Report - quest.ord.claims/

Report Overview

Visited public
2025-03-07 19:54:07
Tags
URL
quest.ord.claims/
Finishing URL
ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
IP / ASN
103.224.182.246
#133618 Trellian Pty. Limited
Title
ord.claims

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
quest.ord.claims	unknown	unknown	No data	No data	485 B	1.5 kB	103.224.182.246
ww25.quest.ord.claims	unknown	unknown	No data	No data	2.0 kB	44 kB	199.59.243.228
www.google.com	7	1997-09-15	2015-05-10	2025-03-05	447 B	146 kB	142.250.74.100
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25	2025-03-05	3.3 kB	163 kB	216.58.207.238
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2025-03-05	1.0 kB	2.0 kB	142.250.74.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-07	medium	ord.claims	Sinkholed
2025-03-07	medium	ord.claims	Sinkholed
2025-03-07	medium	ord.claims	Sinkholed
2025-03-07	medium	ord.claims	Sinkholed
2025-03-07	medium	ord.claims	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504	ScriptElement	433 B	2025-03-07	2025-03-07
Pretty URL ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504 IP 199.59.243.228 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-07 19:54 Last Seen2025-03-07 19:54 Times Seen1 Hash 0d311f7ef2a49260c6985c81376a51f0 197f9de27020bef9b486344f6852fbd83d33b69b 80a6106e4835e73f2dee7d5e3c070e78fdcc17a2db54a202bed55cf2d164a792 Loading...

	ww25.quest.ord.claims/baTniWDjw.js	ScriptElement	36 kB	2025-03-06	2025-03-31
Pretty URL ww25.quest.ord.claims/baTniWDjw.js IP 199.59.243.228 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-06 15:54 Last Seen2025-03-31 20:02 Times Seen2514 Hash 7463a7d57bf740b4310ebde6887fb8b2 f648bea3398331df1489c0de0201edf3ed8c9f79 23cef5c5a2e7698fe906862f7f79afd8531fc73a4313e6f3238c9e30d8592237 Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	ScriptElement	145 kB	2025-03-04	2025-03-11
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 20:12 Last Seen2025-03-11 18:10 Times Seen1387 Hash 5a622279257ecd54de1bffd920c64ae3 f6d98c7c6e050a17eac1206323c37566a30c7298 97fe730e9b04af3d4e776f7a3904970ee596b0036db5e064f4b5575c3ef146a7 Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504	ScriptElement	593 B	2025-03-07	2025-03-07
Pretty URL syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504 IP 216.58.207.238 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-07 19:54 Last Seen2025-03-07 19:54 Times Seen1 Hash fa9eb18d0a0dbb287843be91adcdf353 aee7d837942a84378e54efbbf392454fec9f03a7 8208cd009a05d0b7a2567f817c07ca5f1acf100564c4c145a72e3c302d351dae Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	145 kB	2025-03-05	2025-03-13
Pretty URL syndicatedsearch.goog/adsense/domains/caf.js IP 216.58.207.238 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 21:09 Last Seen2025-03-13 16:51 Times Seen3113 Hash 1a60cf8806d4ba3a959ec12e2bd3f2a8 41b0116d0a43aafa9f7ec43dcb3283a398bc4d7a e7de3995743ee1f9a293851610966ec06de7c7b3797f1df4e0cb8c4705d24325 Loading...

HTTP Transactions (12)

URL IP Response Size

GET quest.ord.claims/

103.224.182.246

302 Found

1.2 kB

URL User Request GET
quest.ord.claims/
IP
103.224.182.246:443
ASN
#133618 Trellian Pty. Limited

Certificate
IssuerLet's Encrypt
Subject3alaelnet.online
Fingerprint50:8C:E0:48:FE:AD:8C:15:6A:96:E2:DC:56:01:4A:35:E3:7F:9C:78
ValiditySun, 02 Mar 2025 23:42:53 GMT - Sat, 31 May 2025 23:42:52 GMT

File type

Size
1.2 kB (1182 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: quest.ord.claims
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Fri, 07 Mar 2025 19:53:48 GMT
server: Apache
set-cookie: __tad=1741377228.2893116; expires=Mon, 05-Mar-2035 19:53:48 GMT; Max-Age=315360000
location: http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

GET ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504

199.59.243.228

200 OK

1.2 kB

URL User Request GET
ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
IP
199.59.243.228:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (1224), with no line terminators
Size
1.2 kB (1182 bytes)
Hash
6d1c26b8681883f336340e19f665046f
e4f69e8a28f705ec59249e5dbb35f59d8883775a
240f5c74304f4bb2848064d712ba2e408db4642277c9dbbf16e8c3f2289b5e8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?subid1=20250308-0653-4807-9ebe-a9e5de9f7504 HTTP/1.1
Host: ww25.quest.ord.claims
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 07 Mar 2025 19:53:47 GMT
content-type: text/html; charset=utf-8
content-length: 1182
x-request-id: d2432334-30a9-4103-8ff9-047a72de415e
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rODle8laxLgEG72sD7GwSGrQN24BNY1qIm5KKuJ9sSYQV7KanMN5FMUi7JKkVTl1PayyWwwMxvKnashdbBFLEw==
set-cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e; expires=Fri, 07 Mar 2025 20:08:48 GMT; path=/

GET ww25.quest.ord.claims/baTniWDjw.js

199.59.243.228

200 OK

36 kB

URL GET
ww25.quest.ord.claims/baTniWDjw.js
IP
199.59.243.228:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504

File type

Size
36 kB (35693 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /baTniWDjw.js HTTP/1.1
Host: ww25.quest.ord.claims
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 07 Mar 2025 19:53:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 35693
x-request-id: 92f9aac3-633e-4eb1-ae16-b26300e1bb93
set-cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e; expires=Fri, 07 Mar 2025 20:08:49 GMT

POST ww25.quest.ord.claims/_fd?subid1=20250308-0653-4807-9ebe-a9e5de9f7504

199.59.243.228

200 OK

5.7 kB

URL POST
ww25.quest.ord.claims/_fd?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
IP
199.59.243.228:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504

File type
ASCII text, with very long lines (5713), with no line terminators
Size
5.7 kB (5713 bytes)
Hash
add2c83e63916cf85d177d76e9c03f8a
26cbe5976d6ea19b37354880cdf14e4014c4a1b9
ad6d8ecf218deeb2196387a1cd8eb7059a253a02bf661a96b16b7f04c2dd7e07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?subid1=20250308-0653-4807-9ebe-a9e5de9f7504 HTTP/1.1
Host: ww25.quest.ord.claims
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Content-Type: application/json
Origin: http://ww25.quest.ord.claims
DNT: 1
Connection: keep-alive
Cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
date: Fri, 07 Mar 2025 19:53:49 GMT
content-type: application/json; charset=utf-8
content-length: 5713
x-request-id: 0dd8c770-6e1a-43ce-924d-6c0c1fb838ca
set-cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e; expires=Fri, 07 Mar 2025 20:08:49 GMT

GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.100

200 OK

145 kB

URL GET
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint53:F5:E3:47:F6:DC:80:83:14:A1:CE:39:7B:A1:98:61:74:03:86:E2
ValidityMon, 06 Jan 2025 08:37:56 GMT - Mon, 31 Mar 2025 08:37:55 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
145 kB (144888 bytes)
Hash
5a622279257ecd54de1bffd920c64ae3
f6d98c7c6e050a17eac1206323c37566a30c7298
97fe730e9b04af3d4e776f7a3904970ee596b0036db5e064f4b5575c3ef146a7

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.quest.ord.claims/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 07 Mar 2025 19:53:49 GMT
expires: Fri, 07 Mar 2025 19:53:49 GMT
cache-control: private, max-age=3600
etag: "17185793485681822915"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504

216.58.207.238

200 OK

15 kB

URL GET
syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintE3:AE:D7:AE:AB:35:F7:9A:08:17:FA:68:16:8D:9D:D5:35:B1:DA:32
ValidityWed, 26 Feb 2025 15:36:03 GMT - Wed, 21 May 2025 15:36:02 GMT

File type
HTML document, ASCII text, with very long lines (14325)
Size
15 kB (14863 bytes)
Hash
b572eb959bd0804044f251446d6daebe
9172f3a6e7f16077750cfb2b46979986276741d6
822e2e61f2d634a4e0ba041854fba7e84606456cb6106c18eacc7561781974a0

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.quest.ord.claims/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 07 Mar 2025 19:53:49 GMT
expires: Fri, 07 Mar 2025 19:53:49 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-S_oWuXxJtJoi4qonnVV9Fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2923
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST ww25.quest.ord.claims/_tr

199.59.243.228

200 OK

2 B

URL POST
ww25.quest.ord.claims/_tr
IP
199.59.243.228:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.quest.ord.claims
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Content-Type: application/json
Content-Length: 2025
Origin: http://ww25.quest.ord.claims
DNT: 1
Connection: keep-alive
Cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 07 Mar 2025 19:53:50 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-request-id: a7c2d2c8-7a5d-479b-a07b-e34cd7497249
set-cookie: parking_session=d2432334-30a9-4103-8ff9-047a72de415e; expires=Fri, 07 Mar 2025 20:08:50 GMT

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=k8f9si6x2la4&cd_fexp=72717108%2C100276465&aqid=zU7LZ__bMPSyiM0PjZfpOA&psid=3113057640&pbt=bs&adbx=290&adby=170&adbh=373&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=732930958&csala=9%7C0%7C331%7C72%7C20&lle=0&ifv=1&hpt=0

216.58.207.238

204 No Content

0 B

URL GET
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=k8f9si6x2la4&cd_fexp=72717108%2C100276465&aqid=zU7LZ__bMPSyiM0PjZfpOA&psid=3113057640&pbt=bs&adbx=290&adby=170&adbh=373&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=732930958&csala=9%7C0%7C331%7C72%7C20&lle=0&ifv=1&hpt=0
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintE3:AE:D7:AE:AB:35:F7:9A:08:17:FA:68:16:8D:9D:D5:35:B1:DA:32
ValidityWed, 26 Feb 2025 15:36:03 GMT - Wed, 21 May 2025 15:36:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=k8f9si6x2la4&cd_fexp=72717108%2C100276465&aqid=zU7LZ__bMPSyiM0PjZfpOA&psid=3113057640&pbt=bs&adbx=290&adby=170&adbh=373&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=732930958&csala=9%7C0%7C331%7C72%7C20&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.quest.ord.claims/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-jHM_SquY73mlUVQiMPZ0mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 07 Mar 2025 19:53:51 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=kkjrd22n39mf&cd_fexp=72717108%2C100276465&aqid=zU7LZ__bMPSyiM0PjZfpOA&psid=3113057640&pbt=bv&adbx=290&adby=170&adbh=373&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=732930958&csala=9%7C0%7C331%7C72%7C20&lle=0&ifv=1&hpt=0

216.58.207.238

204 No Content

0 B

URL GET
syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=kkjrd22n39mf&cd_fexp=72717108%2C100276465&aqid=zU7LZ__bMPSyiM0PjZfpOA&psid=3113057640&pbt=bv&adbx=290&adby=170&adbh=373&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=732930958&csala=9%7C0%7C331%7C72%7C20&lle=0&ifv=1&hpt=0
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
http://ww25.quest.ord.claims/?subid1=20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintE3:AE:D7:AE:AB:35:F7:9A:08:17:FA:68:16:8D:9D:D5:35:B1:DA:32
ValidityWed, 26 Feb 2025 15:36:03 GMT - Wed, 21 May 2025 15:36:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=kkjrd22n39mf&cd_fexp=72717108%2C100276465&aqid=zU7LZ__bMPSyiM0PjZfpOA&psid=3113057640&pbt=bv&adbx=290&adby=170&adbh=373&adbw=700&adbah=114%2C114%2C114&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=732930958&csala=9%7C0%7C331%7C72%7C20&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.quest.ord.claims/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-39kEf56R_CLkzVQr_M0qaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 07 Mar 2025 19:53:51 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET syndicatedsearch.goog/adsense/domains/caf.js

216.58.207.238

200 OK

145 kB

URL GET
syndicatedsearch.goog/adsense/domains/caf.js
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
FingerprintE3:AE:D7:AE:AB:35:F7:9A:08:17:FA:68:16:8D:9D:D5:35:B1:DA:32
ValidityWed, 26 Feb 2025 15:36:03 GMT - Wed, 21 May 2025 15:36:02 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
145 kB (144886 bytes)
Hash
1a60cf8806d4ba3a959ec12e2bd3f2a8
41b0116d0a43aafa9f7ec43dcb3283a398bc4d7a
e7de3995743ee1f9a293851610966ec06de7c7b3797f1df4e0cb8c4705d24325

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 07 Mar 2025 19:53:50 GMT
expires: Fri, 07 Mar 2025 19:53:50 GMT
cache-control: private, max-age=3600
etag: "10248303456754035232"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.33

200 OK

200 B

URL GET
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.33:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
SVG Scalable Vector Graphics image
Size
200 B (200 bytes)
Hash
592bbd56abac313ab322bc38f7027496
ecc40e55421cbfc9cc24e256c999a497b84d997f
fe3a1073d51df0f353dfa771acde9ea020e215a74edf7b24775e50282b6d6eda

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Mar 2025 23:49:30 GMT
expires: Fri, 07 Mar 2025 22:49:30 GMT
cache-control: public, max-age=82800
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 72260
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.33

200 OK

200 B

URL GET
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.33:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol119%2Cpid-bodis-gcontrol479%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol162&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20250308-0653-4807-9ebe-a9e5de9f7504&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2441981343413423&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C100276465&format=r3&nocache=9281741377229694&num=0&output=afd_ads&domain_name=ww25.quest.ord.claims&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1741377229696&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=732930958&rurl=http%3A%2F%2Fww25.quest.ord.claims%2F%3Fsubid1%3D20250308-0653-4807-9ebe-a9e5de9f7504
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
SVG Scalable Vector Graphics image
Size
200 B (200 bytes)
Hash
e81eb30a6c5589e7f39436e40b400822
ca2513ede010b3db00099335b809ca693c2cd65c
055ae1fef3be182534069c718e2dc0ab07d7464bcc3ded19553da07d37333657

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Mar 2025 10:22:44 GMT
expires: Sat, 08 Mar 2025 09:22:44 GMT
cache-control: public, max-age=82800
age: 34266
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL POST

IP

ASN

Requested by

File type

Size