| www.google.com.cy/url?q=https://adservice.google.tg/ddm/clk/466651624;272226156;i;;?//img1 | 142.250.74.67 | 302 Found | 263 B |
URL User Request GET HTTP/2www.google.com.cy/url?q=https://adservice.google.tg/ddm/clk/466651624;272226156;i;;?//img1 IP142.250.74.67:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com.cy Fingerprint16:17:D7:CE:79:A2:ED:D1:C3:59:41:8F:34:09:40:73:0C:AB:0B:93 ValidityTue, 16 Apr 2024 04:28:42 GMT - Tue, 09 Jul 2024 04:28:41 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash715f0af26d82130c850edd59f792e695 e79d7c863faa7c6f67d7ff348bb0ace5dea522bb 122c52189c9d8464ca5f33daa22c70d8e0addf43942f9da04eaa277004ae296d
GET /url?q=https://adservice.google.tg/ddm/clk/466651624;272226156;i;;?//img1 HTTP/1.1
Host: www.google.com.cy
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://adservice.google.tg/ddm/clk/466651624;272226156;i;;?//img1
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-X52WktwMHr3CsG8YfrUrMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Wed, 08 May 2024 18:48:30 GMT
server: gws
content-length: 263
x-xss-protection: 0
set-cookie: __Secure-ENID=19.SE=qwwIs_Qt1giQ_N5J67h3bGfVMYAqUTs5-t6lUwzLDzXpRBId-J04xF2ca1MXZKYIr2QCD_1SFRG1JjVHhHQHqdefXmW53Elp8BOHppxzBaJlT9jPqMzDrXAHIrdd2cjOewcmaDlQ-Vo9aGmDIsrGDnILhOn2_CTa4_ggmoUJ0clBuvCq1RB7Tg; expires=Sun, 08-Jun-2025 11:06:47 GMT; path=/; domain=.google.com.cy; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| adservice.google.tg/ddm/clk/466651624;272226156;i;;?//img1 | 142.250.74.98 | 302 Found | 0 B |
URL User Request GET HTTP/2adservice.google.tg/ddm/clk/466651624;272226156;i;;?//img1 IP142.250.74.98:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.tg FingerprintFE:AB:A7:7C:23:B9:26:5F:7D:B4:61:67:24:4D:BB:15:2A:99:5C:9D ValidityTue, 16 Apr 2024 04:31:23 GMT - Tue, 09 Jul 2024 04:31:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/clk/466651624;272226156;i;;?//img1 HTTP/1.1
Host: adservice.google.tg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: //img1?dclid=CPf6pf3b_oUDFfkQogMdPL0BoQ
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 May 2024 18:48:30 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| img1/?dclid=CPf6pf3b_oUDFfkQogMdPL0BoQ | 0.0.0.0 | | 0 B |
URL User Request GET img1/?dclid=CPf6pf3b_oUDFfkQogMdPL0BoQ IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?dclid=CPf6pf3b_oUDFfkQogMdPL0BoQ HTTP/1.1
Host: img1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|