Report - ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

Report Overview

Visited public
2023-08-28 05:30:16
Tags
URL
ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Finishing URL
ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
IP / ASN
199.59.243.224
#16509 AMAZON-02
Title
Aalcovid19.org

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww25.aalcovid19.org	unknown	2022-09-27	2022-10-14 07:12:05	2023-08-28 00:59:43	3.2 kB	75 kB	199.59.243.224
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-08-27 18:12:02	2.3 kB	4.9 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-08-18 17:41:21	3.6 kB	118 kB	216.58.211.4
afs.googleusercontent.com	12123	2008-11-17	2013-05-06 21:11:00	2023-08-28 05:14:33	967 B	2.0 kB	142.250.74.97
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-08-28 03:54:35	434 B	1.5 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-08-28 03:54:37	548 B	15 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-28 05:29:47	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-08-28 05:29:47	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-08-28 05:29:48	medium	Client IP	199.59.243.224	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
2023-08-28 05:29:48	medium	Client IP	199.59.243.224	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
2023-08-28 05:29:48	medium	Client IP	199.59.243.224	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
2023-08-28 05:29:48	medium	Client IP	199.59.243.224	ET HUNTING Suspicious POST Request with Possible COVID-19 Domain M1
2023-08-28 05:29:48	medium	Client IP	199.59.243.224	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
2023-08-28 05:29:48	medium	Client IP	199.59.243.224	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	www.google.com/afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264	ScriptElement	1.6 kB	2024-08-21	2024-08-21
Pretty URL www.google.com/afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264 IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 07:55 Last Seen2024-08-21 07:55 Times Seen1 Hash 29cb5e3bcf575dfa78165a341789ee78 8f55c97a5b614d02a236881e5acc5f63ca5d0cf1 c2600e6a536eeac2419cb8d48541dac855b7f3a90df7c467d266d831d6f8c368 Loading...

	www.google.com/adsense/domains/caf.js	ScriptElement	151 kB	2023-08-24	2024-08-21
Pretty URL www.google.com/adsense/domains/caf.js IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 20:39 Last Seen2024-08-21 08:11 Times Seen265 Hash 0e564db5c20672a8b1cf72661c8415ff db53c94941123f0b2ab6e2a9c871355fed57fa9b 45b83334749e504ab44e222c8a318d5174e3c28746bcc0c33332a7381b2605de Loading...

	ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124	ScriptElement	483 B	2024-08-21	2024-08-21
Pretty URL ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124 IP 199.59.243.224 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 07:55 Last Seen2024-08-21 07:55 Times Seen1 Hash 26527a32d2d89d9f4738144c8cc823ea 2f6fa90ef533c5afb66a962105f719f78367de8e f37dfe9c51e06c2739dd59d2ebd713098e68d80074d3c5ec6a7559c3354d3fe3 Loading...

	ww25.aalcovid19.org/aBRXZxgGc.js	ScriptElement	68 kB	2023-08-11	2023-09-26
Pretty URL ww25.aalcovid19.org/aBRXZxgGc.js IP 199.59.243.224 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-11 01:02 Last Seen2023-09-26 15:04 Times Seen7775 Hash 3ef0d214cbad58830beddd8bffd52c13 b6afe664ac6da2b0afccae8fb8782acaa9b7c6c9 7128591ce2852ff92fd3ca220b9fdd6e99a901dd2e4164ba264e5a0b9a19965b Loading...

	www.google.com/adsense/domains/caf.js	ScriptElement	151 kB	2023-08-24	2023-08-30
Pretty URL www.google.com/adsense/domains/caf.js IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 19:30 Last Seen2023-08-30 22:31 Times Seen373 Hash c3617451442dcc3c71191d33d00e06e7 57d174919bb5c85c0988abcd234e357b6de107b8 b8d7d9f1ff2a96ec5d03a4de413cd4a7ee7eadd434d235c8c9968c94b9261715 Loading...

HTTP Transactions (22)

URL IP Response Size

ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

199.59.243.224

200 OK

1.2 kB

URL User Request GET HTTP/1.1
ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
IP
199.59.243.224:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498)
Size
1.2 kB (1201 bytes)
Hash
c8c961581e8b6fd31d72fd027026ead8
fe540eaae94a6fe7ad3e6224ea038207c0729d15
e20baae50cac5bab8d8b7521740955c1a4abf06932800a90f891874e8ad95e62

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124 HTTP/1.1
Host: ww25.aalcovid19.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Mon, 28 Aug 2023 05:29:57 GMT
content-type: text/html; charset=utf-8
content-length: 1201
x-request-id: 2c86aaa1-89a5-41d6-a9a2-808c836e3036
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_s1JFZV5Oy77Udj9COWrwjHZ/8XzQ//GwL+ryyo923QH9yWDUd5J5dEoODdYTJgS3AfaaX48XVzhPDWcTZ6vFYQ==
set-cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036; expires=Mon, 28 Aug 2023 05:44:57 GMT; path=/

ww25.aalcovid19.org/aBRXZxgGc.js

199.59.243.224

200 OK

68 kB

URL GET HTTP/1.1
ww25.aalcovid19.org/aBRXZxgGc.js
IP
199.59.243.224:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
68 kB (68406 bytes)
Hash
3ef0d214cbad58830beddd8bffd52c13
b6afe664ac6da2b0afccae8fb8782acaa9b7c6c9
7128591ce2852ff92fd3ca220b9fdd6e99a901dd2e4164ba264e5a0b9a19965b

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /aBRXZxgGc.js HTTP/1.1
Host: ww25.aalcovid19.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Mon, 28 Aug 2023 05:29:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 68406
x-request-id: c995e2e1-2f7c-46b9-a4b1-66e142b33bb7
set-cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036; expires=Mon, 28 Aug 2023 05:44:58 GMT

ww25.aalcovid19.org/_fd?subid1=20230828-1529-39a2-9967-a1b222003124

199.59.243.224

200 OK

2.6 kB

URL POST HTTP/1.1
ww25.aalcovid19.org/_fd?subid1=20230828-1529-39a2-9967-a1b222003124
IP
199.59.243.224:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

File type
ASCII text, with very long lines (4841), with no line terminators
Size
2.6 kB (2586 bytes)
Hash
b89608e87c139b3cbb8314fd6ff167e7
952a6230c650d776dbfce548b76877045e70efcc
cd3028b8da402c8288b182a36e626a828544d2520a880f02243e828a3a490a4b

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious POST Request with Possible COVID-19 Domain M1

HTTP Headers

POST /_fd?subid1=20230828-1529-39a2-9967-a1b222003124 HTTP/1.1
Host: ww25.aalcovid19.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Content-Type: application/json
Origin: http://ww25.aalcovid19.org
DNT: 1
Connection: keep-alive
Cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
server: openresty
date: Mon, 28 Aug 2023 05:29:57 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2586
x-version: 2.106.5
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036; expires=Mon, 28 Aug 2023 05:44:58 GMT; Max-Age=900; path=/; httponly

ww25.aalcovid19.org/px.gif?ch=1&rn=9.062546746778755

199.59.243.224

200 OK

42 B

URL GET HTTP/1.1
ww25.aalcovid19.org/px.gif?ch=1&rn=9.062546746778755
IP
199.59.243.224:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /px.gif?ch=1&rn=9.062546746778755 HTTP/1.1
Host: ww25.aalcovid19.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Mon, 28 Aug 2023 05:29:57 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 18 Jul 2023 15:33:43 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ranges: bytes

ww25.aalcovid19.org/px.gif?ch=2&rn=9.062546746778755

199.59.243.224

200 OK

42 B

URL GET HTTP/1.1
ww25.aalcovid19.org/px.gif?ch=2&rn=9.062546746778755
IP
199.59.243.224:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /px.gif?ch=2&rn=9.062546746778755 HTTP/1.1
Host: ww25.aalcovid19.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Mon, 28 Aug 2023 05:29:57 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 18 Jul 2023 15:33:43 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
90fde05040c6416c1174540b1c9ec27e
5b74f1211d52643dc447844bb5a0e400dec9bb60
a6e18fb8cd0e76e530b2e8a17617fa5b220cbc3ac5302288d15e60574de21497

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/adsense/domains/caf.js

216.58.211.4

200 OK

56 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint9A:F7:68:99:17:95:7D:AE:08:51:0E:97:CE:A7:C3:18:3E:FB:E0:89
ValidityMon, 07 Aug 2023 12:22:44 GMT - Mon, 30 Oct 2023 12:22:43 GMT

File type
gzip compressed data, max compression\012- data
Size
56 kB (55455 bytes)
Hash
2cb637d0d8a209636a46a5651c438597
7c46c4d704f7fff8e4cad8ee49304b3460189f1e
bc7c16d9a30cebe0035ff9acb48adf28a880e291e078b500e2be51ef417092a9

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 28 Aug 2023 05:29:58 GMT
expires: Mon, 28 Aug 2023 05:29:58 GMT
cache-control: private, max-age=3600
etag: "3670057818656472894"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264

216.58.211.4

200 OK

3.0 kB

URL GET HTTP/3
www.google.com/afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint9D:80:9B:CF:63:AA:86:29:E9:3C:78:9A:EA:DA:15:56:7E:BF:56:D8
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13075)
Size
3.0 kB (3014 bytes)
Hash
9b18d307c5c3845e413c05c298d16b91
15bd7108b370908627cf4a42901132fb91b255e2
741d4b8e6766a348a74c60311989727921b3e08d5b723f7e7951f2b09b0c08ac

HTTP Headers

GET /afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Mon, 28 Aug 2023 05:29:58 GMT
expires: Mon, 28 Aug 2023 05:29:58 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-e3sbwgauU6LODRNE-iWLAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 3014
x-xss-protection: 0
set-cookie: CONSENT=PENDING+847; expires=Wed, 27-Aug-2025 05:29:58 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d6d711daa108ed7c003d13751b9d070f
1ca72ce24730881427b3cc55ea29ce2508777bac
40d952ce975399c743b66e6def9f9803b2f44171d469c0aff5cc1588412fc735

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d6d711daa108ed7c003d13751b9d070f
1ca72ce24730881427b3cc55ea29ce2508777bac
40d952ce975399c743b66e6def9f9803b2f44171d469c0aff5cc1588412fc735

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE4:51:33:AB:52:EE:C6:B5:58:9A:45:41:92:89:F4:BE:60:04:78:DA
ValidityMon, 07 Aug 2023 12:21:30 GMT - Mon, 30 Oct 2023 12:21:29 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Aug 2023 13:13:24 GMT
expires: Mon, 28 Aug 2023 12:13:24 GMT
cache-control: public, max-age=82800
age: 58595
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/launch.svg?c=%23ffffff

142.250.74.97

200 OK

229 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/launch.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=1255567885&pcsa=false&channel=pid-bodis-gcontrol201%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol305%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol421&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.aalcovid19.org%3Fcaf%26subid1%3D20230828-1529-39a2-9967-a1b222003124&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301293%2C17301318%2C17301320&format=r3&nocache=3701693200588980&num=0&output=afd_ads&domain_name=ww25.aalcovid19.org&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1693200588981&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=558871696&uio=-&cont=rs&jsid=caf&jsv=558871696&rurl=http%3A%2F%2Fww25.aalcovid19.org%2Fwp-content%2Fuploads%2F2022%2F06%2Fnickaga.pdf%3Fsubid1%3D20230828-1529-39a2-9967-a1b222003124&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE4:51:33:AB:52:EE:C6:B5:58:9A:45:41:92:89:F4:BE:60:04:78:DA
ValidityMon, 07 Aug 2023 12:21:30 GMT - Mon, 30 Oct 2023 12:21:29 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
229 B (229 bytes)
Hash
1936878fc74310fb40f3d2af40e2f4ea
3c072acfcefbb3d3c5240e9f03ebf938f7dc0594
091dd9d913b2a6170b918ebb13e4a61545ee55de4204f4a321c1c28776dcf695

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/launch.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 229
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Aug 2023 10:30:37 GMT
expires: Mon, 28 Aug 2023 09:30:37 GMT
cache-control: public, max-age=82800
age: 68362
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d6d711daa108ed7c003d13751b9d070f
1ca72ce24730881427b3cc55ea29ce2508777bac
40d952ce975399c743b66e6def9f9803b2f44171d469c0aff5cc1588412fc735

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8c141c9e4ae293080c66a7390c51860a
88fcdb4721be225cbe3a96b3900ab9f3d062c132
20dfefd2835c3db0ddaea174a330d72d6a5c932a0e24947be8cb8e913d1930bc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8c141c9e4ae293080c66a7390c51860a
88fcdb4721be225cbe3a96b3900ab9f3d062c132
20dfefd2835c3db0ddaea174a330d72d6a5c932a0e24947be8cb8e913d1930bc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Quicksand

142.250.74.106

200 OK

915 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Quicksand
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
gzip compressed data, max compression\012- data
Size
915 B (915 bytes)
Hash
f1b60639e4fdba2b6ec8ffc8bcb02762
1400d8540ab48124a94aa3ff300949d4f9a48ed8
2a150ebd8f4c2338a4f5909db5791efdefd1772f31e9be578274f7fd49af2d14

HTTP Headers

GET /css?family=Quicksand HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Aug 2023 05:29:59 GMT
date: Mon, 28 Aug 2023 05:29:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13888, version 1.0\012- data
Size
14 kB (13888 bytes)
Hash
099548fac114f5f6498c5c75b943581d
7505fcaf9f4fe36634352b322a9f5fed1256a9f6
e36165510050fc4ef1d87cc430dd4d1d0f6a705c5f4aa7b3a97493921884bb05

HTTP Headers

GET /s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww25.aalcovid19.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Aug 2023 11:14:54 GMT
expires: Sun, 25 Aug 2024 11:14:54 GMT
cache-control: public, max-age=31536000
age: 152105
last-modified: Mon, 18 Jul 2022 19:12:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww25.aalcovid19.org/_tr

199.59.243.224

200 OK

22 B

URL POST HTTP/1.1
ww25.aalcovid19.org/_tr
IP
199.59.243.224:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.aalcovid19.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Content-Type: application/json
Content-Length: 1745
Origin: http://ww25.aalcovid19.org
DNT: 1
Connection: keep-alive
Cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Mon, 28 Aug 2023 05:29:59 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
x-version: 2.106.5
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=2c86aaa1-89a5-41d6-a9a2-808c836e3036; expires=Mon, 28 Aug 2023 05:44:59 GMT; Max-Age=900; path=/; httponly

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7d86a3dce6d27e0a976ced013a552c63
ba7bb8b3b3ef53390afc5c48387be80fad4471d8
366822f1c01f284a91051f7e1753d6a5526f32be04336dc424de852d1ee22eac

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Aug 2023 05:29:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=f5qfd2ruvyey&aqid=1jDsZJ_NJ5-LiM0P_PiFkA4&psid=1255567885&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=558871696&csala=23%7C0%7C276%7C96%7C287&lle=0&ifv=1&usr=0&hpt=0

216.58.211.4

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=f5qfd2ruvyey&aqid=1jDsZJ_NJ5-LiM0P_PiFkA4&psid=1255567885&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=558871696&csala=23%7C0%7C276%7C96%7C287&lle=0&ifv=1&usr=0&hpt=0
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint9D:80:9B:CF:63:AA:86:29:E9:3C:78:9A:EA:DA:15:56:7E:BF:56:D8
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=f5qfd2ruvyey&aqid=1jDsZJ_NJ5-LiM0P_PiFkA4&psid=1255567885&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=558871696&csala=23%7C0%7C276%7C96%7C287&lle=0&ifv=1&usr=0&hpt=0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Amh5ADCN5_c9JwxRxrDS3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 28 Aug 2023 05:30:00 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=NnpSSXd_1K_eEjyN0_XIlEMihoEBgMzNl5YR2ck6LD5gDb_hWuuHFbWOXKNf3FAq3hsCaEjM0JZqm-JamMsQ5cZMB92cMsLvOooehhUTFC4Wl9j-ddysksQCx6Isq75Uo0k1t_2CvU8Nh7WK9jZV1BxHey_Q8ezY-hVGZv1jUu4; expires=Tue, 27-Feb-2024 05:30:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+838; expires=Wed, 27-Aug-2025 05:30:00 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/adsense/domains/caf.js

216.58.211.4

200 OK

55 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint9A:F7:68:99:17:95:7D:AE:08:51:0E:97:CE:A7:C3:18:3E:FB:E0:89
ValidityMon, 07 Aug 2023 12:22:44 GMT - Mon, 30 Oct 2023 12:22:43 GMT

File type
ASCII text, with very long lines (2067)
Size
55 kB (54989 bytes)
Hash
0e564db5c20672a8b1cf72661c8415ff
db53c94941123f0b2ab6e2a9c871355fed57fa9b
45b83334749e504ab44e222c8a318d5174e3c28746bcc0c33332a7381b2605de

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 28 Aug 2023 05:29:58 GMT
expires: Mon, 28 Aug 2023 05:29:58 GMT
cache-control: private, max-age=3600
etag: "771202806241658115"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=j7czqoh7rs9s&aqid=1jDsZJ_NJ5-LiM0P_PiFkA4&psid=1255567885&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=558871696&csala=23%7C0%7C276%7C96%7C287&lle=0&ifv=1&usr=0&hpt=0

216.58.211.4

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=j7czqoh7rs9s&aqid=1jDsZJ_NJ5-LiM0P_PiFkA4&psid=1255567885&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=558871696&csala=23%7C0%7C276%7C96%7C287&lle=0&ifv=1&usr=0&hpt=0
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
http://ww25.aalcovid19.org/wp-content/uploads/2022/06/nickaga.pdf?subid1=20230828-1529-39a2-9967-a1b222003124
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint9D:80:9B:CF:63:AA:86:29:E9:3C:78:9A:EA:DA:15:56:7E:BF:56:D8
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=j7czqoh7rs9s&aqid=1jDsZJ_NJ5-LiM0P_PiFkA4&psid=1255567885&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=558871696&csala=23%7C0%7C276%7C96%7C287&lle=0&ifv=1&usr=0&hpt=0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.aalcovid19.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Kwjt3UXx0KTjHCAtL37I2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 28 Aug 2023 05:30:01 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=WqDe2Kpw02hd-iHQFgQv_xGSrz3jt5V5ZplysKAorKXJAFko3F5fB_6h2Zkwp8CKKZg8NKsMyWrFDn8yC_x8IZa2HT-L7UrnHdjeJBHESwmMkEfWATNJSQ8Z85juTQEzfF_NXg1y5FIqToPdOB42JYdAemg5_dJauYSuBORNybA; expires=Tue, 27-Feb-2024 05:30:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+840; expires=Wed, 27-Aug-2025 05:30:01 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type