Report - ww25.vps2.gdmhost.ga/?subid1=20231104-2335-1410-a6df-f8e66b465e37

Report Overview

Visited public
2023-11-04 12:35:49
Tags
URL
ww25.vps2.gdmhost.ga/?subid1=20231104-2335-1410-a6df-f8e66b465e37
Finishing URL
ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
IP / ASN
199.59.243.225
#16509 AMAZON-02
Title
gdmhost.ga - gdmhost Ressurser og informasjon

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-04 13:05:27	435 B	56 kB	142.250.74.106
ww01.gdmhost.ga	unknown	unknown	No data	No data	628 B	443 B	103.224.182.210
ww16.gdmhost.ga	unknown	unknown	No data	No data	1.8 kB	8.2 kB	64.190.63.136
img.sedoparking.com	54200	2001-09-18	2013-04-23 00:23:29	2023-11-04 05:10:38	724 B	29 kB	205.234.175.175
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-04 02:18:07	331 B	55 kB	142.250.74.132
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02 02:57:40	2023-11-04 05:09:25	2.5 kB	59 kB	142.250.74.46
ww25.vps2.gdmhost.ga	unknown	unknown	No data	No data	1.5 kB	35 kB	199.59.243.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-04 12:35:32	low	Client IP	Internal IP	ET INFO DNS Query for Suspicious .ga Domain
2023-11-04 12:35:32	low	Client IP	199.59.243.225	ET INFO Suspicious Domain (*.ga) in TLS SNI
2023-11-04 12:35:32	medium	Client IP	199.59.243.225	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:32	medium	Client IP	199.59.243.225	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:33	medium	Client IP	199.59.243.225	ET INFO HTTP POST Request to Suspicious *.ga Domain
2023-11-04 12:35:33	medium	Client IP	199.59.243.225	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:35	medium	Client IP	64.190.63.136	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:35	medium	Client IP	64.190.63.136	ET INFO HTTP Request to a *.ga domain
2023-11-04 12:35:36	medium	Client IP	64.190.63.136	ET INFO HTTP Request to a *.ga domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094	ScriptElement	2.9 kB	2024-08-20	2024-08-20
Pretty URL ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094 IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:57 Last Seen2024-08-20 20:57 Times Seen1 Hash fc304ffaec0fe8bf9e69c1a0e0092e43 57a6b5f9f78e86d5424e4e55f231381222df2fe5 f1f8533cf4356b6f3734e0fde073661505ff7239f8cedcd5209094a84041d850 Loading...

	ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094	ScriptElement	622 B	2023-03-08	2025-01-29
Pretty URL ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094 IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 22:20 Last Seen2025-01-29 07:06 Times Seen3041 Hash 7092a8d1b298a7bf4ee7eea987b0526b 6402a42f627c9d747b1fbb40289398491188b534 cb876f47b991283892edcb04daa58aae2e223eb174699f8b6d8ffc59e7bf1405 Loading...

	www.google.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-02	2023-11-09
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:38 Last Seen2023-11-09 12:24 Times Seen199 Hash 82c98d259cac74fa99fbb0d1b6fbbda6 c5ece156539600db3d27c86a978cd02750c062cc 5df6a4379a761980addd89037e7f9a43b758551e797eedacaf876f34cbd02182 Loading...

	ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094	ScriptElement	5.5 kB	2023-03-07	2024-08-21
Pretty URL ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094 IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2024-08-21 09:43 Times Seen9041 Hash ea441a4ad9bf148e5d8180a531b57c2b f825c0d4c39d7f50bc74188a695903ba8cb5ef20 50cc8ac8f50cdef0641f8c14ac12268a1930df9781ecf751d4d10aa1a3b772f5 Loading...

	www.adsensecustomsearchads.com/afs/ads/i/iframe.html	ScriptElement	1.3 kB	2023-04-05	2025-03-02
Pretty URL www.adsensecustomsearchads.com/afs/ads/i/iframe.html IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 04:36 Last Seen2025-03-02 05:25 Times Seen67768 Hash 33839cb72649c81ab58b763c95b4a163 0c9b62881e660fded013cee58439ae287690065a cdded269406c9b2b49a3066d12e75913abf338cdd7fa00e31fff299efef1cb76 Loading...

