Report - ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434

Report Overview

Submitted URL
ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
IP
199.59.243.225
ASN
#16509 AMAZON-02
Submitted
2024-04-18 13:34:03
Access
public
Website Title
Utbidet-ugeas.biz
Final URL
ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww7.utbidet-ugeas.biz	unknown	2022-12-07	2024-02-23	2024-03-23	2.2 kB	39 kB	199.59.243.225
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-04-17	3.4 kB	196 kB	216.58.211.14
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-04-17	1.0 kB	2.1 kB	142.250.74.97
parking3.parklogic.com	unknown	2007-02-28	2023-05-10	2024-04-18	1.5 kB	51 kB	45.79.244.209
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	435 B	191 kB	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	utbidet-ugeas.biz	Sinkholed
2024-04-18	medium	utbidet-ugeas.biz	Sinkholed
2024-04-18	medium	utbidet-ugeas.biz	Sinkholed
2024-04-18	medium	utbidet-ugeas.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Utbidet-ugeas.biz	2.1 kB	2024-03-04	2024-04-19
Pretty URL parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Utbidet-ugeas.biz IP 45.79.244.209 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-04 12:34:27 Last Seen2024-04-19 12:07:19 Times Seen6 Hash d5b6e4f4abf038ec22c9f7580f98bf3e fcda32610e86a948f4e63ff874c5b29b0bb13d3f 346d1ce877f432ff911a5696f82e36efd587b7e9347b44975e03d7b65ba70f48 Loading...

	ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434	595 B	2024-04-18	2024-04-18
Pretty URL ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434 IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 15:34:04 Last Seen2024-04-18 15:34:04 Times Seen1 Hash 4aa1d96c69d97f196fbf5c4173960ec5 a7c0a732668fedd986e6336283093456bccc4537 efb63d4020c270690692af799a52d28ecb3465faea5ba99dd26a1f1e111ab425 Loading...

	ww7.utbidet-ugeas.biz/bQZZEPInB.js	33 kB	2024-04-17	2024-04-21
Pretty URL ww7.utbidet-ugeas.biz/bQZZEPInB.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 18:39:28 Last Seen2024-04-21 23:33:09 Times Seen1108 Hash 4c0f57c52b87f02f9d2ed1ae3859243a 8942e2891e8e847934a601d561f4683d169c3b88 999eda15b8baaf116b1df2c02cca93e903773d939229ea3bf6a8a981815136e5 Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	191 kB	2024-04-17	2024-04-18
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 16:00:08 Last Seen2024-04-18 15:46:56 Times Seen17 Hash edce6d775e6dfac447424b5b3b105dc8 bdff6736dd129d622ae5e6cd6adf21c0186ff29f 593d0148ff517c2a24ff6764e5b23c3c904e1fbbb7bdbb006b6cf3a19f1ef5f0 Loading...

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434	609 B	2024-04-18	2024-04-18
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 15:34:04 Last Seen2024-04-18 15:34:04 Times Seen1 Hash 5345d8aaa0502705fec56cb97083ccd7 e6f670009e0a8e3a23d4879a8413ca17038215d7 6526eef86b0c162612388c92ebb6b0da436bb3ac3c0bfa65d2d1201394fb667f Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	191 kB	2024-04-17	2024-04-18
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 23:15:37 Last Seen2024-04-18 15:34:04 Times Seen4 Hash 639d85b5dca5587746ce376fd12e0de5 7362d5d6c6004ac2e76ee0af71b079e77cc92b0f c56800943ce79affefc25f6fb0753e70ddba60a915b688bb2076ebebff999f50 Loading...

		Size	First Seen	Last Seen
	#1 Eval - bbf517b90f7993fd9d4ce748eb4bbaa3	402 B	2024-03-30	2024-05-01
Pretty Observations First Seen2024-03-30 22:46:39 Last Seen2024-05-01 08:50:24 Times Seen45 Hash bbf517b90f7993fd9d4ce748eb4bbaa3 e76c0e3fd4e6e4c38c825d7729e073b0ef737ac5 9c0a0576cfdec6b13ed2b662d2c18c4e9c4fe4a456c61931b8905399e895340e Loading...

		Size	First Seen	Last Seen
	#1 Write - f45764877bb3161f7bd572875b0c97e7	187 B	2023-12-09	2024-04-19
Pretty Observations First Seen2023-12-09 17:53:21 Last Seen2024-04-19 12:07:19 Times Seen120 Hash f45764877bb3161f7bd572875b0c97e7 4b4825e6b25cde5b4174a7d2f1b04c18a8d22f88 3bb175ab2f7d582b3e58db5ff72eb3a705158aa8606ba1b2dd050bd838fd086b Loading...

HTTP Transactions (14)

URL IP Response Size

ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434

199.59.243.225

200 OK

1.3 kB

URL User Request GET HTTP/1.1
ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (610)
Size
1.3 kB (1342 bytes)
Hash
899448106c94761589ba801e57c4bfd2
f7f34cc1505f8302ce036e01c464fc6aeb528508
be1c9854f7b07381a9e5e7500f9fa7752909abd787232fc4211916929c150b10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434 HTTP/1.1
Host: ww7.utbidet-ugeas.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 18 Apr 2024 13:33:37 GMT
content-type: text/html; charset=utf-8
content-length: 1342
x-request-id: 14d05b0d-0aa2-4265-ab1d-95aac9849b7b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JR/KBdxMhS6MWozBaHAq1wYF4DTv38k7Y7K+IUuM+w9EoogpWD489s004ggykJEwEi2Xl7e/diAIkSMcUYsk+w==
set-cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b; expires=Thu, 18 Apr 2024 13:48:38 GMT; path=/

ww7.utbidet-ugeas.biz/bQZZEPInB.js

199.59.243.225

200 OK

33 kB

URL GET HTTP/1.1
ww7.utbidet-ugeas.biz/bQZZEPInB.js
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33288)
Size
33 kB (33291 bytes)
Hash
4c0f57c52b87f02f9d2ed1ae3859243a
8942e2891e8e847934a601d561f4683d169c3b88
999eda15b8baaf116b1df2c02cca93e903773d939229ea3bf6a8a981815136e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bQZZEPInB.js HTTP/1.1
Host: ww7.utbidet-ugeas.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 18 Apr 2024 13:33:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 33291
x-request-id: 46bf4285-c342-4743-8369-e48197bae29b
set-cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b; expires=Thu, 18 Apr 2024 13:48:38 GMT

ww7.utbidet-ugeas.biz/_fd?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434

199.59.243.225

200 OK

2.4 kB

URL POST HTTP/1.1
ww7.utbidet-ugeas.biz/_fd?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434

File type
ASCII text, with very long lines (4825), with no line terminators
Size
2.4 kB (2449 bytes)
Hash
bc92fdf100ec9c19a14c1a2603ce84bc
4cd2028f9e2b3a2bf78883b539ec80a81ab89e2b
4c1bf7ba4612901f91ec16c5eba87842458c244336e6794e414b72099cf1bb6b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434 HTTP/1.1
Host: ww7.utbidet-ugeas.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Content-Type: application/json
Origin: http://ww7.utbidet-ugeas.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
server: openresty
date: Thu, 18 Apr 2024 13:33:38 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2449
x-version: 2.117.4
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b; expires=Thu, 18 Apr 2024 13:48:38 GMT; Max-Age=900; path=/; httponly

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434

216.58.211.14

200 OK

2.6 kB

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintF3:76:52:2E:82:03:17:59:3A:0C:25:75:49:66:99:4F:AB:15:33:CE
ValidityMon, 04 Mar 2024 06:40:54 GMT - Mon, 27 May 2024 06:40:53 GMT

File type
HTML document, ASCII text, with very long lines (13281)
Size
2.6 kB (2568 bytes)
Hash
c7ac078a1f4bb856eb0bc58899536741
28d45b6712889c83ecce246746469e21dc5e4b7f
0063bfc5ff56fd7183282270306e1d1ac9e64ff9aa8942fd31c5457e5e9854c8

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 18 Apr 2024 13:33:38 GMT
expires: Thu, 18 Apr 2024 13:33:38 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-4v2cY7bCos--4wDgjxh9zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2568
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE0:0C:38:A4:4D:4F:CB:42:05:30:9A:C4:60:B3:64:3F:EF:43:D1:2F
ValidityMon, 04 Mar 2024 07:14:32 GMT - Mon, 27 May 2024 07:14:31 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 20:08:53 GMT
expires: Thu, 18 Apr 2024 19:08:53 GMT
cache-control: public, max-age=82800
age: 62686
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE0:0C:38:A4:4D:4F:CB:42:05:30:9A:C4:60:B3:64:3F:EF:43:D1:2F
ValidityMon, 04 Mar 2024 07:14:32 GMT - Mon, 27 May 2024 07:14:31 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 09:52:03 GMT
expires: Fri, 19 Apr 2024 08:52:03 GMT
cache-control: public, max-age=82800
age: 13296
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww7.utbidet-ugeas.biz/_tr

199.59.243.225

200 OK

22 B

URL POST HTTP/1.1
ww7.utbidet-ugeas.biz/_tr
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww7.utbidet-ugeas.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Content-Type: application/json
Content-Length: 1965
Origin: http://ww7.utbidet-ugeas.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Thu, 18 Apr 2024 13:33:39 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
x-version: 2.117.4
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=14d05b0d-0aa2-4265-ab1d-95aac9849b7b; expires=Thu, 18 Apr 2024 13:48:39 GMT; Max-Age=900; path=/; httponly

parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Utbidet-ugeas.biz

45.79.244.209

200 OK

2.1 kB

URL GET HTTP/1.1
parking3.parklogic.com/page/enhance.js?pcId=7&pId=1129&domain=Utbidet-ugeas.biz
IP
45.79.244.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerSectigo Limited
Subject*.parklogic.com
FingerprintA5:25:E3:1A:B4:C8:32:BD:0D:BA:C8:B4:19:22:F9:75:D4:D3:88:3F
ValiditySat, 20 Jan 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (734)
Size
2.1 kB (2073 bytes)
Hash
d5b6e4f4abf038ec22c9f7580f98bf3e
fcda32610e86a948f4e63ff874c5b29b0bb13d3f
346d1ce877f432ff911a5696f82e36efd587b7e9347b44975e03d7b65ba70f48

HTTP Headers

GET /page/enhance.js?pcId=7&pId=1129&domain=Utbidet-ugeas.biz HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 18 Apr 2024 13:33:39 GMT
server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
x-powered-by: PHP/5.5.38
transfer-encoding: chunked
content-type: text/javascript;charset=UTF-8
connection: close

parking3.parklogic.com/page/scribe.php?pcId=7&domain=utbidet-ugeas.biz&pId=1129&usid=15&utid=28078190434&query=null&domainJs=ww7.utbidet-ugeas.biz&path=/d/N&ss=true&lp=1

45.79.244.209

200 OK

46 B

URL GET HTTP/1.1
parking3.parklogic.com/page/scribe.php?pcId=7&domain=utbidet-ugeas.biz&pId=1129&usid=15&utid=28078190434&query=null&domainJs=ww7.utbidet-ugeas.biz&path=/d/N&ss=true&lp=1
IP
45.79.244.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerSectigo Limited
Subject*.parklogic.com
FingerprintA5:25:E3:1A:B4:C8:32:BD:0D:BA:C8:B4:19:22:F9:75:D4:D3:88:3F
ValiditySat, 20 Jan 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
ASCII text
Size
46 B (46 bytes)
Hash
c0fc9a1b28380f063a17615f14be00f3
b7ecca5ab4774ccc34683ad2b9f43fd19a4ae864
e9b5a209bb45f7d6f760111c08135c18ff5ad6ace1bfbfe8d77f796d00d18f41

HTTP Headers

GET /page/scribe.php?pcId=7&domain=utbidet-ugeas.biz&pId=1129&usid=15&utid=28078190434&query=null&domainJs=ww7.utbidet-ugeas.biz&path=/d/N&ss=true&lp=1 HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww7.utbidet-ugeas.biz/
Origin: http://ww7.utbidet-ugeas.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 18 Apr 2024 13:33:39 GMT
server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
x-powered-by: PHP/5.5.38
access-control-allow-origin: *
transfer-encoding: chunked
content-type: text/html;charset=UTF-8
connection: close

parking3.parklogic.com/page/images/pe262/hero_nc.svg

45.79.244.209

200 OK

48 kB

URL GET HTTP/1.1
parking3.parklogic.com/page/images/pe262/hero_nc.svg
IP
45.79.244.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerSectigo Limited
Subject*.parklogic.com
FingerprintA5:25:E3:1A:B4:C8:32:BD:0D:BA:C8:B4:19:22:F9:75:D4:D3:88:3F
ValiditySat, 20 Jan 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
48 kB (48097 bytes)
Hash
5a2c392e7acdf6e9de6e00129500503c
c8d0f80381e4ce180b5eb3c4c98539907292a7bb
878da09a057ec8f1775cdc522e5f7ec44966df547a87a9c29826ba114833c24b

HTTP Headers

GET /page/images/pe262/hero_nc.svg HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 18 Apr 2024 13:33:39 GMT
server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
last-modified: Mon, 08 Mar 2021 23:04:00 GMT
etag: "bbe1-5bd0e72fe1800"
accept-ranges: bytes
content-length: 48097
content-type: image/svg+xml
connection: close

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=c3c2kx3hrv4g&aqid=MiEhZsODLqOrxdwP__Ke2Ac&psid=3113057640&pbt=bs&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=625314022&csala=6%7C0%7C421%7C104%7C24&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=c3c2kx3hrv4g&aqid=MiEhZsODLqOrxdwP__Ke2Ac&psid=3113057640&pbt=bs&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=625314022&csala=6%7C0%7C421%7C104%7C24&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintF3:76:52:2E:82:03:17:59:3A:0C:25:75:49:66:99:4F:AB:15:33:CE
ValidityMon, 04 Mar 2024 06:40:54 GMT - Mon, 27 May 2024 06:40:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=c3c2kx3hrv4g&aqid=MiEhZsODLqOrxdwP__Ke2Ac&psid=3113057640&pbt=bs&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=625314022&csala=6%7C0%7C421%7C104%7C24&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-VPa0xxCSM6w4fDQ2EGNsnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 18 Apr 2024 13:33:40 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=q2xq0j6jukxq&aqid=MiEhZsODLqOrxdwP__Ke2Ac&psid=3113057640&pbt=bv&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=625314022&csala=6%7C0%7C421%7C104%7C24&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=q2xq0j6jukxq&aqid=MiEhZsODLqOrxdwP__Ke2Ac&psid=3113057640&pbt=bv&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=625314022&csala=6%7C0%7C421%7C104%7C24&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintF3:76:52:2E:82:03:17:59:3A:0C:25:75:49:66:99:4F:AB:15:33:CE
ValidityMon, 04 Mar 2024 06:40:54 GMT - Mon, 27 May 2024 06:40:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=q2xq0j6jukxq&aqid=MiEhZsODLqOrxdwP__Ke2Ac&psid=3113057640&pbt=bv&adbx=290&adby=313&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=625314022&csala=6%7C0%7C421%7C104%7C24&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-2mBQKDZ8oII28YaTKhEisA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 18 Apr 2024 13:33:41 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

216.58.211.14

200 OK

191 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol313%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol454&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww7.utbidet-ugeas.biz%2F%3Fcaf%3D1%2602703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%3D%26usid%3D15%26utid%3D28078190434&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2442788251544177&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442%2C17301444%2C17301479&client_gdprApplies=1&format=r3&nocache=5951713447218631&num=0&output=afd_ads&domain_name=ww7.utbidet-ugeas.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713447218633&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=625314022&rurl=http%3A%2F%2Fww7.utbidet-ugeas.biz%2Fd%2FN%3F02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F%26usid%3D15%26utid%3D28078190434
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintF3:76:52:2E:82:03:17:59:3A:0C:25:75:49:66:99:4F:AB:15:33:CE
ValidityMon, 04 Mar 2024 06:40:54 GMT - Mon, 27 May 2024 06:40:53 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
191 kB (190621 bytes)
Hash
639d85b5dca5587746ce376fd12e0de5
7362d5d6c6004ac2e76ee0af71b079e77cc92b0f
c56800943ce79affefc25f6fb0753e70ddba60a915b688bb2076ebebff999f50

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 18 Apr 2024 13:33:39 GMT
expires: Thu, 18 Apr 2024 13:33:39 GMT
cache-control: private, max-age=3600
etag: "182870546353611560"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.164

200 OK

191 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww7.utbidet-ugeas.biz/d/N?02703CDE5D703CDE5D423CF25D703CFCB4CE49FAE3713C1EF57236E8734212E76F&usid=15&utid=28078190434
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
191 kB (190587 bytes)
Hash
edce6d775e6dfac447424b5b3b105dc8
bdff6736dd129d622ae5e6cd6adf21c0186ff29f
593d0148ff517c2a24ff6764e5b23c3c904e1fbbb7bdbb006b6cf3a19f1ef5f0

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww7.utbidet-ugeas.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 18 Apr 2024 13:33:38 GMT
expires: Thu, 18 Apr 2024 13:33:38 GMT
cache-control: private, max-age=3600
etag: "17319119487085449238"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections