POST ww7.fwiwk.biz/_fd?usid=18&utid=30728509163
199.59.243.228200 OK 6.3 kB URL POST ww7.fwiwk.biz/_fd?usid=18&utid=30728509163
IP 199.59.243.228:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerLet's Encrypt
Subjectww7.fwiwk.biz
FingerprintAE:D3:7D:8E:BF:23:71:D1:B2:4A:48:73:62:49:51:CA:B0:49:38:75
ValidityThu, 30 Jan 2025 14:24:52 GMT - Wed, 30 Apr 2025 14:24:51 GMT
File type ASCII text, with very long lines (6257), with no line terminators
Hash 1d5a819c1a3e8e5d61d13f8d9463f0e7
572266dc678b2df00d398aef431f6861b46da935
f088f6d64cf40759899f2a6f8ea9a7ca9f71323f3e216abfff6203a0fd1dec26
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /_fd?usid=18&utid=30728509163 HTTP/1.1
Host: ww7.fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Content-Type: application/json
Origin: https://ww7.fwiwk.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Date: Fri, 04 Apr 2025 22:03:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 6257
X-Request-Id: 5ff43805-b9b2-4cf2-b477-abb0b34d1727
Set-Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285; expires=Fri, 04 Apr 2025 22:18:26 GMT
Connection: close
GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true
142.250.74.68200 OK 144 kB URL GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP 142.250.74.68:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint40:5C:81:99:DA:01:36:FE:E4:60:2B:67:51:3D:C2:62:8D:9A:38:47
ValidityThu, 20 Mar 2025 11:20:31 GMT - Thu, 12 Jun 2025 11:20:30 GMT
File type JavaScript source, ASCII text, with very long lines (1831)
Size 144 kB (144137 bytes)
Hash c2d81b2d79a0037967d0766b34a91cae
1ee3ea6b1a53ce88398cc46ae12cebd45050bfb5
c95dff12e57e5f94bfd3fccc956a36d18b3e4d1af3cb1a6f9e5d86c58cc5e43b
GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww7.fwiwk.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 04 Apr 2025 22:03:27 GMT
expires: Fri, 04 Apr 2025 22:03:27 GMT
cache-control: private, max-age=3600
etag: "16157181307104696654"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww7.fwiwk.biz%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D18%26utid%3D30728509163&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2348603269777440&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=191743804207165&num=0&output=afd_ads&domain_name=ww7.fwiwk.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1743804207166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=740324255&rurl=https%3A%2F%2Fww7.fwiwk.biz%2Fcqdfnehwc%3Fusid%3D18%26utid%3D30728509163
216.58.207.238200 OK 14 kB URL GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww7.fwiwk.biz%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D18%26utid%3D30728509163&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2348603269777440&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=191743804207165&num=0&output=afd_ads&domain_name=ww7.fwiwk.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1743804207166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=740324255&rurl=https%3A%2F%2Fww7.fwiwk.biz%2Fcqdfnehwc%3Fusid%3D18%26utid%3D30728509163
IP 216.58.207.238:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT
File type HTML document, ASCII text, with very long lines (13188)
Hash 1c5c6990eade11483f65adadaf2cf28c
7a7703b8595088608f4ffb8b92c9bb32f429280f
cc168da0339bc3340e828d17334fc2558dd6910c85b0c948d24544604dd29cbc
GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww7.fwiwk.biz%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D18%26utid%3D30728509163&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2348603269777440&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=191743804207165&num=0&output=afd_ads&domain_name=ww7.fwiwk.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1743804207166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=740324255&rurl=https%3A%2F%2Fww7.fwiwk.biz%2Fcqdfnehwc%3Fusid%3D18%26utid%3D30728509163 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww7.fwiwk.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 04 Apr 2025 22:03:27 GMT
expires: Fri, 04 Apr 2025 22:03:27 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-fH6oDlJ6y7jIfL5Wuco05Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2735
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET parking3.parklogic.com/page/enhance.js?pcId=7&&domain=fwiwk.biz
172.232.7.47200 OK 2.3 kB URL GET parking3.parklogic.com/page/enhance.js?pcId=7&&domain=fwiwk.biz
IP 172.232.7.47:443
ASN #63949 Akamai Connected Cloud
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerLet's Encrypt
Subjectenhance-lb01.parklogic.com
FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51
ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT
File type JavaScript source, ASCII text, with very long lines (2406), with no line terminators
Hash 780211e0621fd82a38fe3c679b9335a2
3b58f67515f07f8fd1e8b7d58922017959c42f47
bfc406e70a4748d8e68e0fb71494dce8c8a87b24b7f8122a3204b384364f7cc6
GET /page/enhance.js?pcId=7&&domain=fwiwk.biz HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww7.fwiwk.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 04 Apr 2025 22:03:28 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
142.250.74.33200 OK 200 B URL GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP 142.250.74.33:443
Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww7.fwiwk.biz%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D18%26utid%3D30728509163&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2348603269777440&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=191743804207165&num=0&output=afd_ads&domain_name=ww7.fwiwk.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1743804207166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=740324255&rurl=https%3A%2F%2Fww7.fwiwk.biz%2Fcqdfnehwc%3Fusid%3D18%26utid%3D30728509163
Certificate IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint85:BF:6A:5F:09:9C:AA:F5:8D:3B:2E:65:D1:16:4F:7F:03:2D:A8:DD
ValidityThu, 20 Mar 2025 11:19:41 GMT - Thu, 12 Jun 2025 11:19:40 GMT
File type SVG Scalable Vector Graphics image
Hash e81eb30a6c5589e7f39436e40b400822
ca2513ede010b3db00099335b809ca693c2cd65c
055ae1fef3be182534069c718e2dc0ab07d7464bcc3ded19553da07d37333657
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Apr 2025 00:43:05 GMT
expires: Fri, 04 Apr 2025 23:43:05 GMT
cache-control: public, max-age=82800
age: 76823
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET syndicatedsearch.goog/adsense/domains/caf.js
216.58.207.238200 OK 144 kB URL GET syndicatedsearch.goog/adsense/domains/caf.js
IP 216.58.207.238:443
Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww7.fwiwk.biz%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D18%26utid%3D30728509163&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2348603269777440&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=191743804207165&num=0&output=afd_ads&domain_name=ww7.fwiwk.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1743804207166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=740324255&rurl=https%3A%2F%2Fww7.fwiwk.biz%2Fcqdfnehwc%3Fusid%3D18%26utid%3D30728509163
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT
File type JavaScript source, ASCII text, with very long lines (1831)
Size 144 kB (144080 bytes)
Hash 0bf9acfc2666bb979b32abf9c78e32e5
8074a9e3b0edee0fff407ae40bb1d2958f18ce70
07843be62db3a03a9bd596f996c5b34881f9883b0a99783f5df015d66b63686a
GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 04 Apr 2025 22:03:27 GMT
expires: Fri, 04 Apr 2025 22:03:27 GMT
cache-control: private, max-age=3600
etag: "5305736182177292909"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST ww7.fwiwk.biz/_tr
199.59.243.228200 OK 2 B IP 199.59.243.228:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerLet's Encrypt
Subjectww7.fwiwk.biz
FingerprintAE:D3:7D:8E:BF:23:71:D1:B2:4A:48:73:62:49:51:CA:B0:49:38:75
ValidityThu, 30 Jan 2025 14:24:52 GMT - Wed, 30 Apr 2025 14:24:51 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /_tr HTTP/1.1
Host: ww7.fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Content-Type: application/json
Content-Length: 1973
Origin: https://ww7.fwiwk.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Apr 2025 22:03:27 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
X-Request-Id: eb465978-7e47-4b87-85f8-04337ba3af92
Set-Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285; expires=Fri, 04 Apr 2025 22:18:28 GMT
Connection: close
GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=xck1zdcpzu90&cd_fexp=72717107&aqid=L1fwZ4jKHIaxiM0P59O5wAE&psid=3113057640&pbt=bs&adbx=290&adby=193&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=740324255&csala=6%7C0%7C542%7C100%7C14&lle=0&ifv=1&hpt=0
216.58.207.238204 No Content 0 B URL GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=xck1zdcpzu90&cd_fexp=72717107&aqid=L1fwZ4jKHIaxiM0P59O5wAE&psid=3113057640&pbt=bs&adbx=290&adby=193&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=740324255&csala=6%7C0%7C542%7C100%7C14&lle=0&ifv=1&hpt=0
IP 216.58.207.238:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=xck1zdcpzu90&cd_fexp=72717107&aqid=L1fwZ4jKHIaxiM0P59O5wAE&psid=3113057640&pbt=bs&adbx=290&adby=193&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=740324255&csala=6%7C0%7C542%7C100%7C14&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww7.fwiwk.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-EQdXoFqoSO-MCS-SpRsmAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 04 Apr 2025 22:03:29 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
199.59.243.228200 OK 1.1 kB URL User Request GET ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
IP 199.59.243.228:443
Certificate IssuerLet's Encrypt
Subjectww7.fwiwk.biz
FingerprintAE:D3:7D:8E:BF:23:71:D1:B2:4A:48:73:62:49:51:CA:B0:49:38:75
ValidityThu, 30 Jan 2025 14:24:52 GMT - Wed, 30 Apr 2025 14:24:51 GMT
File type HTML document, ASCII text, with very long lines (1180), with no line terminators
Hash 79fd4690c4e14ae8a998a62ee80c7d16
924460df40dda9911b727bdf41d612c77f3c5e44
f09f33581bc22f79b7219713ea5b4972f65b4380a8b44e3712a20979acf949bd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cqdfnehwc?usid=18&utid=30728509163 HTTP/1.1
Host: ww7.fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Apr 2025 22:03:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1138
X-Request-Id: 6a79401d-d26e-48d4-9a1c-57fbc1254285
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AaCdtSrmjLQSdeBtSB4iE07zCRWjAVxF8Lwc2rQk2ia3X/OY8OppwUBJSwyBv7hRL9ikrsHJzDd0aTx+PdA+lA==
Set-Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285; expires=Fri, 04 Apr 2025 22:18:25 GMT; path=/
Connection: close
GET ww7.fwiwk.biz/bjVXGQevR.js
199.59.243.228200 OK 36 kB URL GET ww7.fwiwk.biz/bjVXGQevR.js
IP 199.59.243.228:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerLet's Encrypt
Subjectww7.fwiwk.biz
FingerprintAE:D3:7D:8E:BF:23:71:D1:B2:4A:48:73:62:49:51:CA:B0:49:38:75
ValidityThu, 30 Jan 2025 14:24:52 GMT - Wed, 30 Apr 2025 14:24:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bjVXGQevR.js HTTP/1.1
Host: ww7.fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Apr 2025 22:03:25 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 35693
X-Request-Id: 2e69555a-5286-48a9-b3a9-e3ec2eb8093c
Set-Cookie: parking_session=6a79401d-d26e-48d4-9a1c-57fbc1254285; expires=Fri, 04 Apr 2025 22:18:26 GMT
Connection: close
GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.33200 OK 200 B URL GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.33:443
Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis31_3ph&r=m&hl=en&ivt=0&rpbu=https%3A%2F%2Fww7.fwiwk.biz%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D18%26utid%3D30728509163&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2348603269777440&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=191743804207165&num=0&output=afd_ads&domain_name=ww7.fwiwk.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1743804207166&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=740324255&rurl=https%3A%2F%2Fww7.fwiwk.biz%2Fcqdfnehwc%3Fusid%3D18%26utid%3D30728509163
Certificate IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint85:BF:6A:5F:09:9C:AA:F5:8D:3B:2E:65:D1:16:4F:7F:03:2D:A8:DD
ValidityThu, 20 Mar 2025 11:19:41 GMT - Thu, 12 Jun 2025 11:19:40 GMT
File type SVG Scalable Vector Graphics image
Hash 592bbd56abac313ab322bc38f7027496
ecc40e55421cbfc9cc24e256c999a497b84d997f
fe3a1073d51df0f353dfa771acde9ea020e215a74edf7b24775e50282b6d6eda
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Apr 2025 10:14:52 GMT
expires: Sat, 05 Apr 2025 09:14:52 GMT
cache-control: public, max-age=82800
age: 42516
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET parking3.parklogic.com/page/scribe.php?pcId=7&domain=fwiwk.biz&pId=2447&usid=18&utid=30728509163&query=null&domainJs=ww7.fwiwk.biz&path=/cqdfnehwc&ss=true&lp=1&tzB=UTC&wd=false&gpu=null
172.232.7.47200 OK 0 B URL GET parking3.parklogic.com/page/scribe.php?pcId=7&domain=fwiwk.biz&pId=2447&usid=18&utid=30728509163&query=null&domainJs=ww7.fwiwk.biz&path=/cqdfnehwc&ss=true&lp=1&tzB=UTC&wd=false&gpu=null
IP 172.232.7.47:443
ASN #63949 Akamai Connected Cloud
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerLet's Encrypt
Subjectenhance-lb01.parklogic.com
FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51
ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /page/scribe.php?pcId=7&domain=fwiwk.biz&pId=2447&usid=18&utid=30728509163&query=null&domainJs=ww7.fwiwk.biz&path=/cqdfnehwc&ss=true&lp=1&tzB=UTC&wd=false&gpu=null HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww7.fwiwk.biz/
Origin: https://ww7.fwiwk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 04 Apr 2025 22:03:29 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=eienmstqi9a1&cd_fexp=72717107&aqid=L1fwZ4jKHIaxiM0P59O5wAE&psid=3113057640&pbt=bv&adbx=290&adby=193&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=740324255&csala=6%7C0%7C542%7C100%7C14&lle=0&ifv=1&hpt=0
216.58.207.238204 No Content 0 B URL GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=eienmstqi9a1&cd_fexp=72717107&aqid=L1fwZ4jKHIaxiM0P59O5wAE&psid=3113057640&pbt=bv&adbx=290&adby=193&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=740324255&csala=6%7C0%7C542%7C100%7C14&lle=0&ifv=1&hpt=0
IP 216.58.207.238:443
Requested by https://ww7.fwiwk.biz/cqdfnehwc?usid=18&utid=30728509163
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=eienmstqi9a1&cd_fexp=72717107&aqid=L1fwZ4jKHIaxiM0P59O5wAE&psid=3113057640&pbt=bv&adbx=290&adby=193&adbh=364&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=740324255&csala=6%7C0%7C542%7C100%7C14&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww7.fwiwk.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-wJz-dOfTufkzFnHueIiX_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 04 Apr 2025 22:03:29 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000