	www.adsensecustomsearchads.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMzUmdGNpZD13dzE2LmdkbWhvc3QuZ2E2NTQ2M2E5NzllYTFhMy43NjgwMTc1OSZ0YXNrPXNlYXJjaCZkb21haW49Z2RtaG9zdC5nYSZhX2lkPTMmc2Vzc2lvbj14NFFvUXZMbVhNY2o2RG5JcnBQTA%3D%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3%7Cs&nocache=4831699101335879&num=0&output=afd_ads&domain_name=ww16.gdmhost.ga&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1699101335887&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.gdmhost.ga%2F%3Fpid%3D9POT3387I%26pbsubid%3Da429bd3c-8a35-45b8-9fae-12798f16192b%26noads%3Dhttp%253A%252F%252Fww01.gdmhost.ga%252F%253Fskipskenzo%253Dtrue%26sub1%3D20231104-2335-356e-95a0-d5737fc4c094&referer=http%3A%2F%2Fww25.vps2.gdmhost.ga%2F	ScriptElement	849 B	2024-08-20	2024-08-20
Pretty URL www.adsensecustomsearchads.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMzUmdGNpZD13dzE2LmdkbWhvc3QuZ2E2NTQ2M2E5NzllYTFhMy43NjgwMTc1OSZ0YXNrPXNlYXJjaCZkb21haW49Z2RtaG9zdC5nYSZhX2lkPTMmc2Vzc2lvbj14NFFvUXZMbVhNY2o2RG5JcnBQTA%3D%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3%7Cs&nocache=4831699101335879&num=0&output=afd_ads&domain_name=ww16.gdmhost.ga&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1699101335887&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.gdmhost.ga%2F%3Fpid%3D9POT3387I%26pbsubid%3Da429bd3c-8a35-45b8-9fae-12798f16192b%26noads%3Dhttp%253A%252F%252Fww01.gdmhost.ga%252F%253Fskipskenzo%253Dtrue%26sub1%3D20231104-2335-356e-95a0-d5737fc4c094&referer=http%3A%2F%2Fww25.vps2.gdmhost.ga%2F IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:57 Last Seen2024-08-20 20:57 Times Seen1 Hash 79de421984ce86ae71bc359d946c67ea 3d268eb38d77c2b27b0aff910f5d969e8e97436e 7c472013b3c3afaf668ef2629b0d8dbeb4c684ddd88669e2a7cea4d97d30f9ee Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-02	2023-11-08
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 23:29 Last Seen2023-11-08 10:25 Times Seen94 Hash 2dcdbd359e47ca4a2811b638c277bf47 ce41aa11aca18415f6ee81c6a4b544a300271a7a 9212f4502ce2d4b97b3312f6875934e1e34480960f7e87dffb5627fff66da8aa Loading...

HTTP Transactions (14)

URL IP Response Size

ww25.vps2.gdmhost.ga/?subid1=20231104-2335-1410-a6df-f8e66b465e37

199.59.243.225

1.2 kB

URL
ww25.vps2.gdmhost.ga/?subid1=20231104-2335-1410-a6df-f8e66b465e37
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (450)
Size
1.2 kB (1153 bytes)
Hash
9c60762c4b9b49f35bda3c52db8d4da1
914bdf0d135a8d84940e3bc6b16acf8604d3ee1b
5a30200895b51d9c825b409c6b062b63d64c8b087c36b52192c60fc5dd55f8c9

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /?subid1=20231104-2335-1410-a6df-f8e66b465e37 HTTP/1.1
Host: ww25.vps2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 Nov 2023 12:35:32 GMT
content-type: text/html; charset=utf-8
content-length: 1153
x-request-id: a429bd3c-8a35-45b8-9fae-12798f16192b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QRVYNc/q9X01KroEyAvwt88UnC80hUZ7aDtmSuj35IVnRJCVHttocI+chsPIHowJYoC8sy0nXksamJEp+mulFw==
set-cookie: parking_session=a429bd3c-8a35-45b8-9fae-12798f16192b; expires=Sat, 04 Nov 2023 12:50:32 GMT; path=/

ww25.vps2.gdmhost.ga/blPEIZZWd.js

199.59.243.225

32 kB

URL
ww25.vps2.gdmhost.ga/blPEIZZWd.js
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (32099)
Size
32 kB (32102 bytes)
Hash
6ebd59b2d273cf49366bb4c4cd13faf0
36c1815062aeb1a99220b1abe338e5aaf02dd2ba
7b599318da054f1d77c5b0882c18aa908234c5a32c79b28c791ffafdca11516e

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /blPEIZZWd.js HTTP/1.1
Host: ww25.vps2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.vps2.gdmhost.ga/?subid1=20231104-2335-1410-a6df-f8e66b465e37
Cookie: parking_session=a429bd3c-8a35-45b8-9fae-12798f16192b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 Nov 2023 12:35:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 32102
x-request-id: 539042b5-59fe-4826-8491-00056e0a9ea8
set-cookie: parking_session=a429bd3c-8a35-45b8-9fae-12798f16192b; expires=Sat, 04 Nov 2023 12:50:32 GMT

ww25.vps2.gdmhost.ga/_fd?subid1=20231104-2335-1410-a6df-f8e66b465e37

199.59.243.225

422 B

URL
ww25.vps2.gdmhost.ga/_fd?subid1=20231104-2335-1410-a6df-f8e66b465e37
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (545), with no line terminators
Size
422 B (422 bytes)
Hash
7a42bc9a96a62ef8c2d8a98b7a44ee40
4d6d9cb7f52b76b797aa62c5a831e1ae1035b67a
159ef23822a5ad8c066a42fb5c0fce29d45bc03fe094873046fafefea750af08

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP POST Request to Suspicious *.ga Domain
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

POST /_fd?subid1=20231104-2335-1410-a6df-f8e66b465e37 HTTP/1.1
Host: ww25.vps2.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.vps2.gdmhost.ga/?subid1=20231104-2335-1410-a6df-f8e66b465e37
Content-Type: application/json
Origin: http://ww25.vps2.gdmhost.ga
DNT: 1
Connection: keep-alive
Cookie: parking_session=a429bd3c-8a35-45b8-9fae-12798f16192b
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
server: openresty
date: Sat, 04 Nov 2023 12:35:33 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 422
x-version: 2.110.2
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=a429bd3c-8a35-45b8-9fae-12798f16192b; expires=Sat, 04 Nov 2023 12:50:33 GMT; Max-Age=900; path=/; httponly

fonts.googleapis.com/css?family=Quicksand

142.250.74.106

55 kB

URL
fonts.googleapis.com/css?family=Quicksand
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2067)
Size
55 kB (55084 bytes)
Hash
fb8f24b70c2983f69d0045bd0c7edcb8
a3874f1a7d6754bee09593c9a835efbc30b234fd
5f97aa8a2ce9072f0b48096cbdad1c851b17ea07e235b3893b0288cb691359a9

HTTP Headers

GET /css?family=Quicksand HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.vps2.gdmhost.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Nov 2023 12:35:33 GMT
date: Sat, 04 Nov 2023 12:35:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww01.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue

103.224.182.210

302 Found

2 B

URL User Request GET HTTP/1.1
ww01.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue
IP
103.224.182.210:443
ASN
#133618 Trellian Pty. Limited

Certificate
IssuerLet's Encrypt
Subjectcyjxint.com
FingerprintD0:34:12:92:E2:7F:3F:63:AD:FF:20:F2:39:C7:B3:18:A6:61:1F:5C
ValidityWed, 11 Oct 2023 23:19:08 GMT - Tue, 09 Jan 2024 23:19:07 GMT

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

HTTP Headers

GET /?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue HTTP/1.1
Host: ww01.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww25.vps2.gdmhost.ga/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Sat, 04 Nov 2023 12:35:35 GMT
server: Apache
set-cookie: __tad=1699101335.3327784; expires=Tue, 01-Nov-2033 12:35:35 GMT; Max-Age=315360000
location: http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094

64.190.63.136

200 OK

7.0 kB

URL User Request GET HTTP/1.1
ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
IP
64.190.63.136:80
ASN
#47846 SEDO GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10263)
Size
7.0 kB (6978 bytes)
Hash
5f8490bec8a064896a9a83a9ac6cee3f
37d8d6bba221bee8d34a565bf6d67316a9402d30
d11aceeca05dee1b821476369a751981171638dc0f1d3cc1baa9549632351b7d

