Report - delegatesinrwanda.com/landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c

Report Overview

Submitted URL
delegatesinrwanda.com/landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c
IP
212.32.237.92
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2024-05-05 03:29:01
Access
public
Website Title
delegatesinrwanda.com
Final URL
ww1.delegatesinrwanda.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	437 B	75 kB	216.58.211.4
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-05-04	3.2 kB	196 kB	216.58.211.14
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-05-04	1.0 kB	2.1 kB	142.250.74.97
delegatesinrwanda.com	unknown	2023-07-24	2019-05-25	2023-07-27	2.6 kB	1.7 kB	212.32.237.92
ww1.delegatesinrwanda.com	unknown	unknown	No data	No data	1.8 kB	42 kB	199.59.243.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	delegatesinrwanda.com	Sinkholed
2024-05-05	medium	delegatesinrwanda.com	Sinkholed
2024-05-05	medium	delegatesinrwanda.com	Sinkholed
2024-05-05	medium	delegatesinrwanda.com	Sinkholed
2024-05-05	medium	delegatesinrwanda.com	Sinkholed
2024-05-05	medium	delegatesinrwanda.com	Sinkholed
2024-05-05	medium	delegatesinrwanda.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	ww1.delegatesinrwanda.com/	327 B	2024-05-05	2024-05-05
Pretty URL ww1.delegatesinrwanda.com/ IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 05:29:07 Last Seen2024-05-05 05:29:07 Times Seen1 Hash 6dd5b03b9dfcd08560fee659848fc194 f98813d5d79ed1080ab56216fd1039346ecc06fa 2e7d42bd47581d4c5a7a420a23bf752ca9fd45525d99cd0a0928eec6ac074d05 Loading...

	ww1.delegatesinrwanda.com/bFreXQtsw.js	34 kB	2024-04-22	2024-05-18
Pretty URL ww1.delegatesinrwanda.com/bFreXQtsw.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-22 21:49:17 Last Seen2024-05-18 20:07:14 Times Seen7349 Hash f48baec69cc4dc0852d118259eff2d56 e64c6e4423421da5b35700154810cb67160bc32b 463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	190 kB	2024-05-01	2024-05-09
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 21:38:38 Last Seen2024-05-09 21:37:10 Times Seen411 Hash 2722fef5dc6d3ad3e6e7868d8905377f 467bbfcc0d5d992c33099e865dfe80b7b38ebe8c 2204775d9e848b8021fddc76c58fdbbefa5cb3f6079bd6d1eaf493cf0cfa5971 Loading...

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F	609 B	2024-05-05	2024-05-05
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 05:29:07 Last Seen2024-05-05 05:29:07 Times Seen1 Hash 0de604691c90a5425442b9028225de64 92a5d79c22aab655394909c5634b1397b3793158 87bc092ad247fa3017c2db13bfb2fba94f98e93ea11ff6f10e2bf55b37fa2ff7 Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	190 kB	2024-05-01	2024-05-09
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 21:38:38 Last Seen2024-05-09 21:32:28 Times Seen496 Hash b5e49ab63ec3da61b2fbecfaf10ac338 5f7945f7fbbf996947b764482183c9b71c1badf9 7ca38cdea54b4b92556c90045e1bc302d8bc957cef043f27cf491140f7ccc94b Loading...

HTTP Transactions (14)

URL IP Response Size

delegatesinrwanda.com/landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c

212.32.237.92

659 B

URL
delegatesinrwanda.com/landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c
IP
212.32.237.92:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with very long lines (659), with no line terminators
Size
659 B (659 bytes)
Hash
5e857fae4e0820fbbda1854ac4b9d826
d8dae4861714232f485897cc7da36007f23fd8b9
490456140cfec6d0b8e1ed5455db57c085b2fd0af38a8b1fac4cfa3c88b22b4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c HTTP/1.1
Host: delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 659
content-type: text/html; charset=utf-8
date: Sun, 05 May 2024 03:28:35 GMT
server: Cowboy
set-cookie: sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4; path=/; domain=.delegatesinrwanda.com; expires=Fri, 23 May 2092 06:42:42 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

delegatesinrwanda.com/favicon.ico

212.32.237.92

9 B

URL
delegatesinrwanda.com/favicon.ico
IP
212.32.237.92:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://delegatesinrwanda.com/landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c
Cookie: sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Sun, 05 May 2024 03:28:35 GMT
server: Cowboy
X-Firefox-Spdy: h2

delegatesinrwanda.com/landslot/login.php?ch=1&cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDg4NjkxNSwiaWF0IjoxNzE0ODc5NzE1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjY3azEwN3ZoYW84MmhlN2MxdTBxczIiLCJuYmYiOjE3MTQ4Nzk3MTUsInRzIjoxNzE0ODc5NzE1ODUzNjkwfQ.wctYUCzZL50-1B8OVdLs1TjDWR8rH8SrdQl_T1_VF4o&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4

212.32.237.92

302 Found

11 B

URL User Request GET HTTP/2
delegatesinrwanda.com/landslot/login.php?ch=1&cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDg4NjkxNSwiaWF0IjoxNzE0ODc5NzE1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjY3azEwN3ZoYW84MmhlN2MxdTBxczIiLCJuYmYiOjE3MTQ4Nzk3MTUsInRzIjoxNzE0ODc5NzE1ODUzNjkwfQ.wctYUCzZL50-1B8OVdLs1TjDWR8rH8SrdQl_T1_VF4o&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4
IP
212.32.237.92:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subjectdelegatesinrwanda.com
Fingerprint46:08:DA:6C:79:E6:30:30:F8:68:46:A5:99:FD:DE:36:21:FA:0E:8F
ValidityWed, 13 Mar 2024 09:12:38 GMT - Tue, 11 Jun 2024 09:12:37 GMT

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /landslot/login.php?ch=1&cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDg4NjkxNSwiaWF0IjoxNzE0ODc5NzE1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjY3azEwN3ZoYW84MmhlN2MxdTBxczIiLCJuYmYiOjE3MTQ4Nzk3MTUsInRzIjoxNzE0ODc5NzE1ODUzNjkwfQ.wctYUCzZL50-1B8OVdLs1TjDWR8rH8SrdQl_T1_VF4o&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4 HTTP/1.1
Host: delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://delegatesinrwanda.com/landslot/login.php?cmd=login_submit&id=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c&session=a583020cececf334b114573fcbabd39ca583020cececf334b114573fcbabd39c
Cookie: sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Sun, 05 May 2024 03:28:36 GMT
location: http://ww1.delegatesinrwanda.com
server: Cowboy
set-cookie: sid=8e76c715-0a8f-11ef-9317-1ffd8bbc2ab4; path=/; domain=.delegatesinrwanda.com; expires=Fri, 23 May 2092 06:42:43 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

ww1.delegatesinrwanda.com/

199.59.243.225

1.1 kB

URL User Request GET
ww1.delegatesinrwanda.com/
IP
199.59.243.225:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (342)
Size
1.1 kB (1074 bytes)
Hash
394b31c3111310e72a3b15b04e4660c8
43b78175d979f4219ad0b72d82efdd57f4786602
f482a892dc047b91dc384013a36c1c4972eb6ae81a12bcc317020315a5c0ed8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww1.delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sun, 05 May 2024 03:28:36 GMT
content-type: text/html; charset=utf-8
content-length: 1074
x-request-id: a0d6298c-77d1-4311-bb2a-472d93f68943
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_REaO8XIfk8WZRiNJNEzlhIlUqTRvhQcksdqj4UBn+xIRWWkeIWzCsMPfRTVOkhQFqEYp/q+KoxE+0jH7ffhvhg==
set-cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943; expires=Sun, 05 May 2024 03:43:37 GMT; path=/

ww1.delegatesinrwanda.com/bFreXQtsw.js

199.59.243.225

200 OK

34 kB

URL GET HTTP/1.1
ww1.delegatesinrwanda.com/bFreXQtsw.js
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.delegatesinrwanda.com/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bFreXQtsw.js HTTP/1.1
Host: ww1.delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.delegatesinrwanda.com/
Cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sun, 05 May 2024 03:28:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 3f02b6da-f2a8-4646-bfee-9ab718f9435d
set-cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943; expires=Sun, 05 May 2024 03:43:37 GMT

ww1.delegatesinrwanda.com/_fd

199.59.243.225

200 OK

5.4 kB

URL POST HTTP/1.1
ww1.delegatesinrwanda.com/_fd
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.delegatesinrwanda.com/

File type
ASCII text, with very long lines (5429), with no line terminators
Size
5.4 kB (5429 bytes)
Hash
4a28fe374955b35ec3a70c0efc52d2df
6bdfd1be62ce264e4c91a589e37fc491e35e932a
a927f79445f7b944e112fff7dfef1dc64d6100ca50a038a0abd757a2b73aaefe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd HTTP/1.1
Host: ww1.delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.delegatesinrwanda.com/
Content-Type: application/json
Origin: http://ww1.delegatesinrwanda.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Sun, 05 May 2024 03:28:37 GMT
content-type: application/json; charset=utf-8
content-length: 5429
x-request-id: ed588f69-8401-41d5-9144-8552f08abd38
set-cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943; expires=Sun, 05 May 2024 03:43:37 GMT

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

216.58.211.4

200 OK

74 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww1.delegatesinrwanda.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
gzip compressed data, max compression
Size
74 kB (74481 bytes)
Hash
389a6ea6b351c8460ae7bc83796ce005
d11dc297800a67cca65482542c1d3d410f246b77
53a05e5c504eb2d6f27b6cbeb349cc2deb34f4910ca7bb5031685d3f81606dac

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.delegatesinrwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 05 May 2024 03:28:37 GMT
expires: Sun, 05 May 2024 03:28:37 GMT
cache-control: private, max-age=3600
etag: "7664028437327203187"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F

216.58.211.14

200 OK

2.5 kB

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww1.delegatesinrwanda.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
HTML document, ASCII text, with very long lines (13086)
Size
2.5 kB (2539 bytes)
Hash
37bec396d035f832c8612424bf3382dd
9b7449e2f8eeaf7a9a81c0112a432c7a72c35596
1e76d7eb47e5ae9074558ebbd7fe32eaa2bc3d306864fbc443d7bccc9406c864

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.delegatesinrwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 05 May 2024 03:28:37 GMT
expires: Sun, 05 May 2024 03:28:37 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-S2aOdIqLRVm7HZNuSKKK1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2539
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww1.delegatesinrwanda.com/_tr

199.59.243.225

200 OK

22 B

URL POST HTTP/1.1
ww1.delegatesinrwanda.com/_tr
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.delegatesinrwanda.com/

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww1.delegatesinrwanda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.delegatesinrwanda.com/
Content-Type: application/json
Content-Length: 1817
Origin: http://ww1.delegatesinrwanda.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Sun, 05 May 2024 03:28:38 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=a0d6298c-77d1-4311-bb2a-472d93f68943; expires=Sun, 05 May 2024 03:43:38 GMT; Max-Age=900; path=/; httponly

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56
ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 21:17:36 GMT
expires: Sun, 05 May 2024 20:17:36 GMT
cache-control: public, max-age=82800
age: 22262
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56
ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 16:53:43 GMT
expires: Sun, 05 May 2024 15:53:43 GMT
cache-control: public, max-age=82800
age: 38095
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=urt88a2mmswp&aqid=5fw2ZpHdL5KViM0PgpW_0AQ&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=629216002&csala=5%7C0%7C583%7C82%7C20&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=urt88a2mmswp&aqid=5fw2ZpHdL5KViM0PgpW_0AQ&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=629216002&csala=5%7C0%7C583%7C82%7C20&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww1.delegatesinrwanda.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=urt88a2mmswp&aqid=5fw2ZpHdL5KViM0PgpW_0AQ&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=629216002&csala=5%7C0%7C583%7C82%7C20&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.delegatesinrwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-xxXsNPZJSwNyMEdazLxXJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Sun, 05 May 2024 03:28:39 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=kj7skl49w4k3&aqid=5fw2ZpHdL5KViM0PgpW_0AQ&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=629216002&csala=5%7C0%7C583%7C82%7C20&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=kj7skl49w4k3&aqid=5fw2ZpHdL5KViM0PgpW_0AQ&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=629216002&csala=5%7C0%7C583%7C82%7C20&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww1.delegatesinrwanda.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=kj7skl49w4k3&aqid=5fw2ZpHdL5KViM0PgpW_0AQ&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=629216002&csala=5%7C0%7C583%7C82%7C20&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.delegatesinrwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-j0z39AezUC3OCdw0ndf8Sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Sun, 05 May 2024 03:28:40 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

216.58.211.14

200 OK

190 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol413%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.delegatesinrwanda.com%2F%3Fcaf%3D1%26bpt%3D345&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3&nocache=3151714879717563&num=0&output=afd_ads&domain_name=ww1.delegatesinrwanda.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714879717564&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=629216002&rurl=http%3A%2F%2Fww1.delegatesinrwanda.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
190 kB (190028 bytes)
Hash
b5e49ab63ec3da61b2fbecfaf10ac338
5f7945f7fbbf996947b764482183c9b71c1badf9
7ca38cdea54b4b92556c90045e1bc302d8bc957cef043f27cf491140f7ccc94b

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 05 May 2024 03:28:38 GMT
expires: Sun, 05 May 2024 03:28:38 GMT
cache-control: private, max-age=3600
etag: "15804660649526306264"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP