9c0ae7e01a01780b44c447ebbadb5d856c6ff826e2cd9fe19f15135f

HTTP Headers

GET /adsense/domains/caf.js?abp=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Mon, 04 Dec 2023 06:58:52 GMT
Expires: Mon, 04 Dec 2023 06:58:52 GMT
Cache-Control: private, max-age=3600
ETag: "3100330882123301848"
X-Content-Type-Options: nosniff
Link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

simmsigg.ch/track.php?domain=simmsigg.ch&toggle=browserjs&uid=MTcwMTY3MzEzMi43MTg3Ojk3NjBlZGUzMWM1OTA3ZjY2N2JiMzNkYmI3MmJhYWExMTcwMDNhNTM1YzhjMzk0YzFjZDgxNWZlNzlhOTgyYjA6NjU2ZDc4YWNhZjc4Yw%3D%3D

15.197.130.221

200 OK

20 B

URL GET HTTP/1.1
simmsigg.ch/track.php?domain=simmsigg.ch&toggle=browserjs&uid=MTcwMTY3MzEzMi43MTg3Ojk3NjBlZGUzMWM1OTA3ZjY2N2JiMzNkYmI3MmJhYWExMTcwMDNhNTM1YzhjMzk0YzFjZDgxNWZlNzlhOTgyYjA6NjU2ZDc4YWNhZjc4Yw%3D%3D
IP
15.197.130.221:80
ASN
#16509 AMAZON-02

Requested by
http://simmsigg.ch/

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track.php?domain=simmsigg.ch&toggle=browserjs&uid=MTcwMTY3MzEzMi43MTg3Ojk3NjBlZGUzMWM1OTA3ZjY2N2JiMzNkYmI3MmJhYWExMTcwMDNhNTM1YzhjMzk0YzFjZDgxNWZlNzlhOTgyYjA6NjU2ZDc4YWNhZjc4Yw%3D%3D HTTP/1.1
Host: simmsigg.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 06:58:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

simmsigg.ch/ls.php?t=656d78ac&token=c7fa9b5ad6553792e69fca397ad913039a2d6438

15.197.130.221

201 Created

16 B

URL GET HTTP/1.1
simmsigg.ch/ls.php?t=656d78ac&token=c7fa9b5ad6553792e69fca397ad913039a2d6438
IP
15.197.130.221:80
ASN
#16509 AMAZON-02

Requested by
http://simmsigg.ch/

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ls.php?t=656d78ac&token=c7fa9b5ad6553792e69fca397ad913039a2d6438 HTTP/1.1
Host: simmsigg.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Mon, 04 Dec 2023 06:58:53 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 656d78ad12e0b54ca4260786
Charset: utf-8
Access-Control-Allow-Origin: 
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_OrpQ5tDnwTx5wC9A/Wo7G4Xs4mgmPxP5Ejk5PB9ALwSe19mRDK3Zgf+jzUzcdmEb1nrTwpm9zhal3w58rlwgCA==

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

54.230.241.187

200 OK

11 kB

URL GET HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
54.230.241.187:80
ASN
#16509 AMAZON-02

Requested by
http://simmsigg.ch/

File type
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11375 bytes)
Hash
0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 03 Dec 2023 17:26:05 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _M5jrAI2AgVm3i5XJeriCnCMFerQlKXTj0tsscCb4rb9UZXaN2NXYA==
Age: 48768

www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F

142.250.74.132

200 OK

3.0 kB

URL GET HTTP/2
www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://simmsigg.ch/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14033)
Size
3.0 kB (2959 bytes)
Hash
44b2206f788e90ffac4543022f431770
bcd43b351a11313a0844132546a8275a97cf2926
9f6eb494f8d26286f28c45abe75d5cf7b3d9713da36edaf49291a576d4e97f2f

HTTP Headers

GET /afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Mon, 04 Dec 2023 06:58:53 GMT
expires: Mon, 04 Dec 2023 06:58:53 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-WA6sCI8DNk4QKV4cu79yKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 2959
x-xss-protection: 0
set-cookie: NID=511=lhkzEHj3FFgE_l90_MX4QFb6B287zDlgBFs6dTTbc3pk2o02_xRvjYW65g2SBWtonxYI2T6I7_5Tvz4FrmIh51RkZEPk3miUDRakjtSNFiMsFUsVEv1sATCzUK9ujd7ReKbDKvQL9qeNjBj43dLpNr9w4o4xQQQbJvkYCEShYT0; expires=Tue, 04-Jun-2024 06:58:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+773; expires=Wed, 03-Dec-2025 06:58:53 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

simmsigg.ch/favicon.ico

15.197.130.221

200 OK

0 B

URL GET HTTP/1.1
simmsigg.ch/favicon.ico
IP
15.197.130.221:80
ASN
#16509 AMAZON-02

Requested by
http://simmsigg.ch/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: simmsigg.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 06:58:53 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL GET HTTP/3
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (1888)
Size
54 kB (54360 bytes)
Hash
b12a68993aa865bacca71827d5ff3938
788a994fae0e361f39e4137ac60790b784673012
3503f88f15c97af34775dd6a1601c85fed1402b075d1889a263b28dedbafc37f

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 04 Dec 2023 06:58:53 GMT
expires: Mon, 04 Dec 2023 06:58:53 GMT
cache-control: private, max-age=3600
etag: "15592410222595928350"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
11b3089d616633ca6b73b57aa877eeb4
07632f63e06b30d9b63c97177d3a8122629bda9b
809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 02:49:01 GMT
expires: Tue, 05 Dec 2023 01:49:01 GMT
cache-control: public, max-age=82800
age: 14992
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