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094 HTTP/1.1
Host: ww16.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.vps2.gdmhost.ga/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 Nov 2023 12:35:35 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_VllCrnYQUCQIq/Zce94YPJsCxxhntS7JpiaBafjolwANs8w1yVDMfP0iB/QBRUSnihjJd1RN1WzB/OOCdv1rvA==
last-modified: Sat, 04 Nov 2023 12:35:35 GMT
x-cache-miss-from: parking-697977dd84-vn7t6
server: NginX
content-encoding: gzip

img.sedoparking.com/templates/bg/arrows.png

205.234.175.175

200 OK

13 kB

URL GET HTTP/1.1
img.sedoparking.com/templates/bg/arrows.png
IP
205.234.175.175:80
ASN
#30081 CACHENETWORKS

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094

File type
PNG image data, 426 x 475, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12642 bytes)
Hash
6dc0bad9aa452ff871b282dabd47131e
01411e6726e033240caa3926141a6adbc18a2d73
3059fbd6cd3550047483dca4071c93e5cf4cc79ce8bafc4388166fbc5279644b

HTTP Headers

GET /templates/bg/arrows.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Nov 2023 12:35:35 GMT
Content-Type: image/png
Content-Length: 12642
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Sat, 11 Nov 2023 12:35:35 GMT
X-CFHash: "6dc0bad9aa452ff871b282dabd47131e"
X-CFF: B
Last-Modified: Mon, 11 Oct 2021 05:39:44 GMT
X-CF3: H
CF4Age: 0
x-cf-tsc: 1697358617
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 989ea3edc2365f4d0bd142e0a7a946b9
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL GET HTTP/1.1
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:80
ASN
#15169 GOOGLE

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094

File type
ASCII text, with very long lines (2067)
Size
54 kB (54489 bytes)
Hash
82c98d259cac74fa99fbb0d1b6fbbda6
c5ece156539600db3d27c86a978cd02750c062cc
5df6a4379a761980addd89037e7f9a43b758551e797eedacaf876f34cbd02182

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 04 Nov 2023 12:35:35 GMT
Expires: Sat, 04 Nov 2023 12:35:35 GMT
Cache-Control: private, max-age=3600
ETag: "17568829171740166930"
X-Content-Type-Options: nosniff
Link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

ww16.gdmhost.ga/search/tsc.php?200=NTA3OTIzNzIy&21=OTEuOTAuNDIuMTU0&681=MTY5OTEwMTMzNWQ3YzBjZDMwMmMyOTAwMTA1NGEyOTQ2Y2FhODZlMTRh&crc=66e8a1e9eb6a6e3f4d2d85b9c44ca49f30531d2b&cv=1

64.190.63.136

200 OK

0 B

URL GET HTTP/1.1
ww16.gdmhost.ga/search/tsc.php?200=NTA3OTIzNzIy&21=OTEuOTAuNDIuMTU0&681=MTY5OTEwMTMzNWQ3YzBjZDMwMmMyOTAwMTA1NGEyOTQ2Y2FhODZlMTRh&crc=66e8a1e9eb6a6e3f4d2d85b9c44ca49f30531d2b&cv=1
IP
64.190.63.136:80
ASN
#47846 SEDO GmbH

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /search/tsc.php?200=NTA3OTIzNzIy&21=OTEuOTAuNDIuMTU0&681=MTY5OTEwMTMzNWQ3YzBjZDMwMmMyOTAwMTA1NGEyOTQ2Y2FhODZlMTRh&crc=66e8a1e9eb6a6e3f4d2d85b9c44ca49f30531d2b&cv=1 HTTP/1.1
Host: ww16.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 04 Nov 2023 12:35:35 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-697977dd84-5hs6w
server: NginX

www.adsensecustomsearchads.com/afs/ads/i/iframe.html

142.250.74.46

200 OK

731 B

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads/i/iframe.html
IP
142.250.74.46:443
ASN
#15169 GOOGLE

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint5E:E9:56:77:00:6B:F7:41:C9:A9:BA:29:99:1A:B9:B6:0B:69:F0:FE
ValidityMon, 16 Oct 2023 08:04:08 GMT - Mon, 08 Jan 2024 08:04:07 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1559)
Size
731 B (731 bytes)
Hash
590b8560b797e5cb1ef1287ef918bbee
759ddead4f102dff311f5ca320b9b6664bfaecaf
8435218ad186180d125d84fe97f0a518aaacc2d6fb4046b19cb239818b7c827a

HTTP Headers

GET /afs/ads/i/iframe.html HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-KDtZwYML75qGqCTl9P4ZbA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 731
date: Sat, 04 Nov 2023 12:35:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Tue, 24 Oct 2023 06:00:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

img.sedoparking.com/templates/logos/sedo_logo.png

205.234.175.175

200 OK

15 kB

URL GET HTTP/1.1
img.sedoparking.com/templates/logos/sedo_logo.png
IP
205.234.175.175:80
ASN
#30081 CACHENETWORKS

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15086 bytes)
Hash
def00c11b1596db4efee6a9fbe64fc27
bd298981e6d8d7e4ffa18abcf687041f4246672d
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4

HTTP Headers

GET /templates/logos/sedo_logo.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Nov 2023 12:35:35 GMT
Content-Type: image/png
Content-Length: 15086
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Sat, 11 Nov 2023 12:35:35 GMT
X-CFHash: "def00c11b1596db4efee6a9fbe64fc27"
X-CFF: B
Last-Modified: Mon, 11 Jan 2021 07:44:34 GMT
X-CF3: H
CF4Age: 0
x-cf-tsc: 1696677940
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: aee012137aa58efd26fef9ed07921492
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes

www.adsensecustomsearchads.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMzUmdGNpZD13dzE2LmdkbWhvc3QuZ2E2NTQ2M2E5NzllYTFhMy43NjgwMTc1OSZ0YXNrPXNlYXJjaCZkb21haW49Z2RtaG9zdC5nYSZhX2lkPTMmc2Vzc2lvbj14NFFvUXZMbVhNY2o2RG5JcnBQTA%3D%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3%7Cs&nocache=4831699101335879&num=0&output=afd_ads&domain_name=ww16.gdmhost.ga&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1699101335887&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.gdmhost.ga%2F%3Fpid%3D9POT3387I%26pbsubid%3Da429bd3c-8a35-45b8-9fae-12798f16192b%26noads%3Dhttp%253A%252F%252Fww01.gdmhost.ga%252F%253Fskipskenzo%253Dtrue%26sub1%3D20231104-2335-356e-95a0-d5737fc4c094&referer=http%3A%2F%2Fww25.vps2.gdmhost.ga%2F

142.250.74.46

200 OK

609 B

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMzUmdGNpZD13dzE2LmdkbWhvc3QuZ2E2NTQ2M2E5NzllYTFhMy43NjgwMTc1OSZ0YXNrPXNlYXJjaCZkb21haW49Z2RtaG9zdC5nYSZhX2lkPTMmc2Vzc2lvbj14NFFvUXZMbVhNY2o2RG5JcnBQTA%3D%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3%7Cs&nocache=4831699101335879&num=0&output=afd_ads&domain_name=ww16.gdmhost.ga&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1699101335887&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.gdmhost.ga%2F%3Fpid%3D9POT3387I%26pbsubid%3Da429bd3c-8a35-45b8-9fae-12798f16192b%26noads%3Dhttp%253A%252F%252Fww01.gdmhost.ga%252F%253Fskipskenzo%253Dtrue%26sub1%3D20231104-2335-356e-95a0-d5737fc4c094&referer=http%3A%2F%2Fww25.vps2.gdmhost.ga%2F
IP
142.250.74.46:443
ASN
#15169 GOOGLE

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint5E:E9:56:77:00:6B:F7:41:C9:A9:BA:29:99:1A:B9:B6:0B:69:F0:FE
ValidityMon, 16 Oct 2023 08:04:08 GMT - Mon, 08 Jan 2024 08:04:07 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (657)
Size
609 B (609 bytes)
Hash
8e806924874192278272038fe1952047
8d151ff30dd11ed0b2fc1cf92a5c0f58a492fd8c
eb8998c6fdcbec8d49d3703ff2cb2ce710e29aaa052b15eb2a0a371361c557c5

HTTP Headers

GET /afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMzUmdGNpZD13dzE2LmdkbWhvc3QuZ2E2NTQ2M2E5NzllYTFhMy43NjgwMTc1OSZ0YXNrPXNlYXJjaCZkb21haW49Z2RtaG9zdC5nYSZhX2lkPTMmc2Vzc2lvbj14NFFvUXZMbVhNY2o2RG5JcnBQTA%3D%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3%7Cs&nocache=4831699101335879&num=0&output=afd_ads&domain_name=ww16.gdmhost.ga&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1699101335887&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.gdmhost.ga%2F%3Fpid%3D9POT3387I%26pbsubid%3Da429bd3c-8a35-45b8-9fae-12798f16192b%26noads%3Dhttp%253A%252F%252Fww01.gdmhost.ga%252F%253Fskipskenzo%253Dtrue%26sub1%3D20231104-2335-356e-95a0-d5737fc4c094&referer=http%3A%2F%2Fww25.vps2.gdmhost.ga%2F HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 04 Nov 2023 12:35:35 GMT
expires: Sat, 04 Nov 2023 12:35:35 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-V5il4_3mwpqZsXzTHlQofA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 609
x-xss-protection: 0
set-cookie: CONSENT=PENDING+968; expires=Mon, 03-Nov-2025 12:35:35 GMT; path=/; domain=.adsensecustomsearchads.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/adsense/domains/caf.js

142.250.74.46

200 OK

55 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
142.250.74.46:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.gdmhost.ga%2Fcaf%2F%3Fses%3DY3JlPTE2OTkxMDEzMzUmdGNpZD13dzE2LmdkbWhvc3QuZ2E2NTQ2M2E5NzllYTFhMy43NjgwMTc1OSZ0YXNrPXNlYXJjaCZkb21haW49Z2RtaG9zdC5nYSZhX2lkPTMmc2Vzc2lvbj14NFFvUXZMbVhNY2o2RG5JcnBQTA%3D%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3%7Cs&nocache=4831699101335879&num=0&output=afd_ads&domain_name=ww16.gdmhost.ga&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1699101335887&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=578165713&uio=--&cont=rb-default&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww16.gdmhost.ga%2F%3Fpid%3D9POT3387I%26pbsubid%3Da429bd3c-8a35-45b8-9fae-12798f16192b%26noads%3Dhttp%253A%252F%252Fww01.gdmhost.ga%252F%253Fskipskenzo%253Dtrue%26sub1%3D20231104-2335-356e-95a0-d5737fc4c094&referer=http%3A%2F%2Fww25.vps2.gdmhost.ga%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint5E:E9:56:77:00:6B:F7:41:C9:A9:BA:29:99:1A:B9:B6:0B:69:F0:FE
ValidityMon, 16 Oct 2023 08:04:08 GMT - Mon, 08 Jan 2024 08:04:07 GMT

File type
ASCII text, with very long lines (2067)
Size
55 kB (54555 bytes)
Hash
0f3be5914b45a408112487b0ce9a03db
ac706c99467c397b7225be3e61df701bec0e0f47
f4a70886102adaeac4154c997f7581116e38902bf622aeb0fee4386fea15664d

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 04 Nov 2023 12:35:36 GMT
expires: Sat, 04 Nov 2023 12:35:36 GMT
cache-control: private, max-age=3600
etag: "11641124990077234181"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ww16.gdmhost.ga/search/fb.php?ses=4c14134272fbdb530169910133512a4b80a3b4be4c&ec=23

64.190.63.136

403 Forbidden

58 B

URL GET HTTP/1.1
ww16.gdmhost.ga/search/fb.php?ses=4c14134272fbdb530169910133512a4b80a3b4be4c&ec=23
IP
64.190.63.136:80
ASN
#47846 SEDO GmbH

Requested by
http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094

File type
exported SGML document, ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
bd94f215d49998add9fdf87a0c5f9523
cce4f14efe55bc31205f0678dd013dae81b5631a
fd70dd11e5d93f9a35651faa62976498caf3d0b9c00665095916cdd87b1a629f

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /search/fb.php?ses=4c14134272fbdb530169910133512a4b80a3b4be4c&ec=23 HTTP/1.1
Host: ww16.gdmhost.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.gdmhost.ga/?pid=9POT3387I&pbsubid=a429bd3c-8a35-45b8-9fae-12798f16192b&noads=http%3A%2F%2Fww01.gdmhost.ga%2F%3Fskipskenzo%3Dtrue&sub1=20231104-2335-356e-95a0-d5737fc4c094
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
date: Sat, 04 Nov 2023 12:35:36 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-697977dd84-vn7t6
server: NginX
content-encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL