Report - ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

Report Overview

Submitted URL
ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
IP
199.59.243.223
ASN
#16509 AMAZON-02
Submitted
2023-05-07 14:04:46
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
8
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww25.anpmnmxo.biz	unknown	2022-01-31	2023-03-03	2023-05-07	3.4 kB	28 kB	199.59.243.223
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-07	1.7 kB	3.5 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10	2023-05-06	3.6 kB	303 kB	216.58.211.4
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2023-05-07	981 B	2.1 kB	216.58.211.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-07 14:04:32	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-07	medium	ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
2023-05-07	medium	ww25.anpmnmxo.biz/js/parking.2.104.9.js
2023-05-07	medium	ww25.anpmnmxo.biz/_fd?subid1=20230507-2356-4636-a9f3-35eade816435
2023-05-07	medium	ww25.anpmnmxo.biz/_tr

mnemonic secure dns

Scan Date	Severity	Indicator
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz
2023-05-07	medium	anpmnmxo.biz

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	www.google.com/adsense/domains/caf.js	148 kB	2023-05-02	2023-05-15
Pretty URL www.google.com/adsense/domains/caf.js IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 18:49:59 Last Seen2023-05-15 18:52:14 Times Seen739 Hash 7bb31d71af937f676973bf4250777949 5317f0625d6e8cca88b3e052ab29f49ed91124a6 25d03cafbe522aae05283a51289da70a15bb1bc932c32f7d3cb1a8537b9a72b1 Loading...

	ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435	439 B	2023-05-07	2023-05-07
Pretty URL ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435 IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 16:04:46 Last Seen2023-05-07 16:04:46 Times Seen1 Hash 6c925f591e1924261e78fe596618438d a7a43fd43407891dee79f239f455f0fce7a3611f 2904c86e796287ac1e6068d9816fc8d95d212523a2d9355bf27cf5c1c81d9324 Loading...

	ww25.anpmnmxo.biz/js/parking.2.104.9.js	69 kB	2023-05-03	2023-05-10
Pretty URL ww25.anpmnmxo.biz/js/parking.2.104.9.js IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 21:41:31 Last Seen2023-05-10 22:09:44 Times Seen1147 Hash fc0add3f511e88e8b76fb4d99385e79d db7c675436018d9cadea0faa1e1ab3d0e149fd70 5fa30919d2af0a6153e6dbc2cdb0a06232dd5341ac72a423599289d4039b8027 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-03	2023-05-17
Pretty URL www.google.com/adsense/domains/caf.js IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 19:30:42 Last Seen2023-05-17 19:05:51 Times Seen2358 Hash 22266f789b45619166c987088bb07b0e e972c68a02f9d3146763bfd549971e4c2ae2f0f0 a8c61912569110fd4bce13e380d6be99ef0301f54f44a18a63321f281e266127 Loading...

	www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264	6.6 kB	2023-05-07	2023-05-07
Pretty URL www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264 IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 16:04:46 Last Seen2023-05-07 16:04:46 Times Seen1 Hash 764f4845dfedda7b8e1f362d4faf28e0 7489de79b409c77090553130ec441fe8f446f5ed 38634e319d8b0b960ba0c77c7c1b59762647c352322d30612795bd3ff1d8b1dd Loading...

HTTP Transactions (19)

URL IP Response Size

ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

199.59.243.223

744 B

URL User Request GET
ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
IP
199.59.243.223:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (987), with no line terminators
Size
744 B (744 bytes)
Hash
bdfc88d7d3cfeaad64af5de37b0a1f12
3906f04d08bc02985973f8f8e1be58b2eab13a0d
0ba723f2bbe9ec083c1ba29661119c3d5c04bc57337be9afbdb3ed33b9af2cbb

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435 HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 14:04:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5; expires=Sun, 07-May-2023 14:19:29 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xU2ZjeFsCmfHdAZzkHI+HCZLZoH8Cbnp8eWCTOFIwhIJmZzfmjVyr4kk6VXdRqSVqY+ke57rDh4kC95f0Jqffg==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.anpmnmxo.biz/js/parking.2.104.9.js

199.59.243.223

200 OK

22 kB

URL GET HTTP/1.1
ww25.anpmnmxo.biz/js/parking.2.104.9.js
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22161 bytes)
Hash
4373b6882998614499e168219b1e44ca
6591de3f6d18020cc8de3549f9a87115b44bea8b
e93edbb073fa2a6feedcdcec64b6d6b2f9e85b481f11ad8f5a66facac76cb101

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /js/parking.2.104.9.js HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 14:04:30 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 May 2023 19:30:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.anpmnmxo.biz/_fd?subid1=20230507-2356-4636-a9f3-35eade816435

199.59.243.223

200 OK

1.9 kB

URL POST HTTP/1.1
ww25.anpmnmxo.biz/_fd?subid1=20230507-2356-4636-a9f3-35eade816435
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

File type
ASCII text, with very long lines (3745), with no line terminators
Size
1.9 kB (1896 bytes)
Hash
7ac41eb29f961fcbf3855ea705cd5e43
9365d74d987fd32b5896a1ff6db87db51abe5eb9
81902980bbe8e2fddb31864a8fa9742205d0bbdd53b0aa831001aca4f5d11b8e

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /_fd?subid1=20230507-2356-4636-a9f3-35eade816435 HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Content-Type: application/json
Origin: http://ww25.anpmnmxo.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 07 May 2023 14:04:30 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5; expires=Sun, 07-May-2023 14:19:30 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.anpmnmxo.biz/px.gif?ch=1&rn=8.526335303614692

199.59.243.223

200 OK

42 B

URL GET HTTP/1.1
ww25.anpmnmxo.biz/px.gif?ch=1&rn=8.526335303614692
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=1&rn=8.526335303614692 HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 14:04:30 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ww25.anpmnmxo.biz/px.gif?ch=2&rn=8.526335303614692

199.59.243.223

200 OK

42 B

URL GET HTTP/1.1
ww25.anpmnmxo.biz/px.gif?ch=2&rn=8.526335303614692
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=2&rn=8.526335303614692 HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 14:04:30 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9e0048bfd4dbd888e603799c38403132
0d83fde57ec051b3268d6187be01605080ae9c8a
643718e3659186d0651b6e4bd3c0d138bdb786ab2b455724cb251cfa74d3c5f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 14:04:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww25.anpmnmxo.biz/favicon.ico

199.59.243.223

200 OK

0 B

URL GET HTTP/1.1
ww25.anpmnmxo.biz/favicon.ico
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 14:04:30 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-121.ec2.internal
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e7deb6f71c33df266ec8f5bb6ed1a380
ecdd4d0ff3913d9f1969d9fa4d57769f0f57077a
ec3d6088ddac595cd64bddb0bb011f749f150409f846533bd364c1c03f8120d6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 14:04:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264

216.58.211.4

200 OK

2.2 kB

URL GET HTTP/3
www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5729)
Size
2.2 kB (2181 bytes)
Hash
00987014954040914ff8d9cddd974feb
e115b6c5ae00bb9ca4bb105798abf8ddd2507b12
427d72bc7482528f2a2c2ebb6cc7892c6d8ea4669885acfd2700dbc407766050

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 07 May 2023 14:04:30 GMT
expires: Sun, 07 May 2023 14:04:30 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-tAWbe4hXxJRzr3IDYIlwOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2181
x-xss-protection: 0
set-cookie: CONSENT=PENDING+782; expires=Tue, 06-May-2025 14:04:30 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1eee4363744643fb9bde9e5ae0f6306e
184a5831dfb4b442b4c6b1ddf3683887800067d4
79da84cc8410afd66a1a1ce1370847c143d472f044677ba822a605f75e71963a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 14:04:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1eee4363744643fb9bde9e5ae0f6306e
184a5831dfb4b442b4c6b1ddf3683887800067d4
79da84cc8410afd66a1a1ce1370847c143d472f044677ba822a605f75e71963a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 14:04:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

216.58.211.1

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
216.58.211.1:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size
278 B (278 bytes)
Hash
bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 07 May 2023 13:11:05 GMT
expires: Mon, 08 May 2023 12:11:05 GMT
cache-control: public, max-age=82800
age: 3206
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

216.58.211.1

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
216.58.211.1:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
76243f91f45c199f29a2f9764e77fa55
b1ed51f71738d78aac5092ac24184c51dd85bd6a
428f3f236ea430d0bd41a7766888b04a7445773ee4be7597944be1f53327ec96

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 07 May 2023 06:46:12 GMT
expires: Mon, 08 May 2023 05:46:12 GMT
cache-control: public, max-age=82800
age: 26299
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1eee4363744643fb9bde9e5ae0f6306e
184a5831dfb4b442b4c6b1ddf3683887800067d4
79da84cc8410afd66a1a1ce1370847c143d472f044677ba822a605f75e71963a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 14:04:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww25.anpmnmxo.biz/_tr

199.59.243.223

200 OK

22 B

URL POST HTTP/1.1
ww25.anpmnmxo.biz/_tr
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Content-Type: application/json
Content-Length: 1773
Origin: http://ww25.anpmnmxo.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 07 May 2023 14:04:31 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=b50d28f4-cadf-c406-729c-ffd070c331e5; expires=Sun, 07-May-2023 14:19:31 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=icr3erq3e4f&aqid=7q9XZKK1MJDRygXWhIOgDg&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=10%7C0%7C293%7C75%7C273&lle=0&ifv=1&usr=1

216.58.211.4

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=icr3erq3e4f&aqid=7q9XZKK1MJDRygXWhIOgDg&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=10%7C0%7C293%7C75%7C273&lle=0&ifv=1&usr=1
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=icr3erq3e4f&aqid=7q9XZKK1MJDRygXWhIOgDg&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=10%7C0%7C293%7C75%7C273&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-z9uAYhJpwL2msy--Ld_sOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sun, 07 May 2023 14:04:32 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=eNMnY2epXmK1wzEIPQM9mYq02kRcaB6U-iDMZt9IvL8Ez84Zb4KKe6BcNbAMNDYotFl2mLJcimE2YImnT19tezgx1R84S4BLh9YogmCEjXHyl7WyeNjXiQXf7XC6cGVybG747A_IUMp7B8z-TjvmIVxK9OJWTY3-tXUfG54XKw4; expires=Mon, 06-Nov-2023 14:04:32 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+211; expires=Tue, 06-May-2025 14:04:32 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=lx0khtjkgwnn&aqid=7q9XZKK1MJDRygXWhIOgDg&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=10%7C0%7C293%7C75%7C273&lle=0&ifv=1&usr=1

216.58.211.4

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=lx0khtjkgwnn&aqid=7q9XZKK1MJDRygXWhIOgDg&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=10%7C0%7C293%7C75%7C273&lle=0&ifv=1&usr=1
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=lx0khtjkgwnn&aqid=7q9XZKK1MJDRygXWhIOgDg&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=10%7C0%7C293%7C75%7C273&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uM7GPnSp4DH85amrWACMYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sun, 07 May 2023 14:04:33 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=WI2Gkuf-6JiN-UBqNA6me8o6MpJz4Eiy5ESM7DnHLuNMyxjdqniKcW6CCQBIWZAIApjkxmLg06OGcsV-A5zD_l5YbTkiIqorWyZ1Q4r2Lg5gIORor-lZJOrWn9qEE_acnMu3gAygfaKoUIt1BYK60in8KBntFiNQBL_t7Pa2eDY; expires=Mon, 06-Nov-2023 14:04:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+926; expires=Tue, 06-May-2025 14:04:33 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js

216.58.211.4

200 OK

148 kB

URL GET HTTP/3
www.google.com/adsense/domains/caf.js
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol456&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230507-2356-4636-a9f3-35eade816435&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=1411683468273536&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683468273538&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Fybnjtwgoi%3Fsubid1%3D20230507-2356-4636-a9f3-35eade816435&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type
ASCII text, with very long lines (2125)
Size
148 kB (147827 bytes)
Hash
7bb31d71af937f676973bf4250777949
5317f0625d6e8cca88b3e052ab29f49ed91124a6
25d03cafbe522aae05283a51289da70a15bb1bc932c32f7d3cb1a8537b9a72b1

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 07 May 2023 14:04:31 GMT
expires: Sun, 07 May 2023 14:04:31 GMT
cache-control: private, max-age=3600
etag: "2636711153287633248"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js

216.58.211.4

200 OK

148 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/ybnjtwgoi?subid1=20230507-2356-4636-a9f3-35eade816435
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint22:2A:81:06:18:D1:68:C5:1A:F7:E4:D9:FB:DF:C4:9B:E3:FD:BF:6E
ValidityMon, 17 Apr 2023 08:26:19 GMT - Mon, 10 Jul 2023 08:26:18 GMT

File type
ASCII text, with very long lines (2125)
Size
148 kB (147846 bytes)
Hash
22266f789b45619166c987088bb07b0e
e972c68a02f9d3146763bfd549971e4c2ae2f0f0
a8c61912569110fd4bce13e380d6be99ef0301f54f44a18a63321f281e266127

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 07 May 2023 14:04:30 GMT
expires: Sun, 07 May 2023 14:04:30 GMT
cache-control: private, max-age=3600
etag: "10734864956474311145"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/1.1