142.250.74.97

200 OK

270 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fsimmsigg.ch%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2NTZkNzhhY2FmNzVkfHx8MTcwMTY3MzEzMi43MjY1fGE1MzIxYTIyM2IxYzhkZjdkZWE0OTE4MTE0NDkzNmI0MmEzYjU5ODR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxjN2ZhOWI1YWQ2NTUzNzkyZTY5ZmNhMzk3YWQ5MTMwMzlhMmQ2NDM4fDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2686859764326195&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3%7Cs&nocache=7301701673138672&num=0&output=afd_ads&domain_name=simmsigg.ch&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701673138673&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=579967862&uio=--&cont=tc&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fsimmsigg.ch%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size
270 B (270 bytes)
Hash
8959ddcd9712196961d93f58064ed655
62ab1e38e7e9fbf58a04381b76c2d96a9c829f24
17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 02:49:01 GMT
expires: Tue, 05 Dec 2023 01:49:01 GMT
cache-control: public, max-age=82800
age: 14992
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=q3v5e96vesmn&aqid=rXhtZaXOEJyyiM0P87Wl8A8&psid=1167268112&pbt=bs&adbx=375&adby=94&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=579967862&csala=20%7C0%7C283%7C160%7C161&lle=0&ifv=1&hpt=1

142.250.74.132

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=q3v5e96vesmn&aqid=rXhtZaXOEJyyiM0P87Wl8A8&psid=1167268112&pbt=bs&adbx=375&adby=94&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=579967862&csala=20%7C0%7C283%7C160%7C161&lle=0&ifv=1&hpt=1
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://simmsigg.ch/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=q3v5e96vesmn&aqid=rXhtZaXOEJyyiM0P87Wl8A8&psid=1167268112&pbt=bs&adbx=375&adby=94&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=579967862&csala=20%7C0%7C283%7C160%7C161&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Dr50K9rRH-23T26nRwGw7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 04 Dec 2023 06:58:55 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=arewhO8pczyxGUM7aPfxhP8Nzm3Of4GmB2gZFAq_iSle3R_znpdD5lOXoV6g0mSVAA_NzbTJTc2ksyBPqbmuJu5cQ6u4OcmYBxcZNTxyCw_IyJnJCQLFUkKjaWBM9dIydOedGec_woPeejdbFykrlX_tho3QhTn-OtXo_JawEgY; expires=Tue, 04-Jun-2024 06:58:55 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+968; expires=Wed, 03-Dec-2025 06:58:55 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=fbw8p2e61jlw&aqid=rXhtZaXOEJyyiM0P87Wl8A8&psid=1167268112&pbt=bv&adbx=375&adby=94&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=579967862&csala=20%7C0%7C283%7C160%7C161&lle=0&ifv=1&hpt=1

142.250.74.132

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=fbw8p2e61jlw&aqid=rXhtZaXOEJyyiM0P87Wl8A8&psid=1167268112&pbt=bv&adbx=375&adby=94&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=579967862&csala=20%7C0%7C283%7C160%7C161&lle=0&ifv=1&hpt=1
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://simmsigg.ch/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=fbw8p2e61jlw&aqid=rXhtZaXOEJyyiM0P87Wl8A8&psid=1167268112&pbt=bv&adbx=375&adby=94&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=579967862&csala=20%7C0%7C283%7C160%7C161&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-qPMdBhx3rwfKqe8h-OuO4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 04 Dec 2023 06:58:55 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=UMpqvKMQAWL9CK1HOF81kC3cRLNspXCBXeTiZsXEU1_8N2f-b5N66m-5L8cqOuAueIvvAZw8q6kEjoGVILc11DuVAoco9vUMYOYWDYhoQxtxmPkyjtDd2huNoDMc4SHh6W31vsNvANQ272sAt0uLeq2I9UAUEhHOQ2jCqnYlbW4; expires=Tue, 04-Jun-2024 06:58:55 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+398; expires=Wed, 03-Dec-2025 06:58:55 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

simmsigg.ch/track.php?domain=simmsigg.ch&caf=1&toggle=answercheck&answer=yes&uid=MTcwMTY3MzEzMi43MTg3Ojk3NjBlZGUzMWM1OTA3ZjY2N2JiMzNkYmI3MmJhYWExMTcwMDNhNTM1YzhjMzk0YzFjZDgxNWZlNzlhOTgyYjA6NjU2ZDc4YWNhZjc4Yw%3D%3D

15.197.130.221

200 OK

0 B

URL GET HTTP/1.1
simmsigg.ch/track.php?domain=simmsigg.ch&caf=1&toggle=answercheck&answer=yes&uid=MTcwMTY3MzEzMi43MTg3Ojk3NjBlZGUzMWM1OTA3ZjY2N2JiMzNkYmI3MmJhYWExMTcwMDNhNTM1YzhjMzk0YzFjZDgxNWZlNzlhOTgyYjA6NjU2ZDc4YWNhZjc4Yw%3D%3D
IP
15.197.130.221:80
ASN
#16509 AMAZON-02

Requested by
http://simmsigg.ch/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track.php?domain=simmsigg.ch&caf=1&toggle=answercheck&answer=yes&uid=MTcwMTY3MzEzMi43MTg3Ojk3NjBlZGUzMWM1OTA3ZjY2N2JiMzNkYmI3MmJhYWExMTcwMDNhNTM1YzhjMzk0YzFjZDgxNWZlNzlhOTgyYjA6NjU2ZDc4YWNhZjc4Yw%3D%3D HTTP/1.1
Host: simmsigg.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://simmsigg.ch/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 06:58:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by