Report - asnrrsamsa.com/imgs/krewa/nqxa.php?id=6yv1icgx&s5=3159&lip=192.168.2.10&win=Unk

Report Overview

Submitted URL
asnrrsamsa.com/imgs/krewa/nqxa.php?id=6yv1icgx&s5=3159&lip=192.168.2.10&win=Unk
IP
81.17.29.149
ASN
#51852 Private Layer INC
Submitted
2023-05-29 14:34:50
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tracking-protection.cdn.mozilla.net	9282	1998-01-31	2015-09-17	2023-05-29	2.0 kB	1.9 MB	34.120.158.37
ww1.asnrrsamsa.com	unknown	2022-08-18	2022-08-26	2023-05-28	3.4 kB	28 kB	199.59.243.223
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-29	1.7 kB	3.5 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10	2023-05-29	3.1 kB	60 kB	142.250.74.132
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2023-05-29	983 B	2.1 kB	142.250.74.97
asnrrsamsa.com	unknown	2022-08-18	2022-08-19	2023-05-28	1.4 kB	1.3 kB	81.17.29.149

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-29 14:34:32	medium	81.17.29.149	Client IP	ET INFO TLS Handshake Failure
2023-05-29 14:34:32	medium	81.17.29.149	Client IP	ET INFO TLS Handshake Failure
2023-05-29 14:34:33	medium	81.17.29.149	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	ww1.asnrrsamsa.com/
2023-05-29	medium	ww1.asnrrsamsa.com/js/parking.2.105.3.js
2023-05-29	medium	ww1.asnrrsamsa.com/_fd
2023-05-29	medium	ww1.asnrrsamsa.com/_tr

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com
2023-05-29	medium	asnrrsamsa.com

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	ww1.asnrrsamsa.com/	363 B	2023-05-29	2023-05-29
Pretty URL ww1.asnrrsamsa.com/ IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-29 16:34:51 Last Seen2023-05-29 16:34:51 Times Seen1 Hash d635eb3c0ec4879424ae7192875a5458 e6d878a93979872e0dfc9db659210bb9d80c76bc 33d00d8b8e0d217ca41702689803c844e3a61591f8bd912984cc45150ebe9f80 Loading...

	ww1.asnrrsamsa.com/js/parking.2.105.3.js	69 kB	2023-05-16	2023-06-01
Pretty URL ww1.asnrrsamsa.com/js/parking.2.105.3.js IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-16 22:27:50 Last Seen2023-06-01 18:38:21 Times Seen7291 Hash db066e3eeddf5d1eb1dc837d7c0667ff 65a9543352ccdd2e698000ee08a31368df3c4237 e94c295c351e24b95c9e81fa538045590f2262f0991924e0b5b4745767706911 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-23	2023-05-30
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 21:57:29 Last Seen2023-05-30 16:08:44 Times Seen1625 Hash 2b9b875173663f674242c18e7b69a8ed 897b8c5a9dbc707beed032a04ff9cd8cb3ef6e53 04db145914e70b0fa266540c40ba91ffdb8598b047b16a9ef1045042bfea0c6c Loading...

	www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264	6.5 kB	2023-05-29	2023-05-29
Pretty URL www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-29 16:34:51 Last Seen2023-05-29 16:34:51 Times Seen1 Hash 07f29b2d8e2e03e78f74cc3e42b81d57 3fbbe8014b8e88fd0c1a7c0350b296dd07ac7f76 80641658b4c7dabc26f103b06cf8642dfb3cce37e40ed479c37a240bd70cf00f Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-24	2023-05-31
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 10:53:19 Last Seen2023-05-31 16:05:31 Times Seen18 Hash 654e600ad2a288c4fba1d8cb75f30c2f 5b388f64e11975f8ad502cbd90d48d7addd6a0bd e1097382197d1ec5fe238faf1419b77f1c5006501ccc67b4d203d6175bd50650 Loading...

HTTP Transactions (25)

URL IP Response Size

asnrrsamsa.com/imgs/krewa/nqxa.php?id=6yv1icgx&s5=3159&lip=192.168.2.10&win=Unk

81.17.29.149

539 B

URL
asnrrsamsa.com/imgs/krewa/nqxa.php?id=6yv1icgx&s5=3159&lip=192.168.2.10&win=Unk
IP
81.17.29.149:0
ASN
#51852 Private Layer INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (539), with no line terminators
Size
539 B (539 bytes)
Hash
08351467f7ef2288c86d8415a40fca3c
ea6a0a6c194bc26dd013a7f4fb6f6951f29c2f34
a74c862715393e1d0ca509c5238030d9452945093aaa0dfef215a2379f8c55cd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /imgs/krewa/nqxa.php?id=6yv1icgx&s5=3159&lip=192.168.2.10&win=Unk HTTP/1.1
Host: asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 539
content-type: text/html; charset=utf-8
date: Mon, 29 May 2023 14:34:32 GMT
server: nginx
set-cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; path=/; domain=.asnrrsamsa.com; expires=Sat, 16 Jun 2091 17:48:40 GMT; max-age=2147483647; HttpOnly

tracking-protection.cdn.mozilla.net/ads-track-digest256/1684337778

34.120.158.37

56 kB

URL
tracking-protection.cdn.mozilla.net/ads-track-digest256/1684337778
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
56 kB (56534 bytes)
Hash
e82f812913b6a06c608d7bb688e184b4
ea5db373525ee7dfa0abaf0befb2dae54e62b699
46fb1d72ca8047216ad4c5349f791a385049e1025042a3fbca56a7bf94ff2e89

HTTP Headers

GET /ads-track-digest256/1684337778 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: sa14zv07qyZD7okf+qHtCxQDZiYTOzMh5bS7MKgvIPD86Ci2UMkUCdMtdnyqHAfkA1R71JAOc2o=
x-amz-request-id: WZS7NA1CJTWD1P2V
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 56534
via: 1.1 google
date: Sun, 28 May 2023 15:37:02 GMT
age: 82651
last-modified: Wed, 17 May 2023 15:36:30 GMT
etag: "e82f812913b6a06c608d7bb688e184b4"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/analytics-track-digest256/1683905755

34.120.158.37

10 kB

URL
tracking-protection.cdn.mozilla.net/analytics-track-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
10 kB (10486 bytes)
Hash
feffee93ee53bd6b02687bb9d9a11425
f9fab28225d6eb2ed2e72ce675d5d5b624383658
3b09c3bc75d40a2dc370d7a9e88433d74de203f31056900b995b497950f2d672

HTTP Headers

GET /analytics-track-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: ruqwegyC5duv8YCK+XNUuEK0UBYQeXgeL8KntNJnupyHqzRHSLLoMLO7GqhuQ2lq4MNlmaJ27VE=
x-amz-request-id: SR1FGF6FFVBZ9AKE
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 10486
via: 1.1 google
date: Sun, 28 May 2023 15:36:42 GMT
age: 82671
last-modified: Fri, 12 May 2023 15:36:10 GMT
etag: "feffee93ee53bd6b02687bb9d9a11425"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/content-track-digest256/1683905755

34.120.158.37

15 kB

URL
tracking-protection.cdn.mozilla.net/content-track-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
15 kB (15350 bytes)
Hash
adff9f8518019ddb5b72e09fa471bd56
2a5cf28dcda107605da2bb4f6e56a07e514a927f
900f414ea63bb7f4e5a33041d77112c309aa8dfebd93681895c596d948ed12bf

HTTP Headers

GET /content-track-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: Bc9sRSmYp0n7iU+xr47k16fdaMY0sOpZ4bOT+FFPDTdYtwe7haw7pWcv7Jr+rTaPlc+0IJg2wo8=
x-amz-request-id: CHHMCME2ERZ29ZC0
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 15350
via: 1.1 google
date: Sun, 28 May 2023 15:36:48 GMT
age: 82665
last-modified: Fri, 12 May 2023 15:36:06 GMT
etag: "adff9f8518019ddb5b72e09fa471bd56"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1683905755

34.120.158.37

1.5 MB

URL
tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
1.5 MB (1476920 bytes)
Hash
501d3f65be5457b0986a2f0b880e88f2
0df631bbe10a12e255c8d323fed084f51ffb842d
e3acbced9ab46ff7a41311445b2bd1f6f70f8716d35131670528417d2c9a6627

HTTP Headers

GET /google-trackwhite-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: EZAOJEhSjy/jyC/fud1drVB3uPI3JJGZIHX0b/kklbDivtK9Wnx0vfVO1+kb/zNbL7brid9t06s=
x-amz-request-id: DR5QXT56DP0W3F0K
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 google
date: Sun, 28 May 2023 15:36:50 GMT
age: 82663
last-modified: Fri, 12 May 2023 15:36:17 GMT
etag: "501d3f65be5457b0986a2f0b880e88f2"
content-type: application/octet-stream
content-length: 1476920
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1684337778

34.120.158.37

346 kB

URL
tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1684337778
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
346 kB (345943 bytes)
Hash
dc048d310df250632824a0ef784c0503
349ed5134df1bb49ba48bab8498c932655795279
a217142987da561fafd04a5f77dcab5860687e0089002eec43cd8bd619b9870a

HTTP Headers

GET /mozstd-trackwhite-digest256/1684337778 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: w3IwSRa3mhgV6iNig7Ql945PNCwij11qrb+htOq7q27R47OpCcLE+xzelD/DyfTF+tkbB1sTCH8=
x-amz-request-id: WZS4EVVHSA51DXZZ
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 345943
via: 1.1 google
date: Sun, 28 May 2023 15:37:02 GMT
age: 82652
last-modified: Wed, 17 May 2023 15:36:35 GMT
etag: "dc048d310df250632824a0ef784c0503"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

asnrrsamsa.com/imgs/krewa/nqxa.php?ch=1&id=6yv1icgx&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4NTM3ODA3MywiaWF0IjoxNjg1MzcwODczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydGhxN285b2NvdnFlbzhjczQwMmlqOGsiLCJuYmYiOjE2ODUzNzA4NzMsInRzIjoxNjg1MzcwODczMjc1ODA0fQ.3bX6xoafaXPCgx9vU1oiR8Lr5-F26hE9fNlM_uA4qjQ&lip=192.168.2.10&s5=3159&sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562&win=Unk

81.17.29.149

302 Found

11 B

URL User Request GET HTTP/1.1
asnrrsamsa.com/imgs/krewa/nqxa.php?ch=1&id=6yv1icgx&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4NTM3ODA3MywiaWF0IjoxNjg1MzcwODczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydGhxN285b2NvdnFlbzhjczQwMmlqOGsiLCJuYmYiOjE2ODUzNzA4NzMsInRzIjoxNjg1MzcwODczMjc1ODA0fQ.3bX6xoafaXPCgx9vU1oiR8Lr5-F26hE9fNlM_uA4qjQ&lip=192.168.2.10&s5=3159&sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562&win=Unk
IP
81.17.29.149:80
ASN
#51852 Private Layer INC

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /imgs/krewa/nqxa.php?ch=1&id=6yv1icgx&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4NTM3ODA3MywiaWF0IjoxNjg1MzcwODczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydGhxN285b2NvdnFlbzhjczQwMmlqOGsiLCJuYmYiOjE2ODUzNzA4NzMsInRzIjoxNjg1MzcwODczMjc1ODA0fQ.3bX6xoafaXPCgx9vU1oiR8Lr5-F26hE9fNlM_uA4qjQ&lip=192.168.2.10&s5=3159&sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562&win=Unk HTTP/1.1
Host: asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asnrrsamsa.com/imgs/krewa/nqxa.php?id=6yv1icgx&s5=3159&lip=192.168.2.10&win=Unk
DNT: 1
Connection: keep-alive
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 29 May 2023 14:34:33 GMT
location: http://ww1.asnrrsamsa.com
server: nginx
set-cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; path=/; domain=.asnrrsamsa.com; expires=Sat, 16 Jun 2091 17:48:41 GMT; max-age=2147483647; HttpOnly

ww1.asnrrsamsa.com/

199.59.243.223

200 OK

697 B

URL User Request GET HTTP/1.1
ww1.asnrrsamsa.com/
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (911), with no line terminators
Size
697 B (697 bytes)
Hash
7d6e6106f349346920cdfd0676aa251e
a3e0e0f976ed4e06a2745b12cd700934e4fd00a5
d1286458a995e108805fa8b31648131d7f4665f3ff88a8b8cdb91f50d72d51a0

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://asnrrsamsa.com/
DNT: 1
Connection: keep-alive
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 29 May 2023 14:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=9f0d8544-9813-961f-8d34-0f5871985772; expires=Mon, 29-May-2023 14:49:37 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SvKePko868fMgZOuJYlsswRs9WgSTX2JhmuiTz3Qy0lzldc+IzlyE4RosA3+EquR9Mtl01XcEIKeg1hQ73Vn2g==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww1.asnrrsamsa.com/js/parking.2.105.3.js

199.59.243.223

200 OK

22 kB

URL GET HTTP/1.1
ww1.asnrrsamsa.com/js/parking.2.105.3.js
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.asnrrsamsa.com/

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22161 bytes)
Hash
db066e3eeddf5d1eb1dc837d7c0667ff
65a9543352ccdd2e698000ee08a31368df3c4237
e94c295c351e24b95c9e81fa538045590f2262f0991924e0b5b4745767706911

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /js/parking.2.105.3.js HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; parking_session=9f0d8544-9813-961f-8d34-0f5871985772
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 29 May 2023 14:34:37 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 16 May 2023 20:21:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww1.asnrrsamsa.com/_fd

199.59.243.223

200 OK

2.1 kB

URL POST HTTP/1.1
ww1.asnrrsamsa.com/_fd
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.asnrrsamsa.com/

File type
ASCII text, with very long lines (3993), with no line terminators
Size
2.1 kB (2056 bytes)
Hash
3c92501f073e93e4b61759dcdbdaf3e3
db982bc32c7e04beec731f6d21ad5b349a7c0cdc
1c5b617d7537e5dcf3d3868c7594ad1e3efc7bdf657af13368b9bdebc1429aa0

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

POST /_fd HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.asnrrsamsa.com/
Content-Type: application/json
Origin: http://ww1.asnrrsamsa.com
DNT: 1
Connection: keep-alive
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; parking_session=9f0d8544-9813-961f-8d34-0f5871985772
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 29 May 2023 14:34:37 GMT
X-Version: 2.105.3
Set-Cookie: parking_session=9f0d8544-9813-961f-8d34-0f5871985772; expires=Mon, 29-May-2023 14:49:37 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww1.asnrrsamsa.com/px.gif?ch=1&rn=2.4118109147482665

199.59.243.223

200 OK

42 B

URL GET HTTP/1.1
ww1.asnrrsamsa.com/px.gif?ch=1&rn=2.4118109147482665
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.asnrrsamsa.com/

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=1&rn=2.4118109147482665 HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; parking_session=9f0d8544-9813-961f-8d34-0f5871985772
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 29 May 2023 14:34:37 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ww1.asnrrsamsa.com/px.gif?ch=2&rn=2.4118109147482665

199.59.243.223

200 OK

42 B

URL GET HTTP/1.1
ww1.asnrrsamsa.com/px.gif?ch=2&rn=2.4118109147482665
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.asnrrsamsa.com/

