Report - cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php

Report Overview

Submitted URL
cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php
IP
103.224.212.217
ASN
#133618 Trellian Pty. Limited
Submitted
2024-04-26 09:03:59
Access
public
Website Title
Cestica.me
Final URL
ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	429 B	191 kB	142.250.74.164
cestica.me	unknown	2023-08-24	2021-07-07	2023-12-19	509 B	372 B	103.224.212.217
ww25.cestica.me	unknown	2023-08-24	2023-10-26	2024-03-24	2.1 kB	40 kB	199.59.243.225
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-04-25	3.3 kB	196 kB	216.58.211.14
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-04-25	1.0 kB	2.1 kB	142.250.74.97
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-24	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-13	medium	cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php	Allied Bank Limited

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	cestica.me	Sinkholed
2024-04-26	medium	cestica.me	Sinkholed
2024-04-26	medium	cestica.me	Sinkholed
2024-04-26	medium	cestica.me	Sinkholed
2024-04-26	medium	cestica.me	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	ww25.cestica.me/brsanSaSd.js	34 kB	2024-04-22	2024-05-07
Pretty URL ww25.cestica.me/brsanSaSd.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-22 21:49:17 Last Seen2024-05-07 00:57:19 Times Seen4298 Hash f48baec69cc4dc0852d118259eff2d56 e64c6e4423421da5b35700154810cb67160bc32b 463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	190 kB	2024-04-25	2024-05-01
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 21:46:26 Last Seen2024-05-01 13:58:55 Times Seen595 Hash d15cd4dbc1cfa25c88768f61f5bfc4c9 c4da2bb1e8ff4f11d29a38f8a76a0794a0673578 aa68af7a8320d47cc240712f142dd9b131039e581194c8558226c99226e68a68 Loading...

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2	609 B	2024-04-26	2024-04-26
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 11:04:00 Last Seen2024-04-26 11:04:00 Times Seen1 Hash 4482304177c5c1c72f3a90555b2626eb 811c6caed215a928e9d56ac85b8626c7aecb26a8 f9e3d04f716c35291dacf07c918bf14bb88d524267413ad4f9e0fd9f7b213b5b Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	190 kB	2024-04-25	2024-05-01
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 21:33:13 Last Seen2024-05-01 19:12:12 Times Seen501 Hash a9a2066d927101b32d52247e7ff9c782 bbb529028e884b2e4bc0152f63be0a1a1c745bce 74bbf74144e3ab5d015469774160b2e1e7c08f6d3b3686b7aaf749953fc68613 Loading...

	ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2	479 B	2024-04-26	2024-04-26
Pretty URL ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2 IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 11:04:00 Last Seen2024-04-26 11:04:00 Times Seen1 Hash 92faa1263949f2589986650ee9a266ef 5377eff39c84185b612b59658d25444d4ddbbeed 681dc67f5bcc49df1406fab261aa513f2155052f48e928f7727549dfc635ca83 Loading...

HTTP Transactions (13)

URL IP Response Size

cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php

103.224.212.217

302 Found

2 B

URL User Request GET HTTP/1.1
cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php
IP
103.224.212.217:443
ASN
#133618 Trellian Pty. Limited

Certificate
IssuerLet's Encrypt
Subjectsiwauye.xyz
FingerprintD4:B3:C0:B2:D3:BE:AB:A3:8B:E7:FE:A1:56:DC:3D:74:7F:16:08:CF
ValiditySat, 20 Apr 2024 16:19:21 GMT - Fri, 19 Jul 2024 16:19:20 GMT

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Allied Bank Limited
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/upgrade/MmmMBbbhBB/mkb/signin.php HTTP/1.1
Host: cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Fri, 26 Apr 2024 09:03:35 GMT
server: Apache
set-cookie: __tad=1714122215.4324439; expires=Mon, 24-Apr-2034 09:03:35 GMT; Max-Age=315360000
location: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2

199.59.243.225

200 OK

1.2 kB

URL User Request GET HTTP/1.1
ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (494)
Size
1.2 kB (1226 bytes)
Hash
e7e06609f1a11d74adcf3770f882f0a7
c1edf845921d79401eb75c2e5d329739a7c6bf67
b507ceee87cc443c1f35c88eaa220e06178dc5a7a79417c8afd150dbaf0a7324

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2 HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 26 Apr 2024 09:03:35 GMT
content-type: text/html; charset=utf-8
content-length: 1226
x-request-id: 8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_NuxNZ+WintW0uQGuyLKWgw4zr54A222Bni835u7XbGSNMPkD5Fkq1JdaOuFdjwf7ES/vy02xVp7/qDlfaTpPIA==
set-cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5; expires=Fri, 26 Apr 2024 09:18:35 GMT; path=/

ww25.cestica.me/brsanSaSd.js

199.59.243.225

200 OK

34 kB

URL GET HTTP/1.1
ww25.cestica.me/brsanSaSd.js
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /brsanSaSd.js HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 26 Apr 2024 09:03:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 1c43453f-eb8f-43ee-92f6-73d5a703302a
set-cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5; expires=Fri, 26 Apr 2024 09:18:35 GMT

ww25.cestica.me/_fd?subid1=20240426-1903-35b6-8f01-e587343294e2

199.59.243.225

200 OK

2.6 kB

URL POST HTTP/1.1
ww25.cestica.me/_fd?subid1=20240426-1903-35b6-8f01-e587343294e2
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2

File type
ASCII text, with very long lines (4873), with no line terminators
Size
2.6 kB (2612 bytes)
Hash
824b7c7d41e8bfd669e2958ba71127e7
e8c2f428846f4475cc8ba91711ed0511287a2179
d97ee9b295934c700a4bd254122b317ed75e419ebeeed099117b55ba0a8bef59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20240426-1903-35b6-8f01-e587343294e2 HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Content-Type: application/json
Origin: http://ww25.cestica.me
DNT: 1
Connection: keep-alive
Cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
server: openresty
date: Fri, 26 Apr 2024 09:03:35 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2612
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5; expires=Fri, 26 Apr 2024 09:18:35 GMT; Max-Age=900; path=/; httponly

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2

216.58.211.14

200 OK

2.6 kB

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type
HTML document, ASCII text, with very long lines (13243)
Size
2.6 kB (2604 bytes)
Hash
7de933b5f58fa2d181de2d31d77bba2d
c645ba59f0677a372f7a704a71cf381bbb9f250b
59fc41085a698623d009e81719bdf9f340886305e1c8246e5b9a2f9d25383661

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 26 Apr 2024 09:03:36 GMT
expires: Fri, 26 Apr 2024 09:03:36 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-VtE1HfkEYptzkhI2UwUVeA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2604
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww25.cestica.me/_tr

199.59.243.225

200 OK

22 B

URL POST HTTP/1.1
ww25.cestica.me/_tr
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.cestica.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Content-Type: application/json
Content-Length: 1865
Origin: http://ww25.cestica.me
DNT: 1
Connection: keep-alive
Cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Fri, 26 Apr 2024 09:03:36 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=8905ac77-a9ee-498f-8fdf-ee9fe5ff24e5; expires=Fri, 26 Apr 2024 09:18:37 GMT; Max-Age=900; path=/; httponly

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintD1:64:F1:6B:AC:65:FC:D3:5F:42:54:08:AE:BC:0A:AC:D1:EA:88:2C
ValidityMon, 08 Apr 2024 07:27:47 GMT - Mon, 01 Jul 2024 07:27:46 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:08:35 GMT
expires: Sat, 27 Apr 2024 05:08:35 GMT
cache-control: public, max-age=82800
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 10502
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintD1:64:F1:6B:AC:65:FC:D3:5F:42:54:08:AE:BC:0A:AC:D1:EA:88:2C
ValidityMon, 08 Apr 2024 07:27:47 GMT - Mon, 01 Jul 2024 07:27:46 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 01:52:44 GMT
expires: Sat, 27 Apr 2024 00:52:44 GMT
cache-control: public, max-age=82800
age: 25853
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=mfwciznp5ohx&aqid=6G0rZvKME5G4xdwPrbeGgAI&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=6%7C0%7C648%7C319%7C19&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=mfwciznp5ohx&aqid=6G0rZvKME5G4xdwPrbeGgAI&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=6%7C0%7C648%7C319%7C19&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint13:C7:40:78:3B:C5:3E:4C:BF:6E:15:DC:37:54:F1:48:24:A2:83:80
ValidityMon, 08 Apr 2024 06:40:27 GMT - Mon, 01 Jul 2024 06:40:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=mfwciznp5ohx&aqid=6G0rZvKME5G4xdwPrbeGgAI&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=6%7C0%7C648%7C319%7C19&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Dk89nex2d9oITDqEC40Daw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 26 Apr 2024 09:03:38 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=i9o1bf7lxrd0&aqid=6G0rZvKME5G4xdwPrbeGgAI&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=6%7C0%7C648%7C319%7C19&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=i9o1bf7lxrd0&aqid=6G0rZvKME5G4xdwPrbeGgAI&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=6%7C0%7C648%7C319%7C19&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint13:C7:40:78:3B:C5:3E:4C:BF:6E:15:DC:37:54:F1:48:24:A2:83:80
ValidityMon, 08 Apr 2024 06:40:27 GMT - Mon, 01 Jul 2024 06:40:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=i9o1bf7lxrd0&aqid=6G0rZvKME5G4xdwPrbeGgAI&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=6%7C0%7C648%7C319%7C19&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-92FvQvqr9ApikcHqZPRJoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 26 Apr 2024 09:03:39 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=hTHVYG4FHLGHBxrAMngCSgoB4KzdDm8D1g9WSRqATShY8jztwsBPY-YAS5Q5klCzw7lQY_xP-A9IcXR7MwWl6zX9ch2SArj5P-PoRkvRCgv5NWCKMFExYaVIjcwCdlVs
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 26 Apr 2024 09:01:45 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 128
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/adsense/domains/caf.js

216.58.211.14

200 OK

190 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol309%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol436&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.cestica.me%2F%3Fcaf%3D1%26subid1%3D20240426-1903-35b6-8f01-e587343294e2&terms=social%20search&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=8301714122216164&num=0&output=afd_ads&domain_name=ww25.cestica.me&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1714122216166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww25.cestica.me%2Fwp-content%2Fupgrade%2FMmmMBbbhBB%2Fmkb%2Fsignin.php%3Fsubid1%3D20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint13:C7:40:78:3B:C5:3E:4C:BF:6E:15:DC:37:54:F1:48:24:A2:83:80
ValidityMon, 08 Apr 2024 06:40:27 GMT - Mon, 01 Jul 2024 06:40:26 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
190 kB (190526 bytes)
Hash
a9a2066d927101b32d52247e7ff9c782
bbb529028e884b2e4bc0152f63be0a1a1c745bce
74bbf74144e3ab5d015469774160b2e1e7c08f6d3b3686b7aaf749953fc68613

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 26 Apr 2024 09:03:36 GMT
expires: Fri, 26 Apr 2024 09:03:36 GMT
cache-control: private, max-age=3600
etag: "15552580742424798129"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.164

200 OK

190 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww25.cestica.me/wp-content/upgrade/MmmMBbbhBB/mkb/signin.php?subid1=20240426-1903-35b6-8f01-e587343294e2
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintF3:75:C9:48:E6:A5:11:C7:87:C8:8D:9A:C4:16:F8:09:4E:88:7C:5A
ValidityMon, 08 Apr 2024 07:33:48 GMT - Mon, 01 Jul 2024 07:33:47 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
190 kB (190510 bytes)
Hash
d15cd4dbc1cfa25c88768f61f5bfc4c9
c4da2bb1e8ff4f11d29a38f8a76a0794a0673578
aa68af7a8320d47cc240712f142dd9b131039e581194c8558226c99226e68a68

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.cestica.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 26 Apr 2024 09:03:36 GMT
expires: Fri, 26 Apr 2024 09:03:36 GMT
cache-control: private, max-age=3600
etag: "15908421351949822249"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1