| afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff |  142.250.178.65 | 200 OK | 391 B |
URL GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff IP142.250.178.65:443
Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fww5.galyqaz.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.SQ0NIZyTMRGe2RGdPbIHrKs6cEltUVbehn5xbJwTjVB6iCak4WRmog.E550XRuNjUeazdhQhfezsw.KaittEgAggaLKcTV_M2AZEmg8XAqS5KX-YY-nFN_CgtyPIpCg5q1mx6wziMLoF74qeiO1_AGX8T5TL1kvjSp57i79NeTx-5_IdNj4GK5R4eZnYqSD26YBkOKg4DLP8n09LFYf6d03aLHZOTSIaHdXD9HQsgqbLr-FSen3sspabGwZI9srjP2WEVhyuVvrmixRM2x5mpY4XRtU575j214x9AsmORpJ6R_ZHrxTB8HSP-qEaNvtmyKpNxWNjdPsjQvMXrpKTM7O5rOP5F-bzEzxFfGAN4-J70cBBQ-5r9HzCkeC-Or90Y7JODqxTda-7It-Eetyhxuu5oI40D2R-Hhv5E2ozExVTV-zi6FJaR-ryJnD5LoBjO_4Vjg4Xo1vcsMreN2Z61Y8bjUCEiiek2RalUCB9R10NOe8mMapqEe_Su4w0T75LSl2sbhuOel3FpZjdxlqpXw5jBoJe0Pt01-quSsXV5-OQa1y4q-8P3mcITDSanoG9x8uQla9toFIn9eRTPxYcWFw_fEYJLT5fy9-6_HNZrQFAy2w2aSoY3nXgsnaHU0hQbLohqJL7exCnHIZkDyVIKsU37jVXG8h0xnT8rVQtiZgQDfXGVaUr2xrZvI_3JctugUuWU_tTELIFah.DkU1ykIkZOfKmeDtjb8qsw&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2205074027463661&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545&format=r3%7Cs&nocache=6801744997699841&num=0&output=afd_ads&domain_name=ww5.galyqaz.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744997699847&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=747525664&rurl=https%3A%2F%2Fww5.galyqaz.com%2F CertificateIssuerGoogle Trust Services Subject*.googleusercontent.com Fingerprint85:7D:D7:AA:27:49:F3:83:36:F8:74:84:32:01:E8:F1:A5:3B:95:77 ValidityMon, 31 Mar 2025 08:55:30 GMT - Mon, 23 Jun 2025 08:55:29 GMT
File typeSVG Scalable Vector Graphics image Hash8959ddcd9712196961d93f58064ed655 62ab1e38e7e9fbf58a04381b76c2d96a9c829f24 17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 22:03:29 GMT
expires: Fri, 18 Apr 2025 21:03:29 GMT
cache-control: public, max-age=82800
age: 70292
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| |  199.191.50.83 | 302 Found | 18 kB |
IP199.191.50.83:443 ASN#40034 CONFLUENCE-NETWORK-INC
CertificateIssuerZeroSSL Subjectgalyqaz.com Fingerprint51:71:10:42:65:E4:49:4D:3B:23:B5:29:2C:0A:13:C2:EC:3B:B8:BA ValidityThu, 20 Feb 2025 00:00:00 GMT - Wed, 21 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login.phpeb HTTP/1.1
Host: galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: openresty
Date: Fri, 18 Apr 2025 17:34:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Location: //ww5.galyqaz.com
|
|
| ww5.galyqaz.com/favicon.ico | 76.223.26.96 | 200 OK | 0 B |
URL GET ww5.galyqaz.com/favicon.ico IP76.223.26.96:443
CertificateIssuerLet's Encrypt Subjectww5.galyqaz.com FingerprintA8:03:D4:AB:81:C3:63:C0:6A:80:C2:C4:A3:18:ED:DE:E6:CF:23:76 ValidityThu, 20 Feb 2025 05:21:51 GMT - Wed, 21 May 2025 05:21:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ww5.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
alt-svc: h3=":50944"; ma=2592000
content-type: image/x-icon
date: Fri, 18 Apr 2025 17:34:59 GMT
etag: "670f7248-0"
last-modified: Wed, 16 Oct 2024 07:59:04 GMT
server: Caddy, nginx
content-length: 0
X-Firefox-Spdy: h2
|
|
| syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fww5.galyqaz.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.SQ0NIZyTMRGe2RGdPbIHrKs6cEltUVbehn5xbJwTjVB6iCak4WRmog.E550XRuNjUeazdhQhfezsw.KaittEgAggaLKcTV_M2AZEmg8XAqS5KX-YY-nFN_CgtyPIpCg5q1mx6wziMLoF74qeiO1_AGX8T5TL1kvjSp57i79NeTx-5_IdNj4GK5R4eZnYqSD26YBkOKg4DLP8n09LFYf6d03aLHZOTSIaHdXD9HQsgqbLr-FSen3sspabGwZI9srjP2WEVhyuVvrmixRM2x5mpY4XRtU575j214x9AsmORpJ6R_ZHrxTB8HSP-qEaNvtmyKpNxWNjdPsjQvMXrpKTM7O5rOP5F-bzEzxFfGAN4-J70cBBQ-5r9HzCkeC-Or90Y7JODqxTda-7It-Eetyhxuu5oI40D2R-Hhv5E2ozExVTV-zi6FJaR-ryJnD5LoBjO_4Vjg4Xo1vcsMreN2Z61Y8bjUCEiiek2RalUCB9R10NOe8mMapqEe_Su4w0T75LSl2sbhuOel3FpZjdxlqpXw5jBoJe0Pt01-quSsXV5-OQa1y4q-8P3mcITDSanoG9x8uQla9toFIn9eRTPxYcWFw_fEYJLT5fy9-6_HNZrQFAy2w2aSoY3nXgsnaHU0hQbLohqJL7exCnHIZkDyVIKsU37jVXG8h0xnT8rVQtiZgQDfXGVaUr2xrZvI_3JctugUuWU_tTELIFah.DkU1ykIkZOfKmeDtjb8qsw&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2205074027463661&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545&format=r3%7Cs&nocache=6801744997699841&num=0&output=afd_ads&domain_name=ww5.galyqaz.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744997699847&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=747525664&rurl=https%3A%2F%2Fww5.galyqaz.com%2F | 142.250.178.78 | 200 OK | 16 kB |
URL GET syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fww5.galyqaz.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.SQ0NIZyTMRGe2RGdPbIHrKs6cEltUVbehn5xbJwTjVB6iCak4WRmog.E550XRuNjUeazdhQhfezsw.KaittEgAggaLKcTV_M2AZEmg8XAqS5KX-YY-nFN_CgtyPIpCg5q1mx6wziMLoF74qeiO1_AGX8T5TL1kvjSp57i79NeTx-5_IdNj4GK5R4eZnYqSD26YBkOKg4DLP8n09LFYf6d03aLHZOTSIaHdXD9HQsgqbLr-FSen3sspabGwZI9srjP2WEVhyuVvrmixRM2x5mpY4XRtU575j214x9AsmORpJ6R_ZHrxTB8HSP-qEaNvtmyKpNxWNjdPsjQvMXrpKTM7O5rOP5F-bzEzxFfGAN4-J70cBBQ-5r9HzCkeC-Or90Y7JODqxTda-7It-Eetyhxuu5oI40D2R-Hhv5E2ozExVTV-zi6FJaR-ryJnD5LoBjO_4Vjg4Xo1vcsMreN2Z61Y8bjUCEiiek2RalUCB9R10NOe8mMapqEe_Su4w0T75LSl2sbhuOel3FpZjdxlqpXw5jBoJe0Pt01-quSsXV5-OQa1y4q-8P3mcITDSanoG9x8uQla9toFIn9eRTPxYcWFw_fEYJLT5fy9-6_HNZrQFAy2w2aSoY3nXgsnaHU0hQbLohqJL7exCnHIZkDyVIKsU37jVXG8h0xnT8rVQtiZgQDfXGVaUr2xrZvI_3JctugUuWU_tTELIFah.DkU1ykIkZOfKmeDtjb8qsw&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2205074027463661&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545&format=r3%7Cs&nocache=6801744997699841&num=0&output=afd_ads&domain_name=ww5.galyqaz.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744997699847&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=747525664&rurl=https%3A%2F%2Fww5.galyqaz.com%2F IP142.250.178.78:443
CertificateIssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (15304) Hashf3b87395b0e6422ec4c44e6bf73e2746 b6a1acdd12a366e24530f7d37ff5d3d8fadb16be fbecefbce3b87bbf0fbdca48b5c69f4011d67970d03e29c18f48a9ea0b625f90
GET /afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fww5.galyqaz.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.SQ0NIZyTMRGe2RGdPbIHrKs6cEltUVbehn5xbJwTjVB6iCak4WRmog.E550XRuNjUeazdhQhfezsw.KaittEgAggaLKcTV_M2AZEmg8XAqS5KX-YY-nFN_CgtyPIpCg5q1mx6wziMLoF74qeiO1_AGX8T5TL1kvjSp57i79NeTx-5_IdNj4GK5R4eZnYqSD26YBkOKg4DLP8n09LFYf6d03aLHZOTSIaHdXD9HQsgqbLr-FSen3sspabGwZI9srjP2WEVhyuVvrmixRM2x5mpY4XRtU575j214x9AsmORpJ6R_ZHrxTB8HSP-qEaNvtmyKpNxWNjdPsjQvMXrpKTM7O5rOP5F-bzEzxFfGAN4-J70cBBQ-5r9HzCkeC-Or90Y7JODqxTda-7It-Eetyhxuu5oI40D2R-Hhv5E2ozExVTV-zi6FJaR-ryJnD5LoBjO_4Vjg4Xo1vcsMreN2Z61Y8bjUCEiiek2RalUCB9R10NOe8mMapqEe_Su4w0T75LSl2sbhuOel3FpZjdxlqpXw5jBoJe0Pt01-quSsXV5-OQa1y4q-8P3mcITDSanoG9x8uQla9toFIn9eRTPxYcWFw_fEYJLT5fy9-6_HNZrQFAy2w2aSoY3nXgsnaHU0hQbLohqJL7exCnHIZkDyVIKsU37jVXG8h0xnT8rVQtiZgQDfXGVaUr2xrZvI_3JctugUuWU_tTELIFah.DkU1ykIkZOfKmeDtjb8qsw&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2205074027463661&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545&format=r3%7Cs&nocache=6801744997699841&num=0&output=afd_ads&domain_name=ww5.galyqaz.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744997699847&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=747525664&rurl=https%3A%2F%2Fww5.galyqaz.com%2F HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 18 Apr 2025 17:35:00 GMT
expires: Fri, 18 Apr 2025 17:35:00 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-H91zBZhNYQXcwdpu4Q2B2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 3482
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| syndicatedsearch.goog/adsense/domains/caf.js | 142.250.178.78 | 200 OK | 144 kB |
URL GET syndicatedsearch.goog/adsense/domains/caf.js IP142.250.178.78:443
Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fww5.galyqaz.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.SQ0NIZyTMRGe2RGdPbIHrKs6cEltUVbehn5xbJwTjVB6iCak4WRmog.E550XRuNjUeazdhQhfezsw.KaittEgAggaLKcTV_M2AZEmg8XAqS5KX-YY-nFN_CgtyPIpCg5q1mx6wziMLoF74qeiO1_AGX8T5TL1kvjSp57i79NeTx-5_IdNj4GK5R4eZnYqSD26YBkOKg4DLP8n09LFYf6d03aLHZOTSIaHdXD9HQsgqbLr-FSen3sspabGwZI9srjP2WEVhyuVvrmixRM2x5mpY4XRtU575j214x9AsmORpJ6R_ZHrxTB8HSP-qEaNvtmyKpNxWNjdPsjQvMXrpKTM7O5rOP5F-bzEzxFfGAN4-J70cBBQ-5r9HzCkeC-Or90Y7JODqxTda-7It-Eetyhxuu5oI40D2R-Hhv5E2ozExVTV-zi6FJaR-ryJnD5LoBjO_4Vjg4Xo1vcsMreN2Z61Y8bjUCEiiek2RalUCB9R10NOe8mMapqEe_Su4w0T75LSl2sbhuOel3FpZjdxlqpXw5jBoJe0Pt01-quSsXV5-OQa1y4q-8P3mcITDSanoG9x8uQla9toFIn9eRTPxYcWFw_fEYJLT5fy9-6_HNZrQFAy2w2aSoY3nXgsnaHU0hQbLohqJL7exCnHIZkDyVIKsU37jVXG8h0xnT8rVQtiZgQDfXGVaUr2xrZvI_3JctugUuWU_tTELIFah.DkU1ykIkZOfKmeDtjb8qsw&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2205074027463661&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545&format=r3%7Cs&nocache=6801744997699841&num=0&output=afd_ads&domain_name=ww5.galyqaz.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744997699847&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=747525664&rurl=https%3A%2F%2Fww5.galyqaz.com%2F CertificateIssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT
File typeJavaScript source, ASCII text, with very long lines (1839) Size144 kB (144035 bytes) Hash42aee60b820a982c9ec46781b3cf9555 0b6ea1d48181c9986637a6a00fca1e283c0aa17a 775b1f18d131b5e287ac19dd485121e56f53eabdb6c7f6cd11eaa9d880b4c67d
GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 18 Apr 2025 17:35:00 GMT
expires: Fri, 18 Apr 2025 17:35:00 GMT
cache-control: private, max-age=3600
etag: "14478210006332764065"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| obseu.astarsbuilding.com/ct?id=80705&url=https%3A%2F%2Fww5.galyqaz.com%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=c858e1a3169169b1721c480961d954919b87d36b&tsf=0&tsfmi=&tsfu=&cb=1744997700751&hl=2&op=0&ag=2881387774&rand=047286862966711070665527199205051060219997706779050019192968975229165111568866419071280&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDE1OThdLFsiYWJuY2giLDMxXSxbLTksIi0iXSxbLTE4LCJbMSwwLDAsMF0iXSxbLTQxLCItIl0sWy01MywiMDAxIl0sWy00LCItIl0sWy0xMiwiXCIxXCIiXSxbLTIzLCIrIl0sWy0yNiwiLSJdLFstMzIsIjAiXSxbLTU1LCIwIl0sWy0xMCwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsMTAyNCxudWxsXSJdLFstMjgsImVuLVVTLGVuIl0sWy0zMywiLSJdLFstMzgsImksLTEsLTEsMTUxNywwLDEsMCwyNTgsMjY0LDY1LC0xLDAsLDMxMDQsMzY4OCwzNjg3Il0sWy00MiwiODgzMzk5MDE2Il0sWy00MywiMDAwMDAwMDEwMDAwMDAwMDAwMTExMDAxMDAwMDAxMDAwMDAwMDAwIl0sWy01OSwiLSJdLFstNjMsIi0iXSxbLTY3LCItIl0sWy03MCwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTUxLCItIl0sWy02OCwiLSJdLFstNjksIkxpbnV4IHg4Nl82NHx8fDQ4fC18LSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI2MzkyMjI0NjhcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy01OCwiLSJdLFstNjYsIi0iXSxbLTM0LCItIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy00NiwiMCJdLFstNTIsIi0iXSxbLTY0LCItIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xMywiLSJdLFstMTUsIi0iXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zNSwiWzE3NDQ5OTc3MDAyMTksMF0iXSxbLTYxLCItIl0sWy02NSwiLSJdLFstOCwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI3LCItIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiXSJdLFstNDksIi0iXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFdFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnRER3c0xBUXNWRGdnQUZrMFhYRUZKVmt0TlNoWUZlVkZOVFVsS0F4WVdYRXhXV3hkWVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3dzTlh3RU1DZ2tMV0ZnTFd3OWNXZ29KV0ZoYUFGZ0JERjFZQzFwYlh3QVhVMG9EQ0FNUEN3ME9BUlZLWEUxdFVGUmNWa3hOR1ZGWVYxMVZYRXNURGdnQUZrMFhYRUZKVmt0TlNoWUZlVkZOVFVsS0F4WVdYRXhXV3hkWVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3c9PSJdLFstNjIsIjU4Il0sWy0xLCJMaW51eCB4ODZfNjQiXSxbLTIsIjE4LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjozMjYsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwibGx2bXBpcGVcIixcInNlZlwiOjQ5NDE5NTA0MyxcInNlY1wiOlwiXCJ9Il0sWy0yNCwiW10iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZV0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFsiYm5jaCIsMTU3MF0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNzIsIkV4VT0iXSxbLTE2LCIwIl0sWy0zMSwiZmFsc2UiXSxbLTQwLCIzNyJdLFsiZGRiIiwiMCwxOCwxLDEsMSw1LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsNSwwLDAsNCw0LDAsMSwwLDAsMCwxLDEsMjcsMjE5LDAsMzIsMCw0LDAsMCwwLDEsMCwwLDAsMSwxNiwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMTEsMSwwIl0sWyJjYiIsIjIsMCw1LDAsMCwwLDAsMCwxLDEyLDEyOSwwLDMzNywwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsNCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCw2LDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCw0LDAsMCwwLDMiXV0%3D&dep=0&pre=0&sdd=&cri=r1OA3xE3Sn&pto=4780&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744997700.7W67sO100WsdKBM8&suid=1.1744997700.0VhwNqG0VHMSKAZD&tuid=1.1744997700.DEJ7Yew4NX7LHPqk&fbc=->m=-&it=10%2C2773%2C232&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D |  3.248.162.96 | 200 OK | 3.4 kB |
URL GET obseu.astarsbuilding.com/ct?id=80705&url=https%3A%2F%2Fww5.galyqaz.com%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=c858e1a3169169b1721c480961d954919b87d36b&tsf=0&tsfmi=&tsfu=&cb=1744997700751&hl=2&op=0&ag=2881387774&rand=047286862966711070665527199205051060219997706779050019192968975229165111568866419071280&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDE1OThdLFsiYWJuY2giLDMxXSxbLTksIi0iXSxbLTE4LCJbMSwwLDAsMF0iXSxbLTQxLCItIl0sWy01MywiMDAxIl0sWy00LCItIl0sWy0xMiwiXCIxXCIiXSxbLTIzLCIrIl0sWy0yNiwiLSJdLFstMzIsIjAiXSxbLTU1LCIwIl0sWy0xMCwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsMTAyNCxudWxsXSJdLFstMjgsImVuLVVTLGVuIl0sWy0zMywiLSJdLFstMzgsImksLTEsLTEsMTUxNywwLDEsMCwyNTgsMjY0LDY1LC0xLDAsLDMxMDQsMzY4OCwzNjg3Il0sWy00MiwiODgzMzk5MDE2Il0sWy00MywiMDAwMDAwMDEwMDAwMDAwMDAwMTExMDAxMDAwMDAxMDAwMDAwMDAwIl0sWy01OSwiLSJdLFstNjMsIi0iXSxbLTY3LCItIl0sWy03MCwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTUxLCItIl0sWy02OCwiLSJdLFstNjksIkxpbnV4IHg4Nl82NHx8fDQ4fC18LSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI2MzkyMjI0NjhcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy01OCwiLSJdLFstNjYsIi0iXSxbLTM0LCItIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy00NiwiMCJdLFstNTIsIi0iXSxbLTY0LCItIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xMywiLSJdLFstMTUsIi0iXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zNSwiWzE3NDQ5OTc3MDAyMTksMF0iXSxbLTYxLCItIl0sWy02NSwiLSJdLFstOCwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI3LCItIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiXSJdLFstNDksIi0iXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFdFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnRER3c0xBUXNWRGdnQUZrMFhYRUZKVmt0TlNoWUZlVkZOVFVsS0F4WVdYRXhXV3hkWVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3dzTlh3RU1DZ2tMV0ZnTFd3OWNXZ29KV0ZoYUFGZ0JERjFZQzFwYlh3QVhVMG9EQ0FNUEN3ME9BUlZLWEUxdFVGUmNWa3hOR1ZGWVYxMVZYRXNURGdnQUZrMFhYRUZKVmt0TlNoWUZlVkZOVFVsS0F4WVdYRXhXV3hkWVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3c9PSJdLFstNjIsIjU4Il0sWy0xLCJMaW51eCB4ODZfNjQiXSxbLTIsIjE4LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjozMjYsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwibGx2bXBpcGVcIixcInNlZlwiOjQ5NDE5NTA0MyxcInNlY1wiOlwiXCJ9Il0sWy0yNCwiW10iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZV0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFsiYm5jaCIsMTU3MF0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNzIsIkV4VT0iXSxbLTE2LCIwIl0sWy0zMSwiZmFsc2UiXSxbLTQwLCIzNyJdLFsiZGRiIiwiMCwxOCwxLDEsMSw1LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsNSwwLDAsNCw0LDAsMSwwLDAsMCwxLDEsMjcsMjE5LDAsMzIsMCw0LDAsMCwwLDEsMCwwLDAsMSwxNiwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMTEsMSwwIl0sWyJjYiIsIjIsMCw1LDAsMCwwLDAsMCwxLDEyLDEyOSwwLDMzNywwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsNCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCw2LDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCw0LDAsMCwwLDMiXV0%3D&dep=0&pre=0&sdd=&cri=r1OA3xE3Sn&pto=4780&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744997700.7W67sO100WsdKBM8&suid=1.1744997700.0VhwNqG0VHMSKAZD&tuid=1.1744997700.DEJ7Yew4NX7LHPqk&fbc=->m=-&it=10%2C2773%2C232&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D IP3.248.162.96:443
CertificateIssuerZeroSSL Subject*.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3365), with no line terminators Hasha51d3b1ddfe1c5d9013f45db37bc9c99 21f9f068c5644b74b87d40e0890ad235e5b1d415 edf9b1db355c43cbaddb525270053d1abf6b7c478467b93d0fc4518a35415e69
GET /ct?id=80705&url=https%3A%2F%2Fww5.galyqaz.com%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=c858e1a3169169b1721c480961d954919b87d36b&tsf=0&tsfmi=&tsfu=&cb=1744997700751&hl=2&op=0&ag=2881387774&rand=047286862966711070665527199205051060219997706779050019192968975229165111568866419071280&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDE1OThdLFsiYWJuY2giLDMxXSxbLTksIi0iXSxbLTE4LCJbMSwwLDAsMF0iXSxbLTQxLCItIl0sWy01MywiMDAxIl0sWy00LCItIl0sWy0xMiwiXCIxXCIiXSxbLTIzLCIrIl0sWy0yNiwiLSJdLFstMzIsIjAiXSxbLTU1LCIwIl0sWy0xMCwiLSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLFwiLVwiLFwiLVwiLDEyODAsMTAyNCxudWxsXSJdLFstMjgsImVuLVVTLGVuIl0sWy0zMywiLSJdLFstMzgsImksLTEsLTEsMTUxNywwLDEsMCwyNTgsMjY0LDY1LC0xLDAsLDMxMDQsMzY4OCwzNjg3Il0sWy00MiwiODgzMzk5MDE2Il0sWy00MywiMDAwMDAwMDEwMDAwMDAwMDAwMTExMDAxMDAwMDAxMDAwMDAwMDAwIl0sWy01OSwiLSJdLFstNjMsIi0iXSxbLTY3LCItIl0sWy03MCwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTUxLCItIl0sWy02OCwiLSJdLFstNjksIkxpbnV4IHg4Nl82NHx8fDQ4fC18LSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTQ1LCI3NTIsMCwwLDcxOSwwLDAsNzYxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI2MzkyMjI0NjhcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy01OCwiLSJdLFstNjYsIi0iXSxbLTM0LCItIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy00NiwiMCJdLFstNTIsIi0iXSxbLTY0LCItIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xMywiLSJdLFstMTUsIi0iXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zNSwiWzE3NDQ5OTc3MDAyMTksMF0iXSxbLTYxLCItIl0sWy02NSwiLSJdLFstOCwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI3LCItIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiXSJdLFstNDksIi0iXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFdFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnRER3c0xBUXNWRGdnQUZrMFhYRUZKVmt0TlNoWUZlVkZOVFVsS0F4WVdYRXhXV3hkWVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3dzTlh3RU1DZ2tMV0ZnTFd3OWNXZ29KV0ZoYUFGZ0JERjFZQzFwYlh3QVhVMG9EQ0FNUEN3ME9BUlZLWEUxdFVGUmNWa3hOR1ZGWVYxMVZYRXNURGdnQUZrMFhYRUZKVmt0TlNoWUZlVkZOVFVsS0F4WVdYRXhXV3hkWVNrMVlTMHBiVEZCVlhWQlhYaGRhVmxRV1NrRkpGbEFXQ3c9PSJdLFstNjIsIjU4Il0sWy0xLCJMaW51eCB4ODZfNjQiXSxbLTIsIjE4LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJtZXNhXCIsXCJyXCI6XCJsbHZtcGlwZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMFwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wXCIsXCJndmVuXCI6XCJtb3ppbGxhXCIsXCJiZW5cIjozMjYsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwibGx2bXBpcGVcIixcInNlZlwiOjQ5NDE5NTA0MyxcInNlY1wiOlwiXCJ9Il0sWy0yNCwiW10iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZV0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFsiYm5jaCIsMTU3MF0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNzIsIkV4VT0iXSxbLTE2LCIwIl0sWy0zMSwiZmFsc2UiXSxbLTQwLCIzNyJdLFsiZGRiIiwiMCwxOCwxLDEsMSw1LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsNSwwLDAsNCw0LDAsMSwwLDAsMCwxLDEsMjcsMjE5LDAsMzIsMCw0LDAsMCwwLDEsMCwwLDAsMSwxNiwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMTEsMSwwIl0sWyJjYiIsIjIsMCw1LDAsMCwwLDAsMCwxLDEyLDEyOSwwLDMzNywwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsNCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCw2LDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCw0LDAsMCwwLDMiXV0%3D&dep=0&pre=0&sdd=&cri=r1OA3xE3Sn&pto=4780&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744997700.7W67sO100WsdKBM8&suid=1.1744997700.0VhwNqG0VHMSKAZD&tuid=1.1744997700.DEJ7Yew4NX7LHPqk&fbc=->m=-&it=10%2C2773%2C232&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D HTTP/1.1
Host: obseu.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/javascript
date: Fri, 18 Apr 2025 17:35:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
set-cookie: cg_uuid=c6479b07dce2ea0d0698248d0177e77f; Max-Age=29030400; Path=/; Expires=Fri, 20 Mar 2026 17:35:00 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: https://ww5.galyqaz.com
content-length: 1162
X-Firefox-Spdy: h2
|
|
| ww5.galyqaz.com/munin/a/tr/answercheck/yes?domain=galyqaz.com&caf=1&toggle=answercheck&answer=yes&uid=MTc0NDk5NzY5OC4wMzE0OjQyYTdiNjQ5MzNjOGQ4OTZiMTRhYmFmZWI3YjA1ZTI0ZWQ5MzNmM2Y3OTg2YTA1MDNhMzdkNTA1M2E5ZjU0NDI6NjgwMjhkNDIwN2FiMA%3D%3D | 76.223.26.96 | 200 OK | 0 B |
URL GET ww5.galyqaz.com/munin/a/tr/answercheck/yes?domain=galyqaz.com&caf=1&toggle=answercheck&answer=yes&uid=MTc0NDk5NzY5OC4wMzE0OjQyYTdiNjQ5MzNjOGQ4OTZiMTRhYmFmZWI3YjA1ZTI0ZWQ5MzNmM2Y3OTg2YTA1MDNhMzdkNTA1M2E5ZjU0NDI6NjgwMjhkNDIwN2FiMA%3D%3D IP76.223.26.96:443
CertificateIssuerLet's Encrypt Subjectww5.galyqaz.com FingerprintA8:03:D4:AB:81:C3:63:C0:6A:80:C2:C4:A3:18:ED:DE:E6:CF:23:76 ValidityThu, 20 Feb 2025 05:21:51 GMT - Wed, 21 May 2025 05:21:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /munin/a/tr/answercheck/yes?domain=galyqaz.com&caf=1&toggle=answercheck&answer=yes&uid=MTc0NDk5NzY5OC4wMzE0OjQyYTdiNjQ5MzNjOGQ4OTZiMTRhYmFmZWI3YjA1ZTI0ZWQ5MzNmM2Y3OTg2YTA1MDNhMzdkNTA1M2E5ZjU0NDI6NjgwMjhkNDIwN2FiMA%3D%3D HTTP/1.1
Host: ww5.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Cookie: _cq_duid=1.1744997700.7W67sO100WsdKBM8; _cq_suid=1.1744997700.0VhwNqG0VHMSKAZD
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime: 30
access-control-allow-origin: *
alt-svc: h3=":50944"; ma=2592000
content-type: text/html; charset=UTF-8
date: Fri, 18 Apr 2025 17:35:01 GMT
server: Caddy, nginx
x-custom-track: answercheck
content-length: 0
X-Firefox-Spdy: h2
|
|
| obseu.astarsbuilding.com/mon | 3.248.162.96 | 200 OK | 0 B |
URL POST obseu.astarsbuilding.com/mon IP3.248.162.96:443
CertificateIssuerZeroSSL Subject*.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: obseu.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1684
Origin: https://ww5.galyqaz.com
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Cookie: cg_uuid=c6479b07dce2ea0d0698248d0177e77f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://ww5.galyqaz.com
content-type: application/json
date: Fri, 18 Apr 2025 17:35:04 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| ww5.galyqaz.com/munin/a/ls?t=68028d42&token=c858e1a3169169b1721c480961d954919b87d36b | 76.223.26.96 | 201 Created | 0 B |
URL GET ww5.galyqaz.com/munin/a/ls?t=68028d42&token=c858e1a3169169b1721c480961d954919b87d36b IP76.223.26.96:443
CertificateIssuerLet's Encrypt Subjectww5.galyqaz.com FingerprintA8:03:D4:AB:81:C3:63:C0:6A:80:C2:C4:A3:18:ED:DE:E6:CF:23:76 ValidityThu, 20 Feb 2025 05:21:51 GMT - Wed, 21 May 2025 05:21:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /munin/a/ls?t=68028d42&token=c858e1a3169169b1721c480961d954919b87d36b HTTP/1.1
Host: ww5.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 201 Created
accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime: 30
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin:
access-control-max-age: 86400
alt-svc: h3=":50944"; ma=2592000
charset: utf-8
content-type: text/javascript;charset=UTF-8
date: Fri, 18 Apr 2025 17:34:59 GMT
server: Caddy, nginx
status: 201 Created
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_E7b7ow/xesgJFz0UoJLmaseGperbFZl60quKvplMeLw5+921Fln5t183kMLTjomEewTuALl48pt87NGvMIxG3g==
x-log-success: 68028d4330764b297501afad
content-length: 0
X-Firefox-Spdy: h2
|
|
| obseu.astarsbuilding.com/mon | 3.248.162.96 | 200 OK | 0 B |
URL POST obseu.astarsbuilding.com/mon IP3.248.162.96:443
CertificateIssuerZeroSSL Subject*.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: obseu.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2470
Origin: https://ww5.galyqaz.com
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Cookie: cg_uuid=c6479b07dce2ea0d0698248d0177e77f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://ww5.galyqaz.com
content-type: application/json
date: Fri, 18 Apr 2025 17:35:02 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| obseu.astarsbuilding.com/mon | 3.248.162.96 | 200 OK | 0 B |
URL POST obseu.astarsbuilding.com/mon IP3.248.162.96:443
CertificateIssuerZeroSSL Subject*.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: obseu.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1685
Origin: https://ww5.galyqaz.com
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Cookie: cg_uuid=c6479b07dce2ea0d0698248d0177e77f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://ww5.galyqaz.com
content-type: application/json
date: Fri, 18 Apr 2025 17:35:06 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| | 76.223.26.96 | 200 OK | 18 kB |
IP76.223.26.96:443
CertificateIssuerLet's Encrypt Subjectww5.galyqaz.com FingerprintA8:03:D4:AB:81:C3:63:C0:6A:80:C2:C4:A3:18:ED:DE:E6:CF:23:76 ValidityThu, 20 Feb 2025 05:21:51 GMT - Wed, 21 May 2025 05:21:50 GMT
File typeHTML document, ASCII text, with very long lines (9112) Hashefee76e7264b78c776a1cdc63c91e29e e1e72033e4f8b4a2e9e08f20e74d87c5e43ccdaf 318da05c51cf84a0f71f43b7cce36c00b1b9bc2e1b3a78eb9c3ba37fdbfc4bf7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: ww5.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime: 30
alt-svc: h3=":50944"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 18 Apr 2025 17:34:58 GMT
server: Caddy, nginx
vary: Accept-Encoding
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_X3w4hhZFDZhr3H9nti5d9dxz+RxXZACpiiQdKas8P4WhAk/ztNK3DqoJnVf9At9OxknbUj634W+UrkviNCFqEg==
x-buckets: bucket102,bucket077
x-domain: galyqaz.com
x-language: norwegian
x-pcrew-blocked-reason: hosting network
x-pcrew-ip-organization: Blix Solutions
x-subdomain: ww5
x-template: tpl_CleanPeppermintBlack_twoclick
X-Firefox-Spdy: h2
|
|
| ww5.galyqaz.com/munin/a/tr/browserjs?domain=galyqaz.com&toggle=browserjs&uid=MTc0NDk5NzY5OC4wMzE0OjQyYTdiNjQ5MzNjOGQ4OTZiMTRhYmFmZWI3YjA1ZTI0ZWQ5MzNmM2Y3OTg2YTA1MDNhMzdkNTA1M2E5ZjU0NDI6NjgwMjhkNDIwN2FiMA%3D%3D | 76.223.26.96 | 200 OK | 0 B |
URL GET ww5.galyqaz.com/munin/a/tr/browserjs?domain=galyqaz.com&toggle=browserjs&uid=MTc0NDk5NzY5OC4wMzE0OjQyYTdiNjQ5MzNjOGQ4OTZiMTRhYmFmZWI3YjA1ZTI0ZWQ5MzNmM2Y3OTg2YTA1MDNhMzdkNTA1M2E5ZjU0NDI6NjgwMjhkNDIwN2FiMA%3D%3D IP76.223.26.96:443
CertificateIssuerLet's Encrypt Subjectww5.galyqaz.com FingerprintA8:03:D4:AB:81:C3:63:C0:6A:80:C2:C4:A3:18:ED:DE:E6:CF:23:76 ValidityThu, 20 Feb 2025 05:21:51 GMT - Wed, 21 May 2025 05:21:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /munin/a/tr/browserjs?domain=galyqaz.com&toggle=browserjs&uid=MTc0NDk5NzY5OC4wMzE0OjQyYTdiNjQ5MzNjOGQ4OTZiMTRhYmFmZWI3YjA1ZTI0ZWQ5MzNmM2Y3OTg2YTA1MDNhMzdkNTA1M2E5ZjU0NDI6NjgwMjhkNDIwN2FiMA%3D%3D HTTP/1.1
Host: ww5.galyqaz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime: 30
access-control-allow-origin: *
alt-svc: h3=":50944"; ma=2592000
content-type: text/html; charset=UTF-8
date: Fri, 18 Apr 2025 17:34:58 GMT
server: Caddy, nginx
x-custom-track: browserjs
content-length: 0
X-Firefox-Spdy: h2
|
|
| d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png | 3.167.7.19 | 200 OK | 11 kB |
URL GET d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png IP3.167.7.19:443
CertificateIssuerAmazon Subject*.cloudfront.net Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62 ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT
File typePNG image data, 1500 x 600, 8-bit colormap, non-interlaced Hash0cb2e5165dc9324eb462199f04e1ffa9 9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 11375
server: nginx
date: Fri, 18 Apr 2025 11:05:07 GMT
accept-ranges: bytes
last-modified: Thu, 21 Mar 2024 11:48:11 GMT
etag: "czzekhpxmtxd8rz"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: W6BbTpN5S9c6FXOWUodmHhWTbDUcwwG4W5gTp8A3t6VhF_quYLNNqQ==
age: 23392
X-Firefox-Spdy: h2
|
|
| www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true | 142.250.178.100 | 200 OK | 144 kB |
URL GET www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true IP142.250.178.100:443
CertificateIssuerGoogle Trust Services Subjectwww.google.com FingerprintFD:1E:8C:23:6E:3E:CE:28:8F:BB:1E:C1:87:A0:77:5D:45:20:F7:03 ValidityMon, 31 Mar 2025 08:56:21 GMT - Mon, 23 Jun 2025 08:56:20 GMT
File typeJavaScript source, ASCII text, with very long lines (1839) Size144 kB (144019 bytes) Hash0106321d2e9603cfffa814109b236a23 04a5853287557e94be67940873fb124918fba1a3 726ce1fe16bc07e9a432c8bd26f3996e6944a8f7b607ca4eeb7a807a95cc6a5d
GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 18 Apr 2025 17:34:59 GMT
expires: Fri, 18 Apr 2025 17:34:59 GMT
cache-control: private, max-age=3600
etag: "18129102473900050016"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| obseu.astarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126eeace3ced408a9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671a84878e0e7e3f1caa2b2206d26adf36c702390d21975a545f34035893b96c1977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c43795603a0d82e627b51acfe1f708bada77a99e70f7b4e29fff0a490cb21becfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b0266ab6c74538a799aa3e9155a01bad9604d01b9edd75c52427d4cc769b3acec0e2f08eecff0b79e425a4c5853b4d26eec16992a850f614540bd34148c78587cfd1ec8220887290defbc879e43c2374a77e3ab2939f45659faa75a60ee49841d438ed73414752c73aba1fdfc2a93ff6c734c408ec8adfcd6c83550435bd52541d3e4c7de6a268b349c2e78164fdde2abdde6cde82c8f07688bcf174603ed0a9110495f7195442acd5b367a7269bea5cefe032b37ca0339d4fd514d7ab3edb1b27e4ad9a7a3b237d022803400aa9e98b70cf01b141525e2ffab453c29f190de2a5d8bbb870dfebe4fd9ae5a9f14f2220e913c3ef0d7c89516405d664597565ff7ca87619dceca6658d23a8248bab4b8eec76eb0607333c103f56c594f6d12e7a4b9b1f4191dad0bcb7ca531b9ed6e53ae88e047bbeaa6f5f1288fbad443da563c006cb08e92d9a0cdacf17fcb33be59c88d286331795e75236c572d8e5b7d76efc2d6f0419862a0306a3a934e2f00688ddc2da5ecd9b95675f7316c262f854ee0ceddf0bc3651a7e1f28777dfd48dad47147b36cc1a4e92799921c9e7e72b3033c71caaac30059ef72e99c508745230a4aa02973c1fc867ac1562288da50f28a9fed8a41db5e49304ab12467409690104ee36ab2eccb2c93c1bd4d4f76a76a230800d30512a2c0a80a1bce272d8f8b95188aadfabd057de96be2593d44c6187223968549&cri=r1OA3xE3Sn&ts=412&cb=1744997701163 | 3.248.162.96 | 200 OK | 43 B |
URL GET obseu.astarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126eeace3ced408a9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671a84878e0e7e3f1caa2b2206d26adf36c702390d21975a545f34035893b96c1977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c43795603a0d82e627b51acfe1f708bada77a99e70f7b4e29fff0a490cb21becfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b0266ab6c74538a799aa3e9155a01bad9604d01b9edd75c52427d4cc769b3acec0e2f08eecff0b79e425a4c5853b4d26eec16992a850f614540bd34148c78587cfd1ec8220887290defbc879e43c2374a77e3ab2939f45659faa75a60ee49841d438ed73414752c73aba1fdfc2a93ff6c734c408ec8adfcd6c83550435bd52541d3e4c7de6a268b349c2e78164fdde2abdde6cde82c8f07688bcf174603ed0a9110495f7195442acd5b367a7269bea5cefe032b37ca0339d4fd514d7ab3edb1b27e4ad9a7a3b237d022803400aa9e98b70cf01b141525e2ffab453c29f190de2a5d8bbb870dfebe4fd9ae5a9f14f2220e913c3ef0d7c89516405d664597565ff7ca87619dceca6658d23a8248bab4b8eec76eb0607333c103f56c594f6d12e7a4b9b1f4191dad0bcb7ca531b9ed6e53ae88e047bbeaa6f5f1288fbad443da563c006cb08e92d9a0cdacf17fcb33be59c88d286331795e75236c572d8e5b7d76efc2d6f0419862a0306a3a934e2f00688ddc2da5ecd9b95675f7316c262f854ee0ceddf0bc3651a7e1f28777dfd48dad47147b36cc1a4e92799921c9e7e72b3033c71caaac30059ef72e99c508745230a4aa02973c1fc867ac1562288da50f28a9fed8a41db5e49304ab12467409690104ee36ab2eccb2c93c1bd4d4f76a76a230800d30512a2c0a80a1bce272d8f8b95188aadfabd057de96be2593d44c6187223968549&cri=r1OA3xE3Sn&ts=412&cb=1744997701163 IP3.248.162.96:443
CertificateIssuerZeroSSL Subject*.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashdb04c7b378cb2db912c3ba8a5a774ee3 dee34bd86c3484d31002182aa2b7caa4699126b8 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126eeace3ced408a9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671a84878e0e7e3f1caa2b2206d26adf36c702390d21975a545f34035893b96c1977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c43795603a0d82e627b51acfe1f708bada77a99e70f7b4e29fff0a490cb21becfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b0266ab6c74538a799aa3e9155a01bad9604d01b9edd75c52427d4cc769b3acec0e2f08eecff0b79e425a4c5853b4d26eec16992a850f614540bd34148c78587cfd1ec8220887290defbc879e43c2374a77e3ab2939f45659faa75a60ee49841d438ed73414752c73aba1fdfc2a93ff6c734c408ec8adfcd6c83550435bd52541d3e4c7de6a268b349c2e78164fdde2abdde6cde82c8f07688bcf174603ed0a9110495f7195442acd5b367a7269bea5cefe032b37ca0339d4fd514d7ab3edb1b27e4ad9a7a3b237d022803400aa9e98b70cf01b141525e2ffab453c29f190de2a5d8bbb870dfebe4fd9ae5a9f14f2220e913c3ef0d7c89516405d664597565ff7ca87619dceca6658d23a8248bab4b8eec76eb0607333c103f56c594f6d12e7a4b9b1f4191dad0bcb7ca531b9ed6e53ae88e047bbeaa6f5f1288fbad443da563c006cb08e92d9a0cdacf17fcb33be59c88d286331795e75236c572d8e5b7d76efc2d6f0419862a0306a3a934e2f00688ddc2da5ecd9b95675f7316c262f854ee0ceddf0bc3651a7e1f28777dfd48dad47147b36cc1a4e92799921c9e7e72b3033c71caaac30059ef72e99c508745230a4aa02973c1fc867ac1562288da50f28a9fed8a41db5e49304ab12467409690104ee36ab2eccb2c93c1bd4d4f76a76a230800d30512a2c0a80a1bce272d8f8b95188aadfabd057de96be2593d44c6187223968549&cri=r1OA3xE3Sn&ts=412&cb=1744997701163 HTTP/1.1
Host: obseu.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Cookie: cg_uuid=c6479b07dce2ea0d0698248d0177e77f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
date: Fri, 18 Apr 2025 17:35:01 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 43
X-Firefox-Spdy: h2
|
|
| afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff | 142.250.178.65 | 200 OK | 200 B |
URL GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff IP142.250.178.65:443
Requested byhttps://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fww5.galyqaz.com%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.SQ0NIZyTMRGe2RGdPbIHrKs6cEltUVbehn5xbJwTjVB6iCak4WRmog.E550XRuNjUeazdhQhfezsw.KaittEgAggaLKcTV_M2AZEmg8XAqS5KX-YY-nFN_CgtyPIpCg5q1mx6wziMLoF74qeiO1_AGX8T5TL1kvjSp57i79NeTx-5_IdNj4GK5R4eZnYqSD26YBkOKg4DLP8n09LFYf6d03aLHZOTSIaHdXD9HQsgqbLr-FSen3sspabGwZI9srjP2WEVhyuVvrmixRM2x5mpY4XRtU575j214x9AsmORpJ6R_ZHrxTB8HSP-qEaNvtmyKpNxWNjdPsjQvMXrpKTM7O5rOP5F-bzEzxFfGAN4-J70cBBQ-5r9HzCkeC-Or90Y7JODqxTda-7It-Eetyhxuu5oI40D2R-Hhv5E2ozExVTV-zi6FJaR-ryJnD5LoBjO_4Vjg4Xo1vcsMreN2Z61Y8bjUCEiiek2RalUCB9R10NOe8mMapqEe_Su4w0T75LSl2sbhuOel3FpZjdxlqpXw5jBoJe0Pt01-quSsXV5-OQa1y4q-8P3mcITDSanoG9x8uQla9toFIn9eRTPxYcWFw_fEYJLT5fy9-6_HNZrQFAy2w2aSoY3nXgsnaHU0hQbLohqJL7exCnHIZkDyVIKsU37jVXG8h0xnT8rVQtiZgQDfXGVaUr2xrZvI_3JctugUuWU_tTELIFah.DkU1ykIkZOfKmeDtjb8qsw&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2205074027463661&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107%2C17301545&format=r3%7Cs&nocache=6801744997699841&num=0&output=afd_ads&domain_name=ww5.galyqaz.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744997699847&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=747525664&rurl=https%3A%2F%2Fww5.galyqaz.com%2F CertificateIssuerGoogle Trust Services Subject*.googleusercontent.com Fingerprint85:7D:D7:AA:27:49:F3:83:36:F8:74:84:32:01:E8:F1:A5:3B:95:77 ValidityMon, 31 Mar 2025 08:55:30 GMT - Mon, 23 Jun 2025 08:55:29 GMT
File typeSVG Scalable Vector Graphics image Hash11b3089d616633ca6b73b57aa877eeb4 07632f63e06b30d9b63c97177d3a8122629bda9b 809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Apr 2025 12:29:44 GMT
expires: Sat, 19 Apr 2025 11:29:44 GMT
cache-control: public, max-age=82800
age: 18317
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=u1oq2z22aspr&cd_fexp=72717107%2C17301545&aqid=RI0CaJ2fCaHThcIPgPe-yQY&psid=5837883959&pbt=bv&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=747525664&csala=17%7C0%7C862%7C84%7C378&lle=0&ifv=1&hpt=1 | 142.250.178.78 | 204 No Content | 0 B |
URL GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=u1oq2z22aspr&cd_fexp=72717107%2C17301545&aqid=RI0CaJ2fCaHThcIPgPe-yQY&psid=5837883959&pbt=bv&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=747525664&csala=17%7C0%7C862%7C84%7C378&lle=0&ifv=1&hpt=1 IP142.250.178.78:443
CertificateIssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=u1oq2z22aspr&cd_fexp=72717107%2C17301545&aqid=RI0CaJ2fCaHThcIPgPe-yQY&psid=5837883959&pbt=bv&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=747525664&csala=17%7C0%7C862%7C84%7C378&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-o5wkhUtYTetnjc4cuP7UGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 18 Apr 2025 17:35:02 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| euob.astarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js | 143.204.55.85 | 200 OK | 111 kB |
URL GET euob.astarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js IP143.204.55.85:443
CertificateIssuerAmazon Subject*.astarsbuilding.com FingerprintDD:1E:42:74:B7:0D:4D:51:5C:C2:3A:AF:0C:79:1A:F5:AA:7C:06:D5 ValidityTue, 18 Jun 2024 00:00:00 GMT - Fri, 18 Jul 2025 23:59:59 GMT
Size111 kB (111247 bytes) Hashafe94535ce21bd3036be4ff3a1ecd46f 1e8dd3d52e3aa19b9da04c6d8bb33050f669bee3 85c3f71659009cce4b4e9564b7631faa7ff2552402e9c2b9365c79be53433f7d
GET /sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js HTTP/1.1
Host: euob.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 40789
content-encoding: gzip
server: Caddy
cache-control: max-age=43200
date: Fri, 18 Apr 2025 07:42:31 GMT
expires: Fri, 18 Apr 2025 19:42:31 GMT
etag: "1b28f-Ho3T1S46oZudoExti7MwUPZpvuM"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Yt3__ABM3F08R9PaG0INtygYDzOAhSoGPtc1IsYZGc3MZDJ4-TKHDA==
age: 35547
X-Firefox-Spdy: h2
|
|
| syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=au8vlipgn7cv&cd_fexp=72717107%2C17301545&aqid=RI0CaJ2fCaHThcIPgPe-yQY&psid=5837883959&pbt=bs&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=747525664&csala=17%7C0%7C862%7C84%7C378&lle=0&ifv=1&hpt=1 | 142.250.178.78 | 204 No Content | 0 B |
URL GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=au8vlipgn7cv&cd_fexp=72717107%2C17301545&aqid=RI0CaJ2fCaHThcIPgPe-yQY&psid=5837883959&pbt=bs&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=747525664&csala=17%7C0%7C862%7C84%7C378&lle=0&ifv=1&hpt=1 IP142.250.178.78:443
CertificateIssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=au8vlipgn7cv&cd_fexp=72717107%2C17301545&aqid=RI0CaJ2fCaHThcIPgPe-yQY&psid=5837883959&pbt=bs&adbx=375&adby=132&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=747525664&csala=17%7C0%7C862%7C84%7C378&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-dhu-jItVNXqPgU5Iv6l55A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 18 Apr 2025 17:35:02 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| obseu.astarsbuilding.com/mon | 3.248.162.96 | 200 OK | 0 B |
URL POST obseu.astarsbuilding.com/mon IP3.248.162.96:443
CertificateIssuerZeroSSL Subject*.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: obseu.astarsbuilding.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1687
Origin: https://ww5.galyqaz.com
DNT: 1
Connection: keep-alive
Referer: https://ww5.galyqaz.com/
Cookie: cg_uuid=c6479b07dce2ea0d0698248d0177e77f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://ww5.galyqaz.com
content-type: application/json
date: Fri, 18 Apr 2025 17:35:11 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|