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=2&rn=2.4118109147482665 HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; parking_session=9f0d8544-9813-961f-8d34-0f5871985772
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 29 May 2023 14:34:37 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
11ddcad6f0fc074c4f1b86c66ced6d86
cdd65841fec92aca297dfc5c17dee8c8b525fd1f
64cf10b6657bc2be18416ea274885a23d1dfaab08a13f87f113e19c9aeaf4fd8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 14:34:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww1.asnrrsamsa.com/favicon.ico

199.59.243.223

200 OK

0 B

URL GET HTTP/1.1
ww1.asnrrsamsa.com/favicon.ico
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.asnrrsamsa.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; parking_session=9f0d8544-9813-961f-8d34-0f5871985772
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 29 May 2023 14:34:37 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-121.ec2.internal
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
dfd5ad02f4f42dfda06a983cde156afc
22aa6b74534fcf3dea8b9baf4578d94e7d668e18
885fcb0b62d31ffaccbc95a3ff7a2478fe67a28f62917c980555911e11717d36

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 14:34:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264

142.250.74.132

200 OK

2.1 kB

URL GET HTTP/3
www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://ww1.asnrrsamsa.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5617)
Size
2.1 kB (2108 bytes)
Hash
0683bfe53a317d9daeb0af03f05a54a0
2abd2214873f8a00414737978ea7a6b598e47f8f
44d667422b391ea347e1da6d665a9711c53469e2066302bc24bf0ad56e3d6cdc

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Mon, 29 May 2023 14:34:38 GMT
expires: Mon, 29 May 2023 14:34:38 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-vBvv4n7J4ide0Lsdolot6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2108
x-xss-protection: 0
set-cookie: CONSENT=PENDING+898; expires=Wed, 28-May-2025 14:34:38 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e202444f49089fa6735f57e2f885afc1
b43c6fef9149614a86afb99c181201b13b33559e
69602a4c6fcac3fe2c73366b48d5998f803bd55e9ea83645e8dccdc2f1349fab

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 14:34:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL GET HTTP/3
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (2125)
Size
54 kB (53978 bytes)
Hash
1ba0da770857ac711bc9f213377912cf
87efed261419157e6df98e53d2ed796e471eee6e
9063b6074866d4dd07e60ecb41ae64c64a385ff8a4c357bddbda82e9940970e5

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 29 May 2023 14:34:38 GMT
expires: Mon, 29 May 2023 14:34:38 GMT
cache-control: private, max-age=3600
etag: "2386559985005810516"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e202444f49089fa6735f57e2f885afc1
b43c6fef9149614a86afb99c181201b13b33559e
69602a4c6fcac3fe2c73366b48d5998f803bd55e9ea83645e8dccdc2f1349fab

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 14:34:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE9:43:A2:2D:EB:A2:E1:09:B0:36:19:CF:E3:9C:F0:37:52:4F:DB:7A
ValidityMon, 08 May 2023 08:24:36 GMT - Mon, 31 Jul 2023 08:24:35 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 29 May 2023 08:39:40 GMT
expires: Tue, 30 May 2023 07:39:40 GMT
cache-control: public, max-age=82800
age: 21298
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e202444f49089fa6735f57e2f885afc1
b43c6fef9149614a86afb99c181201b13b33559e
69602a4c6fcac3fe2c73366b48d5998f803bd55e9ea83645e8dccdc2f1349fab

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 14:34:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww1.asnrrsamsa.com/_tr

199.59.243.223

200 OK

22 B

URL POST HTTP/1.1
ww1.asnrrsamsa.com/_tr
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.asnrrsamsa.com/

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww1.asnrrsamsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.asnrrsamsa.com/
Content-Type: application/json
Content-Length: 1617
Origin: http://ww1.asnrrsamsa.com
DNT: 1
Connection: keep-alive
Cookie: sid=edaa482c-fe2d-11ed-8eb4-662e7c6a0562; parking_session=9f0d8544-9813-961f-8d34-0f5871985772
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 29 May 2023 14:34:39 GMT
X-Version: 2.105.3
Set-Cookie: parking_session=9f0d8544-9813-961f-8d34-0f5871985772; expires=Mon, 29-May-2023 14:49:39 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=p64qhhayw35f&aqid=_rd0ZJOXE8vAywWdrL64DA&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=534159633&csala=11%7C0%7C301%7C60%7C286&lle=0&ifv=1&usr=1

142.250.74.132

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=p64qhhayw35f&aqid=_rd0ZJOXE8vAywWdrL64DA&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=534159633&csala=11%7C0%7C301%7C60%7C286&lle=0&ifv=1&usr=1
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://ww1.asnrrsamsa.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=p64qhhayw35f&aqid=_rd0ZJOXE8vAywWdrL64DA&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=534159633&csala=11%7C0%7C301%7C60%7C286&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-I-A7I6bRbPbUOHTSShl95g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 29 May 2023 14:34:40 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=GWR9Eg1Xcwj0FLTZuh0sHpKadDpsqPKeRjK6nt1sWKkd9LfRRJt1ntdaXF6yh70UcMd_vn3AllwhwN8SWQiFg9T91w-F_py-0FeAVj_Ms20BxqamvPis1lcmWafbqAz8r29y_0WlkRKexNQx2eWxqSWpgplmy6o5yFJVX-cxwmA; expires=Tue, 28-Nov-2023 14:34:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+538; expires=Wed, 28-May-2025 14:34:40 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=m4todo4c47l3&aqid=_rd0ZJOXE8vAywWdrL64DA&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=534159633&csala=11%7C0%7C301%7C60%7C286&lle=0&ifv=1&usr=1

142.250.74.132

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=m4todo4c47l3&aqid=_rd0ZJOXE8vAywWdrL64DA&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=534159633&csala=11%7C0%7C301%7C60%7C286&lle=0&ifv=1&usr=1
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://ww1.asnrrsamsa.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=m4todo4c47l3&aqid=_rd0ZJOXE8vAywWdrL64DA&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=534159633&csala=11%7C0%7C301%7C60%7C286&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.asnrrsamsa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-456kcuGNg5vzc_U8nkHueQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 29 May 2023 14:34:40 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=mGS-ygvbRz4UJr75IgmW29oKsbvbjLBJKrPg6UycM3aDj9D2UWoIdbqbqV0ob81bpWs14ISgpPnmjcK2pOJBfQ3FU2IxuFwEUmfGHuLWEiSaitacoowg5kirikS-VJiXebB4rkwUU7kmI6qS-0taszJsa6hK_t90I5MkAk-BJQo; expires=Tue, 28-Nov-2023 14:34:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+620; expires=Wed, 28-May-2025 14:34:40 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

200 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol314%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol458&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.asnrrsamsa.com%3Fcaf%26&terms=open%20threat%20exchange&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=8741685370877906&num=0&output=afd_ads&domain_name=ww1.asnrrsamsa.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1685370877908&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=534159633&uio=-&cont=rs&jsid=caf&jsv=534159633&rurl=http%3A%2F%2Fww1.asnrrsamsa.com%2F&referer=http%3A%2F%2Fasnrrsamsa.com%2F&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintE9:43:A2:2D:EB:A2:E1:09:B0:36:19:CF:E3:9C:F0:37:52:4F:DB:7A
ValidityMon, 08 May 2023 08:24:36 GMT - Mon, 31 Jul 2023 08:24:35 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
200 B (200 bytes)
Hash
e81eb30a6c5589e7f39436e40b400822
ca2513ede010b3db00099335b809ca693c2cd65c
055ae1fef3be182534069c718e2dc0ab07d7464bcc3ded19553da07d37333657

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 29 May 2023 06:02:41 GMT
expires: Tue, 30 May 2023 05:02:41 GMT
cache-control: public, max-age=82800
age: 30717
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (25)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN