Report - ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129

Report Overview

Visited public
2023-12-04 04:54:13
Tags
URL
ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129
Finishing URL
ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129
IP / ASN
199.59.243.225
#16509 AMAZON-02
Title
Onion.casa

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2023-12-03 05:09:45	1.0 kB	2.1 kB	142.250.74.97
ww25.gdcbghvjyqy7jclk.onion.casa	unknown	2019-04-11	2022-06-29 18:34:08	2023-12-02 15:45:54	2.3 kB	37 kB	199.59.243.225
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	933 B	151 kB	216.58.207.232
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	439 B	56 kB	216.58.207.228
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02 02:57:40	2023-12-03 05:09:48	3.4 kB	156 kB	216.58.211.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 04:54:00	high	Client IP	Internal IP	ETPRO POLICY DNS Query to .onion proxy Domain (onion . casa)
2023-12-04 04:54:00	low	Client IP	Internal IP	ET INFO DNS Query to .onion proxy Domain (onion .casa in DNS Lookup)
2023-12-04 04:54:00	high	Client IP	Internal IP	ETPRO POLICY DNS Query to .onion proxy Domain (onion . casa)
2023-12-04 04:54:00	low	Client IP	Internal IP	ET INFO DNS Query to .onion proxy Domain (onion .casa in DNS Lookup)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129	ScriptElement	487 B	2024-08-20	2024-08-20
Pretty URL ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash f8a760acdfa0df59d511c67893926a51 ac1e6a4da1c7b5a989a1b057ba9eda69edb04442 6f83cb99d70359265111c865ed22d0aafa24ab524fd2c5c0543d26a29f263e69 Loading...

	ww25.gdcbghvjyqy7jclk.onion.casa/biRnOEZCz.js	ScriptElement	32 kB	2023-11-14	2024-08-20
Pretty URL ww25.gdcbghvjyqy7jclk.onion.casa/biRnOEZCz.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 16:51 Last Seen2024-08-20 19:38 Times Seen5630 Hash 136bc91b923c115f678c13f3740bf8fa d8044de6e6a8b05f087f9fb73545d5b2e9666d61 46e2c2af87720b7ae5a86434547bd9bef9ff21fab2956b64bc48f17dc73c63a7 Loading...

	www.googletagmanager.com/gtag/js?id=UA-120516961-2	ScriptElement	191 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=UA-120516961-2 IP 216.58.207.232 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 05:54 Last Seen2023-12-04 05:54 Times Seen1 Hash 07b19f51f2a7c9f040121be224669f98 80883db6b65929a76ed52a2949fb525d35a3bf08 c1893c2785889e5705ec55a89da144bb5f26d8922508bad482481752fd11adb7 Loading...

	www.google.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-08	2023-12-11
Pretty URL www.google.com/adsense/domains/caf.js IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-08 16:34 Last Seen2023-12-11 19:28 Times Seen1308 Hash 980fb04d2da5f7f360deea9af49a0fdc d9c762b66a33644ddc28c2ce6c09e1f400df8cdd f9b94b36f3a1ff7c60d1048d748663b9d5592499491f07f7574a6b77b089a0af Loading...

	www.googletagmanager.com/gtag/js?id=G-L1JLSM1P7J&l=dataLayer&cx=c	ScriptElement	229 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-L1JLSM1P7J&l=dataLayer&cx=c IP 216.58.207.232 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 05:54 Last Seen2023-12-04 05:54 Times Seen1 Hash c12f0e04c9e9300561227d428dda1ea1 79e55efae552a79ba2c2d3c72cd6377fcc3ae0b3 fb79e4c03de462614cbbb99470dbfc9d0d43c827e482b61f2393f09606fe164f Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	ScriptElement	150 kB	2023-11-08	2024-08-20
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-08 18:42 Last Seen2024-08-20 20:23 Times Seen561 Hash 6cf241afce18389b8a846cf20c6decd0 f8ba73079f5ab4ac902011cd294bc9a0c2e75820 14583633c7c8d5e084d889f9fd1886a02c158dac63a33293141f74eeb289d693 Loading...

	ww25.gdcbghvjyqy7jclk.onion.casa/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL ww25.gdcbghvjyqy7jclk.onion.casa/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 08:21 Times Seen341394 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 08:21 Times Seen340593 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129	ScriptElement	659 B	2024-08-20	2024-08-20
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:51 Last Seen2024-08-20 16:51 Times Seen1 Hash 95bd05da426055e1820f39f9d468c67d 5eb77da86bb15a46434e3e923369ff30fff0244e 54eb92116ad55716c3b7fd1b9867cda897f2907710a389505554ef2dc4d9b323 Loading...

HTTP Transactions (13)

	URL	IP	Response	Size
	ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129	199.59.243.225	200 OK	1.2 kB
URL User Request GET HTTP/1.1 ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 IP 199.59.243.225:80 ASN #16509 AMAZON-02 File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (502) Size 1.2 kB (1205 bytes) Hash 22b074c277b7bbe7b41e720021f845bd 938d897660b3eebf038bc4597a29c3973c3b4881 5ecb31610ff9cf902f7cbc7caa6f78a0aad3307e29c0dde08097bb0191022302 HTTP Headers `GET /e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 HTTP/1.1 Host: ww25.gdcbghvjyqy7jclk.onion.casa User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK date: Mon, 04 Dec 2023 04:53:55 GMT content-type: text/html; charset=utf-8 content-length: 1205 x-request-id: 6960781c-975e-4cef-881a-e60ea17fa7e8 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_O34EebzpWEjUgMliXfIjpbp4/BwWMCWOmcTcpX1bK8Dh69rFHUlwA9ArGSh1lNdojjyswD7+ccfdnQsmHtp/Kg== set-cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8; expires=Mon, 04 Dec 2023 05:08:55 GMT; path=/

	ww25.gdcbghvjyqy7jclk.onion.casa/biRnOEZCz.js	199.59.243.225	200 OK	32 kB
URL GET HTTP/1.1 ww25.gdcbghvjyqy7jclk.onion.casa/biRnOEZCz.js IP 199.59.243.225:80 ASN #16509 AMAZON-02 Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 File type Unicode text, UTF-8 text, with very long lines (32051) Size 32 kB (32054 bytes) Hash 136bc91b923c115f678c13f3740bf8fa d8044de6e6a8b05f087f9fb73545d5b2e9666d61 46e2c2af87720b7ae5a86434547bd9bef9ff21fab2956b64bc48f17dc73c63a7 HTTP Headers `GET /biRnOEZCz.js HTTP/1.1 Host: ww25.gdcbghvjyqy7jclk.onion.casa User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK date: Mon, 04 Dec 2023 04:53:55 GMT content-type: application/javascript; charset=utf-8 content-length: 32054 x-request-id: c67207c9-f348-4641-9ebd-c38e848439a2 set-cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8; expires=Mon, 04 Dec 2023 05:08:55 GMT`

	ww25.gdcbghvjyqy7jclk.onion.casa/_fd?subid1=20231204-1553-36a7-becb-0453a13e9129	199.59.243.225	200 OK	2.0 kB
URL POST HTTP/1.1 ww25.gdcbghvjyqy7jclk.onion.casa/_fd?subid1=20231204-1553-36a7-becb-0453a13e9129 IP 199.59.243.225:80 ASN #16509 AMAZON-02 Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 File type ASCII text, with very long lines (3861), with no line terminators Size 2.0 kB (1956 bytes) Hash 695f4b0eaf0c3e3fb00b5e19466db1a5 df507e88ca0089b205bd0c9b3a4ef2fd78a5f584 719c110d5034c57f2460f429df53aa9ed1d5fc2628859b8aba1dba3e31023f8d HTTP Headers POST /_fd?subid1=20231204-1553-36a7-becb-0453a13e9129 HTTP/1.1 Host: ww25.gdcbghvjyqy7jclk.onion.casa User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Content-Type: application/json Origin: http://ww25.gdcbghvjyqy7jclk.onion.casa DNT: 1 Connection: keep-alive Cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8 Pragma: no-cache Cache-Control: no-cache Content-Length: 0 `HTTP/1.1 200 OK server: openresty date: Mon, 04 Dec 2023 04:53:55 GMT content-type: text/html; charset=UTF-8 content-encoding: gzip content-length: 1956 x-version: 2.110.4 expires: Thu, 01 Jan 1970 00:00:01 GMT cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 pragma: no-cache set-cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8; expires=Mon, 04 Dec 2023 05:08:55 GMT; Max-Age=900; path=/; httponly`

	www.googletagmanager.com/gtag/js?id=UA-120516961-2	216.58.207.232	200 OK	69 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-120516961-2 IP 216.58.207.232:443 ASN #15169 GOOGLE Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 69 kB (69024 bytes) Hash 07b19f51f2a7c9f040121be224669f98 80883db6b65929a76ed52a2949fb525d35a3bf08 c1893c2785889e5705ec55a89da144bb5f26d8922508bad482481752fd11adb7 HTTP Headers `GET /gtag/js?id=UA-120516961-2 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Mon, 04 Dec 2023 04:53:56 GMT expires: Mon, 04 Dec 2023 04:53:56 GMT cache-control: private, max-age=900 last-modified: Mon, 04 Dec 2023 03:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 69024 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=G-L1JLSM1P7J&l=dataLayer&cx=c	216.58.207.232	200 OK	81 kB
URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-L1JLSM1P7J&l=dataLayer&cx=c IP 216.58.207.232:443 ASN #15169 GOOGLE Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (5955) Size 81 kB (81179 bytes) Hash c12f0e04c9e9300561227d428dda1ea1 79e55efae552a79ba2c2d3c72cd6377fcc3ae0b3 fb79e4c03de462614cbbb99470dbfc9d0d43c827e482b61f2393f09606fe164f HTTP Headers `GET /gtag/js?id=G-L1JLSM1P7J&l=dataLayer&cx=c HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Mon, 04 Dec 2023 04:53:56 GMT expires: Mon, 04 Dec 2023 04:53:56 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 81179 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	www.google.com/adsense/domains/caf.js	216.58.207.228	200 OK	55 kB
URL GET HTTP/2 www.google.com/adsense/domains/caf.js IP 216.58.207.228:443 ASN #15169 GOOGLE Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1 ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT File type gzip compressed data, max compression\012- data Size 55 kB (54830 bytes) Hash b4d0bc9ffd4fcd81c99917b24b40c980 905867f25d998ab210c15bf24a91f393e5d35335 ea9e3cb1ef49a25bf79a0ca82a22afa31df785756ff1d8a0fad10d94ea5bfb4b HTTP Headers `GET /adsense/domains/caf.js HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-type: text/javascript; charset=UTF-8 content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Mon, 04 Dec 2023 04:53:56 GMT expires: Mon, 04 Dec 2023 04:53:56 GMT cache-control: private, max-age=3600 etag: "671007550098774708" x-content-type-options: nosniff link: <https://www.adsensecustomsearchads.com>; rel="preconnect" content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129	216.58.211.14	200 OK	2.6 kB
URL GET HTTP/2 www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129 IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13206) Size 2.6 kB (2602 bytes) Hash d1dfb150f6f8859f76cfd8f35396464d 0664ec5854a195b76b4eba884deadb5cdab9adb2 ca34b084c3cbbedff1ad08b1ff809b8ef158c915e936274149452adcba1bde93 HTTP Headers GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129 HTTP/1.1 Host: www.adsensecustomsearchads.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/html; charset=UTF-8 content-disposition: inline date: Mon, 04 Dec 2023 04:53:56 GMT expires: Mon, 04 Dec 2023 04:53:56 GMT cache-control: private, max-age=3600 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-pzBQAJ8SamSRiMjA5mk9uA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} content-encoding: br server: gws content-length: 2602 x-xss-protection: 0 set-cookie: CONSENT=PENDING+479; expires=Wed, 03-Dec-2025 04:53:56 GMT; path=/; domain=.adsensecustomsearchads.com; Secure p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff	142.250.74.97	200 OK	278 B
URL GET HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff IP 142.250.74.97:443 ASN #15169 GOOGLE Requested by https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subject.googleusercontent.com Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306) Size 278 B (278 bytes) Hash fe7dd8c3c629cc6e9cd6d3e4d3cbe905 59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18 5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e HTTP Headers GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.adsensecustomsearchads.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 278 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Mon, 04 Dec 2023 02:30:27 GMT expires: Tue, 05 Dec 2023 01:30:27 GMT cache-control: public, max-age=82800 age: 8610 last-modified: Tue, 27 Jun 2023 17:28:00 GMT content-type: image/svg+xml vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b	142.250.74.97	200 OK	174 B
URL GET HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b IP 142.250.74.97:443 ASN #15169 GOOGLE Requested by https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subject.googleusercontent.com Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators Size 174 B (174 bytes) Hash d47125b2ba92be53dcff07ba322ce1de e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28 5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6 HTTP Headers `GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.adsensecustomsearchads.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 174 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Sun, 03 Dec 2023 08:40:52 GMT expires: Mon, 04 Dec 2023 07:40:52 GMT cache-control: public, max-age=82800 age: 72785 last-modified: Thu, 02 Nov 2023 22:48:00 GMT content-type: image/svg+xml vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ww25.gdcbghvjyqy7jclk.onion.casa/_tr	199.59.243.225	200 OK	22 B
URL POST HTTP/1.1 ww25.gdcbghvjyqy7jclk.onion.casa/_tr IP 199.59.243.225:80 ASN #16509 AMAZON-02 Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 File type ASCII text, with no line terminators Size 22 B (22 bytes) Hash 444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df HTTP Headers POST /_tr HTTP/1.1 Host: ww25.gdcbghvjyqy7jclk.onion.casa User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Content-Type: application/json Content-Length: 1789 Origin: http://ww25.gdcbghvjyqy7jclk.onion.casa DNT: 1 Connection: keep-alive Cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8; _ga_L1JLSM1P7J=GS1.1.1701665641.1.0.1701665641.0.0.0; _ga=GA1.1.1303683967.1701665642 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK server: openresty date: Mon, 04 Dec 2023 04:53:56 GMT content-type: text/html; charset=UTF-8 content-encoding: gzip content-length: 22 x-version: 2.110.4 expires: Thu, 01 Jan 1970 00:00:01 GMT cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0 pragma: no-cache set-cookie: parking_session=6960781c-975e-4cef-881a-e60ea17fa7e8; expires=Mon, 04 Dec 2023 05:08:57 GMT; Max-Age=900; path=/; httponly`

	www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=cmdh8ncfsw6c&aqid=ZFttZY_3GszKjuwPj-aQgA0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C477%7C113%7C20&lle=0&ifv=1&hpt=0	216.58.211.14	204 No Content	0 B
URL GET HTTP/3 www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=cmdh8ncfsw6c&aqid=ZFttZY_3GszKjuwPj-aQgA0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C477%7C113%7C20&lle=0&ifv=1&hpt=0 IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=cmdh8ncfsw6c&aqid=ZFttZY_3GszKjuwPj-aQgA0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C477%7C113%7C20&lle=0&ifv=1&hpt=0 HTTP/1.1 Host: www.adsensecustomsearchads.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 204 No Content content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-EoVd8EtvKsV8_dzt5IbeRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} date: Mon, 04 Dec 2023 04:53:58 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN set-cookie: CONSENT=PENDING+303; expires=Wed, 03-Dec-2025 04:53:58 GMT; path=/; domain=.adsensecustomsearchads.com; Secure p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=cs9mz2vam3jo&aqid=ZFttZY_3GszKjuwPj-aQgA0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C477%7C113%7C20&lle=0&ifv=1&hpt=0	216.58.211.14	204 No Content	0 B
URL GET HTTP/3 www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=cs9mz2vam3jo&aqid=ZFttZY_3GszKjuwPj-aQgA0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C477%7C113%7C20&lle=0&ifv=1&hpt=0 IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by http://ww25.gdcbghvjyqy7jclk.onion.casa/e6786b1ed02c2629?subid1=20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=cs9mz2vam3jo&aqid=ZFttZY_3GszKjuwPj-aQgA0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=579967862&csala=5%7C0%7C477%7C113%7C20&lle=0&ifv=1&hpt=0 HTTP/1.1 Host: www.adsensecustomsearchads.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://ww25.gdcbghvjyqy7jclk.onion.casa/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 204 No Content content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-LmATu0kn6CwZZjHUSDZ6mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} date: Mon, 04 Dec 2023 04:53:58 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN set-cookie: CONSENT=PENDING+219; expires=Wed, 03-Dec-2025 04:53:58 GMT; path=/; domain=.adsensecustomsearchads.com; Secure p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	www.adsensecustomsearchads.com/adsense/domains/caf.js	216.58.211.14	200 OK	150 kB
URL GET HTTP/3 www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol304%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol419&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%3Fcaf%26subid1%3D20231204-1553-36a7-becb-0453a13e9129&terms=Dark%20Internet%2CDeep%20Internet%2CDeep%20Internet%20Search%2CDark%20Web%20Websites%2COnion%20Websites%2COnion%20Site%20List&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2508980667757858&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301383&format=r3&nocache=2101701665641784&num=0&output=afd_ads&domain_name=ww25.gdcbghvjyqy7jclk.onion.casa&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1701665641785&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&cl=579967862&uio=-&cont=rs&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww25.gdcbghvjyqy7jclk.onion.casa%2Fe6786b1ed02c2629%3Fsubid1%3D20231204-1553-36a7-becb-0453a13e9129 Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type ASCII text, with very long lines (1888) Size 150 kB (149615 bytes) Hash 6cf241afce18389b8a846cf20c6decd0 f8ba73079f5ab4ac902011cd294bc9a0c2e75820 14583633c7c8d5e084d889f9fd1886a02c158dac63a33293141f74eeb289d693 HTTP Headers `GET /adsense/domains/caf.js HTTP/1.1 Host: www.adsensecustomsearchads.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.adsensecustomsearchads.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK accept-ranges: bytes vary: Accept-Encoding content-type: text/javascript; charset=UTF-8 content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Mon, 04 Dec 2023 04:53:56 GMT expires: Mon, 04 Dec 2023 04:53:56 GMT cache-control: private, max-age=3600 etag: "14110688364054311877" x-content-type-options: nosniff link: <https://www.adsensecustomsearchads.com>; rel="preconnect" content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN